opf
diff --git a/‎.ruby-version‎
Lines changed: 1 addition & 1 deletion b/‎.ruby-version‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Gemfile‎
Lines changed: 1 addition & 1 deletion b/‎Gemfile‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎Gemfile.lock‎
Lines changed: 1 addition & 1 deletion b/‎Gemfile.lock‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/concerns/accounts/authentication_stages.rb‎
Lines changed: 1 addition & 1 deletion b/‎app/controllers/concerns/accounts/authentication_stages.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎app/controllers/concerns/auth_source_sso.rb‎
Lines changed: 18 additions & 14 deletions b/‎app/controllers/concerns/auth_source_sso.rb‎
Lines changed: 18 additions & 14 deletions
diff --git a/‎config/locales/crowdin/ar.yml‎
Lines changed: 1 addition & 0 deletions b/‎config/locales/crowdin/ar.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/locales/crowdin/bg.yml‎
Lines changed: 1 addition & 0 deletions b/‎config/locales/crowdin/bg.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/locales/crowdin/ca.yml‎
Lines changed: 65 additions & 66 deletions b/‎config/locales/crowdin/ca.yml‎
Lines changed: 65 additions & 66 deletions
diff --git a/‎config/locales/crowdin/cs.yml‎
Lines changed: 1 addition & 0 deletions b/‎config/locales/crowdin/cs.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎config/locales/crowdin/da.yml‎
Lines changed: 1 addition & 0 deletions b/‎config/locales/crowdin/da.yml‎
Lines changed: 1 addition & 0 deletions
@@ -1 +1 @@
-2.7.4
+2.7.5
@@ -28,7 +28,7 @@
 
 source 'https://rubygems.org'
 
-ruby '~> 2.7.4'
+ruby '~> 2.7.5'
 
 gem 'actionpack-xml_parser', '~> 2.0.0'
 gem 'activemodel-serializers-xml', '~> 1.0.1'
 
@@ -1138,7 +1138,7 @@ DEPENDENCIES
   with_advisory_lock (~> 4.6.0)
 
 RUBY VERSION
-   ruby 2.7.4p191
+   ruby 2.7.5p203
 
 BUNDLED WITH
    2.1.4
@@ -88,7 +88,7 @@ def init_authentication_stages(after_activation:)
 
     # Remember back_url from params since we're redirecting
     # but don't use the referer
-    session[:back_url] = params[:back_url]
+    session[:back_url] ||= params[:back_url]
 
     # Remember the autologin cookie decision
     session[:autologin_requested] = params[:autologin]
 
@@ -14,14 +14,27 @@ def find_current_user
     # Get the header-provided login value
     login = read_sso_login
 
+    if login.present?
+      perform_header_sso login, user
+    elsif header_optional?
+      user
+    else
+      handle_sso_failure!
+      nil
+    end
+  end
+
+  def perform_header_sso(login, user)
     # Log out the current user if the login does not match
     logged_user = match_sso_with_logged_user(login, user)
 
     # Return the logged in user if matches
     return logged_user if logged_user.present?
 
     Rails.logger.debug { "Starting header-based auth source SSO for #{header_name}='#{op_auth_header_value}'" }
-    perform_header_sso login
+
+    user = find_user_from_auth_source(login) || create_user_from_auth_source(login)
+    handle_sso_for! user, login
   end
 
   def match_sso_with_logged_user(login, user)
@@ -34,16 +47,6 @@ def match_sso_with_logged_user(login, user)
     nil
   end
 
-  def perform_header_sso(login)
-    if login
-      user = find_user_from_auth_source(login) || create_user_from_auth_source(login)
-
-      handle_sso_for! user, login
-    else
-      handle_sso_failure!
-    end
-  end
-
   def read_sso_login
     get_validated_login! op_auth_header_value
   end
@@ -162,7 +165,8 @@ def sso_login_failed?(user)
   def handle_sso_for!(user, login)
     if sso_login_failed?(user)
       handle_sso_failure!({ user: user, login: login })
-    else # valid user
+    else
+      # valid user
       # If a user is invited, ensure it gets activated
       activated = user.invited?
       activate_user_if_invited! user
@@ -173,6 +177,8 @@ def handle_sso_for!(user, login)
 
   def handle_sso_success(user, just_activated)
     session[:user_from_auth_header] = true
+    # remember the back_url so we can redirect to the original request
+    session[:back_url] = request.fullpath
     successful_authentication(user, reset_stages: true, just_registered: just_activated)
   end
 
@@ -191,8 +197,6 @@ def perform_post_logout(prev_session, previous_user)
   end
 
   def handle_sso_failure!(session_args = {})
-    return if header_optional?
-
     session[:auth_source_sso_failure] = session_args.merge(
       back_url: request.base_url + request.original_fullpath,
       ttl: 1
 
@@ -464,6 +464,7 @@ ar:
         url: "الرابط"
       role:
         assignable: "Work packages can be assigned to users and groups in possession of this role in the respective project"
+        permissions: "السماحيات"
       time_entry:
         activity: "النشاط"
         hours: "الساعات"
 
@@ -460,6 +460,7 @@ bg:
         url: "URL АДРЕС"
       role:
         assignable: "Work packages can be assigned to users and groups in possession of this role in the respective project"
+        permissions: "Права"
       time_entry:
         activity: "Активност"
         hours: "Часове"
 
@@ -462,6 +462,7 @@ cs:
         url: "URL"
       role:
         assignable: "Pracovní balíčky mohou být přiřazeny uživatelům a skupinám, které tuto roli vlastní v příslušném projektu"
+        permissions: "Práva"
       time_entry:
         activity: "Aktivita"
         hours: "Hodiny"
 
@@ -458,6 +458,7 @@ da:
         url: "Webadresse"
       role:
         assignable: "Work packages can be assigned to users and groups in possession of this role in the respective project"
+        permissions: "Tilladelser"
       time_entry:
         activity: "Aktivivtet"
         hours: "Timer"