Fix OAuth application authorization screen to appear with every access
This commit is contained in:
parent
4c09fb329b
commit
7a0bb214f3
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Fix OAuth Application Authorization screen to appear with each access
|
||||
merge_request: 20216
|
||||
author:
|
||||
type: fixed
|
|
@ -106,3 +106,53 @@ Doorkeeper.configure do
|
|||
|
||||
base_controller '::Gitlab::BaseDoorkeeperController'
|
||||
end
|
||||
|
||||
# Monkey patch to avoid creating new applications if the scope of the
|
||||
# app created does not match the complete list of scopes of the configured app.
|
||||
# It also prevents the OAuth authorize application window to appear every time.
|
||||
|
||||
# Remove after we upgrade the doorkeeper gem from version 4.3.2
|
||||
if Doorkeeper.gem_version > Gem::Version.new('4.3.2')
|
||||
raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}"
|
||||
end
|
||||
|
||||
module Doorkeeper
|
||||
module AccessTokenMixin
|
||||
module ClassMethods
|
||||
def matching_token_for(application, resource_owner_or_id, scopes)
|
||||
resource_owner_id =
|
||||
if resource_owner_or_id.respond_to?(:to_key)
|
||||
resource_owner_or_id.id
|
||||
else
|
||||
resource_owner_or_id
|
||||
end
|
||||
|
||||
tokens = authorized_tokens_for(application.try(:id), resource_owner_id)
|
||||
tokens.detect do |token|
|
||||
scopes_match?(token.scopes, scopes, application.try(:scopes))
|
||||
end
|
||||
end
|
||||
|
||||
def scopes_match?(token_scopes, param_scopes, app_scopes)
|
||||
return true if token_scopes.empty? && param_scopes.empty?
|
||||
|
||||
(token_scopes.sort == param_scopes.sort) &&
|
||||
Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
|
||||
param_scopes.to_s,
|
||||
Doorkeeper.configuration.scopes,
|
||||
app_scopes)
|
||||
end
|
||||
|
||||
def authorized_tokens_for(application_id, resource_owner_id)
|
||||
ordered_by(:created_at, :desc)
|
||||
.where(application_id: application_id,
|
||||
resource_owner_id: resource_owner_id,
|
||||
revoked_at: nil)
|
||||
end
|
||||
|
||||
def last_authorized_token_for(application_id, resource_owner_id)
|
||||
authorized_tokens_for(application_id, resource_owner_id).first
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -2,19 +2,12 @@ require 'spec_helper'
|
|||
|
||||
describe Oauth::AuthorizationsController do
|
||||
let(:user) { create(:user) }
|
||||
|
||||
let(:doorkeeper) do
|
||||
Doorkeeper::Application.create(
|
||||
name: "MyApp",
|
||||
redirect_uri: 'http://example.com',
|
||||
scopes: "")
|
||||
end
|
||||
|
||||
let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') }
|
||||
let(:params) do
|
||||
{
|
||||
response_type: "code",
|
||||
client_id: doorkeeper.uid,
|
||||
redirect_uri: doorkeeper.redirect_uri,
|
||||
client_id: application.uid,
|
||||
redirect_uri: application.redirect_uri,
|
||||
state: 'state'
|
||||
}
|
||||
end
|
||||
|
@ -44,7 +37,7 @@ describe Oauth::AuthorizationsController do
|
|||
end
|
||||
|
||||
it 'deletes session.user_return_to and redirects when skip authorization' do
|
||||
doorkeeper.update(trusted: true)
|
||||
application.update(trusted: true)
|
||||
request.session['user_return_to'] = 'http://example.com'
|
||||
|
||||
get :new, params
|
||||
|
@ -52,6 +45,25 @@ describe Oauth::AuthorizationsController do
|
|||
expect(request.session['user_return_to']).to be_nil
|
||||
expect(response).to have_gitlab_http_status(302)
|
||||
end
|
||||
|
||||
context 'when there is already an access token for the application' do
|
||||
context 'when the request scope matches any of the created token scopes' do
|
||||
before do
|
||||
scopes = Doorkeeper::OAuth::Scopes.from_string('api')
|
||||
|
||||
allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)
|
||||
|
||||
create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes
|
||||
end
|
||||
|
||||
it 'authorizes the request and redirects' do
|
||||
get :new, params
|
||||
|
||||
expect(request.session['user_return_to']).to be_nil
|
||||
expect(response).to have_gitlab_http_status(302)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue