From a7e2f96b59035fd4628a047370c87400e16a4b63 Mon Sep 17 00:00:00 2001
From: Stan Hu <stanhu@gmail.com>
Date: Fri, 10 Aug 2018 12:15:06 -0700
Subject: Fix logins via OAuth2 geting logged out in an hour

Users without GitLab 2FA enabled would be logged out after an hour
due to a regression in https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/20700.

The OAuth2 controller sets the current_user after the controller is finished, so
we should only limit session times after this has been done.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/50210
---
 spec/controllers/application_controller_spec.rb | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'spec/controllers/application_controller_spec.rb')

diff --git a/spec/controllers/application_controller_spec.rb b/spec/controllers/application_controller_spec.rb
index 421ab006792..fbf116e533b 100644
--- a/spec/controllers/application_controller_spec.rb
+++ b/spec/controllers/application_controller_spec.rb
@@ -162,6 +162,10 @@ describe ApplicationController do
 
   describe 'session expiration' do
     controller(described_class) do
+      # The anonymous controller will report 401 and fail to run any actions.
+      # Normally, GitLab will just redirect you to sign in.
+      skip_before_action :authenticate_user!, only: :index
+
       def index
         render text: 'authenticated'
       end
-- 
cgit v1.2.1