Commit 1f188236 authored by Stan Hu's avatar Stan Hu

Downcase aliased OAuth2 callback providers

Users may specify an OAuth2 callback with a custom name, such as
AWSCognito, but Rails will reject this with the following message:

```
'import/AWSCognito' is not a supported controller name. This can
lead to potential routing problems. See
http://guides.rubyonrails.org/routing.html#specifying-a-controller-to-use
```

To avoid these errors, we can just downcase all the provider names.
Note that this will make it impossible to specify a duplicate name with
different cases.

Closes https://gitlab.com/gitlab-org/gitlab-ce/issues/57156
parent dd26a9ad
---
title: Downcase aliased OAuth2 callback providers
merge_request: 24877
author:
type: fixed
# Alias import callbacks under the /users/auth endpoint so that
# the OAuth2 callback URL can be restricted under http://example.com/users/auth
# instead of http://example.com.
Devise.omniauth_providers.each do |provider|
Devise.omniauth_providers.map(&:downcase).each do |provider|
next if provider == 'ldapmain'
get "/users/auth/-/import/#{provider}/callback", to: "import/#{provider}#callback", as: "users_import_#{provider}_callback"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment