Redirect instead of returning 404 when verified (!112694) · Merge requests · GitLab.org / GitLab

Alex Buijs requested to merge reduce-risk-of-404-for-identity-verification into master Feb 22, 2023

What does this MR do and why?

This MR does 2 things to prevent 404's when showing the identity verification page:

In the RegistrationsController, set the verification_user_id in the session just before redirecting to the identity_verification_path, this reduces the chance of being redirected without the session being set.
Instead of rendering a 404 when the verification_user_id was not present in the session or when the user was already verified, now redirect to the root if the session was not set and redirect to the success_identity_verification_path when the user is verified.

Closes https://gitlab.com/gitlab-org/modelops/anti-abuse/team-tasks/-/issues/232+

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Feb 22, 2023 by Alex Buijs

Redirect instead of returning 404 when verified

What does this MR do and why?

MR acceptance checklist

Merge request reports