Merge branch 'fj-46278-enable-doorkeeper-reuse-access-token' into 'master'

Enabling Doorkeeper reuse_access_token option

Closes #46278

See merge request gitlab-org/gitlab-ce!20200

3 files changed, 62 insertions, 1 deletions

diff --git a/changelogs/unreleased/fj-46278-enable-doorkeeper-reuse-access-token.yml b/changelogs/unreleased/fj-46278-enable-doorkeeper-reuse-access-token.yml
new file mode 100644
index 00000000000..0994f4de248
--- /dev/null
+++ b/changelogs/unreleased/fj-46278-enable-doorkeeper-reuse-access-token.yml
@@ -0,0 +1,6 @@
+---
+title: Enable Doorkeeper option to avoid generating new tokens when users login via
+  oauth
+merge_request: 20200
+author:
+type: fixed
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index 5b61e505911..f321b4ea763 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -37,7 +37,7 @@ Doorkeeper.configure do
 
   # Reuse access token for the same resource owner within an application (disabled by default)
   # Rationale: https://github.com/doorkeeper-gem/doorkeeper/issues/383
-  # reuse_access_token
+  reuse_access_token
 
   # Issue access tokens with refresh token (disabled by default)
   use_refresh_token
diff --git a/spec/requests/oauth_tokens_spec.rb b/spec/requests/oauth_tokens_spec.rb
new file mode 100644
index 00000000000..000c3a2b868
--- /dev/null
+++ b/spec/requests/oauth_tokens_spec.rb
@@ -0,0 +1,55 @@
+require 'spec_helper'
+
+describe 'OAuth Tokens requests' do
+  let(:user) { create :user }
+  let(:application) { create :oauth_application, scopes: 'api' }
+
+  def request_access_token(user)
+    post '/oauth/token',
+      grant_type: 'authorization_code',
+      code: generate_access_grant(user).token,
+      redirect_uri: application.redirect_uri,
+      client_id: application.uid,
+      client_secret: application.secret
+  end
+
+  def generate_access_grant(user)
+    create :oauth_access_grant, application: application, resource_owner_id: user.id
+  end
+
+  context 'when there is already a token for the application' do
+    let!(:existing_token) { create :oauth_access_token, application: application, resource_owner_id: user.id }
+
+    context 'and the request is done by the resource owner' do
+      it 'reuses and returns the stored token' do
+        expect do
+          request_access_token(user)
+        end.not_to change { Doorkeeper::AccessToken.count }
+
+        expect(json_response['access_token']).to eq existing_token.token
+      end
+    end
+
+    context 'and the request is done by a different user' do
+      let(:other_user) { create :user }
+
+      it 'generates and returns a different token for a different owner' do
+        expect do
+          request_access_token(other_user)
+        end.to change { Doorkeeper::AccessToken.count }.by(1)
+
+        expect(json_response['access_token']).not_to be_nil
+      end
+    end
+  end
+
+  context 'when there is no token stored for the application' do
+    it 'generates and returns a new token' do
+      expect do
+        request_access_token(user)
+      end.to change { Doorkeeper::AccessToken.count }.by(1)
+
+      expect(json_response['access_token']).not_to be_nil
+    end
+  end
+end