gitlab-org--gitlab-foss/app/controllers/oauth/applications_controller.rb

# frozen_string_literal: true

class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
  include Gitlab::GonHelper
  include PageLayoutHelper
  include OauthApplications
  include Gitlab::Experimentation::ControllerConcern
  include InitializesCurrentUserMode

  # Defined by the `Doorkeeper::ApplicationsController` and is redundant as we call `authenticate_user!` below. Not
  # defining or skipping this will result in a `403` response to all requests.
  skip_before_action :authenticate_admin!

  prepend_before_action :verify_user_oauth_applications_enabled, except: :index
  prepend_before_action :authenticate_user!
  before_action :add_gon_variables
  before_action :load_scopes, only: [:index, :create, :edit, :update]

  around_action :set_locale

  layout 'profile'

  def index
    set_index_vars
  end

  def show
    @created = get_created_session
  end

  def create
    @application = Applications::CreateService.new(current_user, application_params).execute(request)

    if @application.persisted?
      flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])

      set_created_session

      redirect_to oauth_application_url(@application)
    else
      set_index_vars
      render :index
    end
  end

  private

  def verify_user_oauth_applications_enabled
    return if Gitlab::CurrentSettings.user_oauth_applications?

    redirect_to profile_path
  end

  def set_index_vars
    @applications = current_user.oauth_applications
    @authorized_tokens = current_user.oauth_authorized_tokens
    @authorized_anonymous_tokens = @authorized_tokens.reject(&:application)
    @authorized_apps = @authorized_tokens.map(&:application).uniq.reject(&:nil?)

    # Don't overwrite a value possibly set by `create`
    @application ||= Doorkeeper::Application.new
  end

  # Override Doorkeeper to scope to the current user
  def set_application
    @application = current_user.oauth_applications.find(params[:id])
  end

  rescue_from ActiveRecord::RecordNotFound do |exception|
    render "errors/not_found", layout: "errors", status: :not_found
  end

  def application_params
    super.tap do |params|
      params[:owner] = current_user
    end
  end

  def set_locale(&block)
    Gitlab::I18n.with_user_locale(current_user, &block)
  end
end
Enable more frozen string in app/controllers/ Enables frozen string for the following: * app/controllers/dashboard/*/.rb * app/controllers/explore/*/.rb * app/controllers/google_api/*/.rb * app/controllers/groups/*/.rb * app/controllers/import/*/.rb * app/controllers/instance_statistics/*/.rb * app/controllers/ldap/*/.rb * app/controllers/oauth/*/.rb * app/controllers/profiles/*/.rb Partially addresses #47424. 2018-09-23 15:44:14 -04:00			`# frozen_string_literal: true`

Doorkeeper integration 2014-12-19 09:15:29 -05:00			`class Oauth::ApplicationsController < Doorkeeper::ApplicationsController`
Include GonHelper separately and remove created_at in factory 2016-04-14 08:28:46 -04:00			`include Gitlab::GonHelper`
Move helpers back to original directory 2015-09-09 08:37:34 -04:00			`include PageLayoutHelper`
Allow creating personal access tokens / OAuth applications with scopes. 2016-11-22 03:57:31 -05:00			`include OauthApplications`
Add latest changes from gitlab-org/gitlab@master 2019-10-18 17:06:37 -04:00			`include Gitlab::Experimentation::ControllerConcern`
Add latest changes from gitlab-org/gitlab@master 2019-12-11 07:08:10 -05:00			`include InitializesCurrentUserMode`
Move helpers back to original directory 2015-09-09 08:37:34 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-02-17 22:08:54 -05:00			# Defined by the `Doorkeeper::ApplicationsController` and is redundant as we call `authenticate_user!` below. Not
			# defining or skipping this will result in a `403` response to all requests.
			`skip_before_action :authenticate_admin!`

Add latest changes from gitlab-org/gitlab@master 2020-02-10 16:09:11 -05:00			`prepend_before_action :verify_user_oauth_applications_enabled, except: :index`
			`prepend_before_action :authenticate_user!`
Add spec for deletion of authorized OAuth2 application Closes #14370 Move gon function into its own helper 2016-04-13 01:39:18 -04:00			`before_action :add_gon_variables`
Merge branch 'security-fix-uri-xss-applications' into 'master' [master] Resolve "Reflected XSS in OAuth Authorize window due to redirect_uri allowing arbitrary protocols" See merge request gitlab/gitlabhq!2572 2018-11-28 17:53:48 -05:00			`before_action :load_scopes, only: [:index, :create, :edit, :update]`
Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 04:39:11 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-07-02 14:09:00 -04:00			`around_action :set_locale`

Add helpers for header title and sidebar, and move setting those from controllers to layouts. 2015-05-01 04:39:11 -04:00			`layout 'profile'`
Doorkeeper integration 2014-12-19 09:15:29 -05:00
			`def index`
Let `oauth/applications#index` handle the `profiles#applications` route Previously we were doing all of kinds of code gymnastics and flash abuse in order to work with a Doorkeeper controller but have it _appear_ at the `/profile/applications` path. Fortunately we can just tell Rails to use a different controller to handle that route, and we get the best of both worlds. 2016-03-11 23:38:25 -05:00			`set_index_vars`
Applications tab on profile settings Closes #13855 2016-02-29 09:47:21 -05:00			`end`

Add latest changes from gitlab-org/gitlab@master 2021-11-04 11:10:58 -04:00			`def show`
			`@created = get_created_session`
			`end`

Doorkeeper integration 2014-12-19 09:15:29 -05:00			`def create`
Add latest changes from gitlab-org/gitlab@master 2021-09-17 11:11:44 -04:00			`@application = Applications::CreateService.new(current_user, application_params).execute(request)`
Improve code style Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-25 09:46:28 -05:00
add applications controller logic 2017-10-24 02:38:06 -04:00			`if @application.persisted?`
			`flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create])`
fix spinach failure 2017-10-24 07:42:20 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-11-04 11:10:58 -04:00			`set_created_session`

fix spinach failure 2017-10-24 07:42:20 -04:00			`redirect_to oauth_application_url(@application)`
Doorkeeper integration 2014-12-19 09:15:29 -05:00			`else`
Let `oauth/applications#index` handle the `profiles#applications` route Previously we were doing all of kinds of code gymnastics and flash abuse in order to work with a Doorkeeper controller but have it _appear_ at the `/profile/applications` path. Fortunately we can just tell Rails to use a different controller to handle that route, and we get the best of both worlds. 2016-03-11 23:38:25 -05:00			`set_index_vars`
			`render :index`
Doorkeeper integration 2014-12-19 09:15:29 -05:00			`end`
			`end`

Rework oauth2 feature * improve UI * add authorization * add separate page for oauth applications Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-25 11:35:04 -05:00			`private`

Add option to disallow users from registering any application to use GitLab as an OAuth provider 2015-05-29 07:29:16 -04:00			`def verify_user_oauth_applications_enabled`
use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 13:39:55 -05:00			`return if Gitlab::CurrentSettings.user_oauth_applications?`
Add option to disallow users from registering any application to use GitLab as an OAuth provider 2015-05-29 07:29:16 -04:00
Fix endless redirections when accessing user OAuth applications when they are disabled Also hides the "Applications" nav button if OAuth applications are disabled by the admin. Closes #14770 2016-06-08 02:15:45 -04:00			`redirect_to profile_path`
Add option to disallow users from registering any application to use GitLab as an OAuth provider 2015-05-29 07:29:16 -04:00			`end`

Let `oauth/applications#index` handle the `profiles#applications` route Previously we were doing all of kinds of code gymnastics and flash abuse in order to work with a Doorkeeper controller but have it _appear_ at the `/profile/applications` path. Fortunately we can just tell Rails to use a different controller to handle that route, and we get the best of both worlds. 2016-03-11 23:38:25 -05:00			`def set_index_vars`
			`@applications = current_user.oauth_applications`
			`@authorized_tokens = current_user.oauth_authorized_tokens`
			`@authorized_anonymous_tokens = @authorized_tokens.reject(&:application)`
			`@authorized_apps = @authorized_tokens.map(&:application).uniq.reject(&:nil?)`

Add latest changes from gitlab-org/gitlab@master 2022-05-10 20:08:02 -04:00			# Don't overwrite a value possibly set by `create`
			`@application \|\|= Doorkeeper::Application.new`
Let `oauth/applications#index` handle the `profiles#applications` route Previously we were doing all of kinds of code gymnastics and flash abuse in order to work with a Doorkeeper controller but have it _appear_ at the `/profile/applications` path. Fortunately we can just tell Rails to use a different controller to handle that route, and we get the best of both worlds. 2016-03-11 23:38:25 -05:00			`end`

			`# Override Doorkeeper to scope to the current user`
Rework oauth2 feature * improve UI * add authorization * add separate page for oauth applications Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-25 11:35:04 -05:00			`def set_application`
			`@application = current_user.oauth_applications.find(params[:id])`
			`end`

			`rescue_from ActiveRecord::RecordNotFound do \|exception\|`
Add latest changes from gitlab-org/gitlab@master 2019-11-17 07:06:19 -05:00			`render "errors/not_found", layout: "errors", status: :not_found`
Rework oauth2 feature * improve UI * add authorization * add separate page for oauth applications Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-25 11:35:04 -05:00			`end`
add applications controller logic 2017-10-24 02:38:06 -04:00
Add latest changes from gitlab-org/gitlab@master 2021-09-17 11:11:44 -04:00			`def application_params`
			`super.tap do \|params\|`
add applications controller logic 2017-10-24 02:38:06 -04:00			`params[:owner] = current_user`
			`end`
			`end`
Add latest changes from gitlab-org/gitlab@master 2020-07-02 14:09:00 -04:00
			`def set_locale(&block)`
			`Gitlab::I18n.with_user_locale(current_user, &block)`
			`end`
Improve code style Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-12-25 09:46:28 -05:00			`end`