Skip to content

Commit a5d801d

Browse files
authored
Merge pull request #11535 from neinteractiveliterature/fix/oauth-redirect-loop
Fix infinite redirect loop when signing in via third-party OAuth app
2 parents c31cbc9 + f101895 commit a5d801d

2 files changed

Lines changed: 3 additions & 12 deletions

File tree

app/controllers/sessions_controller.rb

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2,10 +2,10 @@
22
class SessionsController < Devise::SessionsController
33
include RedirectWithAuthentication
44

5-
prepend_before_action :set_return_to, only: %i[new create]
5+
prepend_before_action :set_return_to, only: [:new]
66

77
def new
8-
respond_to { |format| format.html { redirect_with_authentication('signIn') } }
8+
respond_to { |format| format.html { redirect_with_authentication("signIn") } }
99
end
1010

1111
private

config/initializers/doorkeeper.rb

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -13,16 +13,7 @@ def id
1313
orm :active_record
1414

1515
# This block will be called to check whether the resource owner is authenticated or not.
16-
resource_owner_authenticator do
17-
if user_signed_in?
18-
current_user
19-
else
20-
# Redirect to login page, preserving the OAuth parameters
21-
session[:user_return_to] = request.fullpath
22-
redirect_to new_user_session_url
23-
nil
24-
end
25-
end
16+
resource_owner_authenticator { user_signed_in? ? current_user : NullResourceOwner.new }
2617

2718
# If you didn't skip applications controller from Doorkeeper routes in your application routes.rb
2819
# file then you need to declare this block in order to restrict access to the web interface for

0 commit comments

Comments
 (0)