Commit 82aa5419 authored by Stan Hu's avatar Stan Hu
Browse files

Merge branch 'fix-infinite-redirect' into 'master'

Only redirect to homepage url when its not the root url

It was possible to create an infi redirect when the user set up the
`home_page_url` to redirect to the main URL of the gitlab instance.

This fix makes sure this redirect is not possible.

Fixes #1020 

/cc @dblessing 

See merge request !1703
parents e59852c4 2dec5ec9
......@@ -59,13 +59,8 @@ def authenticate_user_from_token!
end
def authenticate_user!(*args)
# If user is not signed-in and tries to access root_path - redirect him to landing page
# Don't redirect to the default URL to prevent endless redirections
if current_application_settings.home_page_url.present? &&
current_application_settings.home_page_url.chomp('/') != Gitlab.config.gitlab['url'].chomp('/')
if current_user.nil? && root_path == request.path
redirect_to current_application_settings.home_page_url and return
end
if redirect_to_home_page_url?
redirect_to current_application_settings.home_page_url and return
end
super(*args)
......@@ -346,4 +341,17 @@ def fogbugz_import_enabled?
def git_import_enabled?
current_application_settings.import_sources.include?('git')
end
def redirect_to_home_page_url?
# If user is not signed-in and tries to access root_path - redirect him to landing page
# Don't redirect to the default URL to prevent endless redirections
return false unless current_application_settings.home_page_url.present?
home_page_url = current_application_settings.home_page_url.chomp('/')
root_urls = [Gitlab.config.gitlab['url'].chomp('/'), root_url.chomp('/')]
return false if root_urls.include?(home_page_url)
current_user.nil? && root_path == request.path
end
end
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment