From d258ec8e3ba7eec75d4da645444d03975e8dd62c Mon Sep 17 00:00:00 2001 From: CSDUMMI <31551856+CSDUMMI@users.noreply.github.com> Date: Mon, 13 Mar 2023 00:06:27 +0100 Subject: Prefer the stored location as after_sign_in_path in Omniauth Callback Controller (#24073) --- app/controllers/auth/omniauth_callbacks_controller.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/controllers') diff --git a/app/controllers/auth/omniauth_callbacks_controller.rb b/app/controllers/auth/omniauth_callbacks_controller.rb index 3d7962de5..9e0fb942a 100644 --- a/app/controllers/auth/omniauth_callbacks_controller.rb +++ b/app/controllers/auth/omniauth_callbacks_controller.rb @@ -33,7 +33,7 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController def after_sign_in_path_for(resource) if resource.email_present? - root_path + stored_location_for(resource) || root_path else auth_setup_path(missing_email: '1') end -- cgit From 39c723664998e73778a528ed0d467faed2c160dc Mon Sep 17 00:00:00 2001 From: CSDUMMI <31551856+CSDUMMI@users.noreply.github.com> Date: Wed, 15 Mar 2023 03:52:40 +0100 Subject: Redirect users to SLO at the IdP after logging them out of Mastodon. (#24020) --- app/controllers/application_controller.rb | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'app/controllers') diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index ad70e28ab..cee2061b5 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -61,7 +61,11 @@ class ApplicationController < ActionController::Base end def after_sign_out_path_for(_resource_or_scope) - new_user_session_path + if ENV['OMNIAUTH_ONLY'] == 'true' && ENV['OIDC_ENABLED'] == 'true' + '/auth/auth/openid_connect/logout' + else + new_user_session_path + end end protected -- cgit From a232a1feb804e22507ca104ca0aaf21a7c70cb26 Mon Sep 17 00:00:00 2001 From: Claire Date: Wed, 15 Mar 2023 04:15:20 +0100 Subject: Fix misleading error code when receiving invalid WebAuthn credentials (#23568) --- .../two_factor_authentication/webauthn_credentials_controller.rb | 2 +- .../two_factor_authentication/webauthn_credentials_controller_spec.rb | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb index e43818c94..d1ee7dc19 100644 --- a/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb +++ b/app/controllers/settings/two_factor_authentication/webauthn_credentials_controller.rb @@ -52,7 +52,7 @@ module Settings end else flash[:error] = I18n.t('webauthn_credentials.create.error') - status = :internal_server_error + status = :unprocessable_entity end else flash[:error] = t('webauthn_credentials.create.error') diff --git a/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb b/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb index f060c3a4b..a95521c94 100644 --- a/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb +++ b/spec/controllers/settings/two_factor_authentication/webauthn_credentials_controller_spec.rb @@ -248,7 +248,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do post :create, params: { credential: new_webauthn_credential, nickname: 'USB Key' } - expect(response).to have_http_status(500) + expect(response).to have_http_status(422) expect(flash[:error]).to be_present end end @@ -268,7 +268,7 @@ describe Settings::TwoFactorAuthentication::WebauthnCredentialsController do post :create, params: { credential: new_webauthn_credential, nickname: nickname } - expect(response).to have_http_status(500) + expect(response).to have_http_status(422) expect(flash[:error]).to be_present end end -- cgit