Fix 500 error when unconfirmed user with 2FA logs in with OAuth2
When a user with two-factor auth enabled attempts to use an OAuth2
provider to sign-in, the user would see a 500 error without explanation
why. This occurred because the failure case in
OmniauthCallbacksController
was attempting to render the partial of the
new session, but the CAPTCHA helpers are only defined for SessionsController
, not for this one.
To fix this problem, redirect the page with the alert to the sign-in page and display a flash alert with a notice about an unconfirmed e-mail. The redirection also cleans up the URL so that the page doesn't look like it starts from an Omniauth callback.
Closes #232611 (closed)
Edited by Stan Hu