Require explicit scopes on personal access tokens

Gitlab::Auth and API::APIGuard already check for at least one valid scope on personal access tokens, so if the scopes are empty the token will always fail validation.
author: Markus Koller <markus-koller@gmx.ch> 2017-02-06 18:39:35 +0300
committer: Alexis Reigel <mail@koffeinfrei.org> 2017-03-07 17:00:29 +0300
commit: 8699c8338f21404aa08c9a141768201ed02b2c93 (patch)
tree: 168b3277c3c23a49268ec11dc38ed284ee610825 /lib/gitlab/auth.rb
parent: eefbc837301acc49a33617063faafa97adee307e (diff)
1 files changed, 4 insertions, 1 deletions
diff --git a/lib/gitlab/auth.rb b/lib/gitlab/auth.rb
index 92fe770728b..53edc0a9e2c 100644
--- a/lib/gitlab/auth.rb
+++ b/lib/gitlab/auth.rb
@@ -5,10 +5,13 @@ module Gitlab
     # Scopes used for GitLab API access
     API_SCOPES = [:api, :read_user].freeze
 
-    # Scopes used by doorkeeper-openid_connect
+    # Scopes used for OpenID Connect
     OPENID_SCOPES = [:openid].freeze
 
+    # Default scopes for OAuth applications that don't define their own
     DEFAULT_SCOPES = [:api].freeze
+
+    # Other available scopes
     OPTIONAL_SCOPES = (API_SCOPES + OPENID_SCOPES - DEFAULT_SCOPES).freeze
 
     class << self
author	Markus Koller <markus-koller@gmx.ch>	2017-02-06 18:39:35 +0300
committer	Alexis Reigel <mail@koffeinfrei.org>	2017-03-07 17:00:29 +0300
commit	8699c8338f21404aa08c9a141768201ed02b2c93 (patch)
tree	168b3277c3c23a49268ec11dc38ed284ee610825 /lib/gitlab/auth.rb
parent	eefbc837301acc49a33617063faafa97adee307e (diff)