From 31eb5a64a237d07f45d60a8b17c188bd7c25d18d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Juan=20Ignacio=20S=C3=A1nchez=20Lara?=
 <juanignaciosl@gmail.com>
Date: Mon, 8 Aug 2016 19:04:16 +0200
Subject: [PATCH] Redirect to waiting page on ongoing http header
 authentication fixes #9362

---
 app/controllers/application_controller.rb          |  3 ++-
 .../carto/api/user_creations_controller.rb         |  1 +
 app/controllers/signup_controller.rb               | 14 ++++++++++----
 config/routes.rb                                   |  1 +
 4 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb
index fa91bf923f..f130a274a0 100644
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@@ -74,7 +74,8 @@ class ApplicationController < ActionController::Base
       authenticator = Carto::HttpHeaderAuthentication.new
       if authenticator.autocreation_enabled?
         if authenticator.creation_in_progress?(request)
-          render_http_code(409, 500, 'Creation already in progress')
+          # render_http_code(409, 500, 'Creation already in progress')
+          redirect_to CartoDB.path(self, 'signup_http_authentication_in_progress')
         else
           redirect_to CartoDB.path(self, 'signup_http_authentication')
         end
diff --git a/app/controllers/carto/api/user_creations_controller.rb b/app/controllers/carto/api/user_creations_controller.rb
index 33fc2b1416..593e86313c 100644
--- a/app/controllers/carto/api/user_creations_controller.rb
+++ b/app/controllers/carto/api/user_creations_controller.rb
@@ -6,6 +6,7 @@ module Carto
     class UserCreationsController < ::Api::ApplicationController
 
       skip_before_filter :api_authorization_required
+      skip_before_filter :http_header_authentication, only: [:show]
 
       ssl_required :show
 
diff --git a/app/controllers/signup_controller.rb b/app/controllers/signup_controller.rb
index aafae588f8..e33cf84947 100644
--- a/app/controllers/signup_controller.rb
+++ b/app/controllers/signup_controller.rb
@@ -7,12 +7,12 @@ class SignupController < ApplicationController
 
   layout 'frontend'
 
-  ssl_required :signup, :create, :create_http_authentication
+  ssl_required :signup, :create, :create_http_authentication, :create_http_authentication_in_progress
 
-  skip_before_filter :http_header_authentication, only: [:create_http_authentication]
+  skip_before_filter :http_header_authentication, only: [:create_http_authentication, :create_http_authentication_in_progress]
 
-  before_filter :load_organization, only: [:create_http_authentication]
-  before_filter :check_organization_quotas, only: [:create_http_authentication]
+  before_filter :load_organization, only: [:create_http_authentication, :create_http_authentication_in_progress]
+  before_filter :check_organization_quotas, only: [:create_http_authentication, :create_http_authentication_in_progress]
   before_filter :load_mandatory_organization, only: [:signup, :create]
   before_filter :disable_if_ldap_configured
   before_filter :initialize_google_plus_config
@@ -97,6 +97,12 @@ class SignupController < ApplicationController
     render_500
   end
 
+  def create_http_authentication_in_progress
+    authenticator = Carto::HttpHeaderAuthentication.new
+    render_500 unless authenticator.autocreation_enabled? && authenticator.creation_in_progress?(request)
+    render 'shared/signup_confirmation'
+  end
+
   private
 
   def trigger_account_creation(account_creator)
diff --git a/config/routes.rb b/config/routes.rb
index c8e630a8b3..681d3ea49a 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -16,6 +16,7 @@ CartoDB::Application.routes.draw do
   get   '/signup'           => 'signup#signup',     as: :signup
   post  '/signup'           => 'signup#create',  as: :signup_organization_user
   get   '(/user/:user_domain)(/u/:user_domain)/signup_http_authentication' => 'signup#create_http_authentication', as: :signup_http_authentication
+  get   '(/user/:user_domain)(/u/:user_domain)/signup_http_authentication_in_progress' => 'signup#create_http_authentication_in_progress', as: :signup_http_authentication_in_progress
 
   get   '(/user/:user_domain)(/u/:user_domain)/enable_account_token/:id' => 'account_tokens#enable',     as: :enable_account_token_show
   get   '(/user/:user_domain)(/u/:user_domain)/resend_validation_mail/:user_id' => 'account_tokens#resend',     as: :resend_validation_mail