Skip to content

LG-4359 Cannot redirect to nil! error during signup #4848

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
stevegsa merged 4 commits into from
Mar 30, 2021
Merged

LG-4359 Cannot redirect to nil! error during signup #4848

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
ded75ec
LG-4359 Cannot redirect to nil! error during signup
stevegsa Mar 27, 2021
7f76be1
Spec
stevegsa Mar 27, 2021
ff21b69
Add parens
stevegsa Mar 29, 2021
e21ecb4
Redirect to account page if no sp in session on user_authorization_co…
stevegsa Mar 30, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion app/controllers/sign_up/completions_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ def update
if decider.go_back_to_mobile_app?
sign_user_out_and_instruct_to_go_back_to_mobile_app
else
redirect_to sp_session_request_url_without_prompt_login
redirect_to(sp_session_request_url_without_prompt_login || account_url)
end
end

Expand Down
11 changes: 10 additions & 1 deletion app/controllers/users/authorization_confirmation_controller.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,17 +2,26 @@ module Users
class AuthorizationConfirmationController < ApplicationController
include AuthorizationCountConcern

before_action :ensure_sp_in_session_with_request_url, only: :show
before_action :bump_auth_count
before_action :confirm_two_factor_authenticated

def show
analytics.track_event(Analytics::AUTHENTICATION_CONFIRMATION)
@sp = ServiceProvider.find_by(issuer: sp_session[:issuer]) if sp_session
@sp = ServiceProvider.find_by(issuer: sp_session[:issuer])
end

def update
sign_out :user
redirect_to new_user_session_url(request_id: sp_session[:request_id])
end

private

def ensure_sp_in_session_with_request_url
return if sp_session&.dig(:request_url)

redirect_to account_url
end
end
end
11 changes: 11 additions & 0 deletions spec/controllers/sign_up/completions_controller_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -140,6 +140,17 @@
patch :update
end
end

it 'redirects to account page if the session request_url is removed' do
stub_sign_in
subject.session[:sp] = {
ial2: false,
issuer: 'foo',
}

patch :update
expect(response).to redirect_to account_path
end
end

context 'IAL2' do
Expand Down
7 changes: 7 additions & 0 deletions spec/features/saml/authorization_confirmation_spec.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -69,5 +69,12 @@ def create_user_and_remember_device

expect(current_path).to eq(new_user_session_path)
end

it 'redirects to the account page with no sp in session' do
sign_in_user(user1)
visit user_authorization_confirmation_path

expect(current_path).to eq(account_path)
end
end
end