Merge branch 'remove_custom_devise_failure_app' into 'master'

Remove GitLab custom failure app for Devise

See merge request !13136

config/initializers/devise.rb

@@ -192,7 +192,7 @@ Devise.setup do |config|
   #
   # The :"*/*" and "*/*" formats below is required to match Internet
   # Explorer requests.
-  # config.navigational_formats = [:"*/*", "*/*", :html]
+  config.navigational_formats = [:"*/*", "*/*", :html, :zip]
   # The default HTTP method used to sign out a resource. Default is :delete.
   config.sign_out_via = :delete
@@ -206,11 +206,11 @@ Devise.setup do |config|
   # If you want to use other strategies, that are not supported by Devise, or
   # change the failure app, you can configure them inside the config.warden block.
   #
-  config.warden do |manager|
-    manager.failure_app = Gitlab::DeviseFailure
-    # manager.intercept_401 = false
-    # manager.default_strategies(scope: :user).unshift :some_external_strategy
-  end
+  # config.warden do |manager|
+  #   manager.failure_app = Gitlab::DeviseFailure
+  #   manager.intercept_401 = false
+  #   manager.default_strategies(scope: :user).unshift :some_external_strategy
+  # end
   if Gitlab::LDAP::Config.enabled?
     Gitlab::LDAP::Config.providers.each do |provider|

lib/gitlab/devise_failure.rb

-module Gitlab
-  class DeviseFailure < Devise::FailureApp
-    protected
-
-    # Override `Devise::FailureApp#request_format` to handle a special case
-    #
-    # This tells Devise to handle an unauthenticated `.zip` request as an HTML
-    # request (i.e., redirect to sign in).
-    #
-    # Otherwise, Devise would respond with a 401 Unauthorized with
-    # `Content-Type: application/zip` and a response body in plaintext, and the
-    # browser would freak out.
-    #
-    # See https://gitlab.com/gitlab-org/gitlab-ce/issues/12944
-    def request_format
-      if request.format == :zip
-        Mime::Type.lookup_by_extension(:html).ref
-      else
-        super
-      end
-    end
-  end
-end