projects
/
arvados.git
/ blobdiff
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
13111: Merge branch 'master' into 12308-go-fuse
[arvados.git]
/
services
/
api
/
app
/
controllers
/
user_sessions_controller.rb
diff --git
a/services/api/app/controllers/user_sessions_controller.rb
b/services/api/app/controllers/user_sessions_controller.rb
index c5507045c42e222ba3bd09ae08b41d45bccd52b8..5de85bc98bcbcb1a0051c3ecee355e82292b5a27 100644
(file)
--- a/
services/api/app/controllers/user_sessions_controller.rb
+++ b/
services/api/app/controllers/user_sessions_controller.rb
@@
-1,3
+1,7
@@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
class UserSessionsController < ApplicationController
before_filter :require_auth_scope, :only => [ :destroy ]
class UserSessionsController < ApplicationController
before_filter :require_auth_scope, :only => [ :destroy ]
@@
-20,7
+24,11
@@
class UserSessionsController < ApplicationController
return redirect_to login_failure_url
end
return redirect_to login_failure_url
end
- user = User.find_by_identity_url(omniauth['info']['identity_url'])
+ # Only local users can create sessions, hence uuid_like_pattern
+ # here.
+ user = User.where('identity_url = ? and uuid like ?',
+ omniauth['info']['identity_url'],
+ User.uuid_like_pattern).first
if not user
# Check for permission to log in to an existing User record with
# a different identity_url
if not user
# Check for permission to log in to an existing User record with
# a different identity_url