diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2023-05-17 19:05:49 +0300 |
commit | 43a25d93ebdabea52f99b05e15b06250cd8f07d7 (patch) | |
tree | dceebdc68925362117480a5d672bcff122fb625b /app/controllers/oauth | |
parent | 20c84b99005abd1c82101dfeff264ac50d2df211 (diff) |
Add latest changes from gitlab-org/gitlab@16-0-stable-eev16.0.0-rc42
Diffstat (limited to 'app/controllers/oauth')
4 files changed, 40 insertions, 20 deletions
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb index 3b78b997da1..2d5421f9f74 100644 --- a/app/controllers/oauth/applications_controller.rb +++ b/app/controllers/oauth/applications_controller.rb @@ -23,9 +23,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController set_index_vars end - def show - @created = get_created_session if Feature.disabled?('hash_oauth_secrets') - end + def show; end def create @application = Applications::CreateService.new(current_user, application_params).execute(request) @@ -33,20 +31,26 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController if @application.persisted? flash[:notice] = I18n.t(:notice, scope: [:doorkeeper, :flash, :applications, :create]) - if Feature.enabled?('hash_oauth_secrets') - @created = true - render :show - else - set_created_session - - redirect_to oauth_application_url(@application) - end + @created = true + render :show else set_index_vars render :index end end + def renew + set_application + + @application.renew_secret + + if @application.save + render json: { secret: @application.plaintext_secret } + else + render json: { errors: @application.errors }, status: :unprocessable_entity + end + end + private def verify_user_oauth_applications_enabled diff --git a/app/controllers/oauth/authorizations_controller.rb b/app/controllers/oauth/authorizations_controller.rb index 43bf895ea76..96a3fab7e1a 100644 --- a/app/controllers/oauth/authorizations_controller.rb +++ b/app/controllers/oauth/authorizations_controller.rb @@ -108,8 +108,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController end def dangerous_scopes? - doorkeeper_application&.includes_scope?(*::Gitlab::Auth::API_SCOPE, *::Gitlab::Auth::READ_API_SCOPE, - *::Gitlab::Auth::ADMIN_SCOPES, *::Gitlab::Auth::REPOSITORY_SCOPES, - *::Gitlab::Auth::REGISTRY_SCOPES) && !doorkeeper_application&.trusted? + doorkeeper_application&.includes_scope?( + *::Gitlab::Auth::API_SCOPE, *::Gitlab::Auth::READ_API_SCOPE, + *::Gitlab::Auth::ADMIN_SCOPES, *::Gitlab::Auth::REPOSITORY_SCOPES, + *::Gitlab::Auth::REGISTRY_SCOPES + ) && !doorkeeper_application&.trusted? end end diff --git a/app/controllers/oauth/authorized_applications_controller.rb b/app/controllers/oauth/authorized_applications_controller.rb index 3f476c0d717..6fc2eb6bc45 100644 --- a/app/controllers/oauth/authorized_applications_controller.rb +++ b/app/controllers/oauth/authorized_applications_controller.rb @@ -20,7 +20,7 @@ class Oauth::AuthorizedApplicationsController < Doorkeeper::AuthorizedApplicatio end redirect_to applications_profile_url, - status: :found, - notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy]) + status: :found, + notice: I18n.t(:notice, scope: [:doorkeeper, :flash, :authorized_applications, :destroy]) end end diff --git a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb index 03921761f45..ba587944a36 100644 --- a/app/controllers/oauth/jira_dvcs/authorizations_controller.rb +++ b/app/controllers/oauth/jira_dvcs/authorizations_controller.rb @@ -8,6 +8,7 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController skip_before_action :authenticate_user! skip_before_action :verify_authenticity_token + before_action :reversible_end_of_life! before_action :validate_redirect_uri, only: :new feature_category :integrations @@ -16,10 +17,12 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController def new session[:redirect_uri] = params['redirect_uri'] - redirect_to oauth_authorization_path(client_id: params['client_id'], - response_type: 'code', - scope: normalize_scope(params['scope']), - redirect_uri: oauth_jira_dvcs_callback_url) + redirect_to oauth_authorization_path( + client_id: params['client_id'], + response_type: 'code', + scope: normalize_scope(params['scope']), + redirect_uri: oauth_jira_dvcs_callback_url + ) end # 2. Handle the callback call as we were a Github Enterprise instance client. @@ -53,6 +56,17 @@ class Oauth::JiraDvcs::AuthorizationsController < ApplicationController private + # The endpoints in this controller have been deprecated since 15.1. + # + # Due to uncertainty about the impact of a full removal in 16.0, all endpoints return `404` + # by default but we allow customers to toggle a flag to reverse this breaking change. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/362168#note_1347692683. + # + # TODO Make the breaking change irreversible https://gitlab.com/gitlab-org/gitlab/-/issues/408148. + def reversible_end_of_life! + render_404 unless Feature.enabled?(:jira_dvcs_end_of_life_amnesty) + end + # When using the GitHub Enterprise connector in Jira we receive the "repo" scope, # this doesn't exist in GitLab but we can map it to our "api" scope. def normalize_scope(scope) |