...@@ -19,7 +19,7 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -19,7 +19,7 @@ class Projects::IssuesController < Projects::ApplicationController
prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) } prepend_before_action(only: [:index]) { authenticate_sessionless_user!(:rss) }
prepend_before_action(only: [:calendar]) { authenticate_sessionless_user!(:ics) } prepend_before_action(only: [:calendar]) { authenticate_sessionless_user!(:ics) }
prepend_before_action :authenticate_new_issue!, only: [:new] prepend_before_action :authenticate_user!, only: [:new]
prepend_before_action :store_uri, only: [:new, :show] prepend_before_action :store_uri, only: [:new, :show]
before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update] before_action :whitelist_query_limiting, only: [:create, :create_merge_request, :move, :bulk_update]
...@@ -229,14 +229,6 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -229,14 +229,6 @@ class Projects::IssuesController < Projects::ApplicationController
] + [{ label_ids: [], assignee_ids: [] }] ] + [{ label_ids: [], assignee_ids: [] }]
end end
def authenticate_new_issue!
return if current_user
notice = "Please sign in to create the new issue."
redirect_to new_user_session_path, notice: notice
end
def store_uri def store_uri
if request.get? && !request.xhr? if request.get? && !request.xhr?
store_location_for :user, request.fullpath store_location_for :user, request.fullpath
... ...
......
---
title: Use common error for unauthenticated users when creating issues
merge_request:
author:
type: security
...@@ -121,7 +121,7 @@ describe Projects::IssuesController do ...@@ -121,7 +121,7 @@ describe Projects::IssuesController do
it 'redirects to signin if not logged in' do it 'redirects to signin if not logged in' do
get :new, namespace_id: project.namespace, project_id: project get :new, namespace_id: project.namespace, project_id: project
expect(flash[:notice]).to eq 'Please sign in to create the new issue.' expect(flash[:alert]).to eq 'You need to sign in or sign up before continuing.'
expect(response).to redirect_to(new_user_session_path) expect(response).to redirect_to(new_user_session_path)
end end
... ...
......