Fix 500 error when unconfirmed user with 2FA logs in with OAuth2 (!38104) · Merge requests · GitLab.org / GitLab

Stan Hu requested to merge sh-fix-500-error-unconfirmed-user into master Jul 28, 2020

When a user with two-factor auth enabled attempts to use an OAuth2 provider to sign-in, the user would see a 500 error without explanation why. This occurred because the failure case in OmniauthCallbacksController was attempting to render the partial of the new session, but the CAPTCHA helpers are only defined for SessionsController, not for this one.

To fix this problem, redirect the page with the alert to the sign-in page and display a flash alert with a notice about an unconfirmed e-mail. The redirection also cleans up the URL so that the page doesn't look like it starts from an Omniauth callback.

Closes #232611 (closed)

Edited Jul 28, 2020 by Stan Hu

Fix 500 error when unconfirmed user with 2FA logs in with OAuth2

Merge request reports