Remove user OAuth tokens stored in database for Bitbucket, GitHub, and GitLab

and request them each session. Pass these tokens to the project import data.

This prevents the need to encrypt these tokens and clear them in case they
expire or get revoked.

For example, if you deleted and re-created OAuth2 keys for Bitbucket, you would get
an Error 500 with no way to recover:

```
Started GET "/import/bitbucket/status" for x.x.x.x at 2015-08-07 05:24:10 +0000
Processing by Import::BitbucketController#status as HTML
Completed 500 Internal Server Error in 607ms (ActiveRecord: 2.3ms)

NameError (uninitialized constant Import::BitbucketController::Unauthorized):
  app/controllers/import/bitbucket_controller.rb:77:in `rescue in go_to_bitbucket_for_permissions'
  app/controllers/import/bitbucket_controller.rb:74:in `go_to_bitbucket_for_permissions'
  app/controllers/import/bitbucket_controller.rb:86:in `bitbucket_unauthorized'
```

Closes #1871

6 files changed, 61 insertions, 29 deletions

diff --git a/spec/controllers/import/bitbucket_controller_spec.rb b/spec/controllers/import/bitbucket_controller_spec.rb
index 89e595121a7..81c03c9059b 100644
--- a/spec/controllers/import/bitbucket_controller_spec.rb
+++ b/spec/controllers/import/bitbucket_controller_spec.rb
@@ -4,7 +4,15 @@ require_relative 'import_spec_helper'
 describe Import::BitbucketController do
   include ImportSpecHelper
 
-  let(:user) { create(:user, bitbucket_access_token: 'asd123', bitbucket_access_token_secret: "sekret") }
+  let(:user) { create(:user) }
+  let(:token) { "asdasd12345" }
+  let(:secret) { "sekrettt" }
+  let(:access_params) { { bitbucket_access_token: token, bitbucket_access_token_secret: secret } }
+
+  def assign_session_tokens
+    session[:bitbucket_access_token] = token
+    session[:bitbucket_access_token_secret] = secret
+  end
 
   before do
     sign_in(user)
@@ -17,8 +25,6 @@ describe Import::BitbucketController do
     end
 
     it "updates access token" do
-      token = "asdasd12345"
-      secret = "sekrettt"
       access_token = double(token: token, secret: secret)
       allow_any_instance_of(Gitlab::BitbucketImport::Client).
         to receive(:get_token).and_return(access_token)
@@ -26,8 +32,8 @@ describe Import::BitbucketController do
 
       get :callback
 
-      expect(user.reload.bitbucket_access_token).to eq(token)
-      expect(user.reload.bitbucket_access_token_secret).to eq(secret)
+      expect(session[:bitbucket_access_token]).to eq(token)
+      expect(session[:bitbucket_access_token_secret]).to eq(secret)
       expect(controller).to redirect_to(status_import_bitbucket_url)
     end
   end
@@ -35,6 +41,7 @@ describe Import::BitbucketController do
   describe "GET status" do
     before do
       @repo = OpenStruct.new(slug: 'vim', owner: 'asd')
+      assign_session_tokens
     end
 
     it "assigns variables" do
@@ -73,17 +80,18 @@ describe Import::BitbucketController do
 
     before do
       allow(Gitlab::BitbucketImport::KeyAdder).
-        to receive(:new).with(bitbucket_repo, user).
+        to receive(:new).with(bitbucket_repo, user, access_params).
         and_return(double(execute: true))
 
       stub_client(user: bitbucket_user, project: bitbucket_repo)
+      assign_session_tokens
     end
 
     context "when the repository owner is the Bitbucket user" do
       context "when the Bitbucket user and GitLab user's usernames match" do
         it "takes the current user's namespace" do
           expect(Gitlab::BitbucketImport::ProjectCreator).
-            to receive(:new).with(bitbucket_repo, user.namespace, user).
+            to receive(:new).with(bitbucket_repo, user.namespace, user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
@@ -95,7 +103,7 @@ describe Import::BitbucketController do
 
         it "takes the current user's namespace" do
           expect(Gitlab::BitbucketImport::ProjectCreator).
-            to receive(:new).with(bitbucket_repo, user.namespace, user).
+            to receive(:new).with(bitbucket_repo, user.namespace, user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
@@ -116,7 +124,7 @@ describe Import::BitbucketController do
         context "when the namespace is owned by the GitLab user" do
           it "takes the existing namespace" do
             expect(Gitlab::BitbucketImport::ProjectCreator).
-              to receive(:new).with(bitbucket_repo, existing_namespace, user).
+              to receive(:new).with(bitbucket_repo, existing_namespace, user, access_params).
               and_return(double(execute: true))
 
             post :create, format: :js
@@ -150,7 +158,7 @@ describe Import::BitbucketController do
 
         it "takes the new namespace" do
           expect(Gitlab::BitbucketImport::ProjectCreator).
-            to receive(:new).with(bitbucket_repo, an_instance_of(Group), user).
+            to receive(:new).with(bitbucket_repo, an_instance_of(Group), user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb
index 0bc14059a35..766be578f7f 100644
--- a/spec/controllers/import/github_controller_spec.rb
+++ b/spec/controllers/import/github_controller_spec.rb
@@ -4,7 +4,13 @@ require_relative 'import_spec_helper'
 describe Import::GithubController do
   include ImportSpecHelper
 
-  let(:user) { create(:user, github_access_token: 'asd123') }
+  let(:user) { create(:user) }
+  let(:token) { "asdasd12345" }
+  let(:access_params) { { github_access_token: token } }
+
+  def assign_session_token
+    session[:github_access_token] = token
+  end
 
   before do
     sign_in(user)
@@ -20,7 +26,7 @@ describe Import::GithubController do
 
       get :callback
 
-      expect(user.reload.github_access_token).to eq(token)
+      expect(session[:github_access_token]).to eq(token)
       expect(controller).to redirect_to(status_import_github_url)
     end
   end
@@ -30,6 +36,7 @@ describe Import::GithubController do
       @repo = OpenStruct.new(login: 'vim', full_name: 'asd/vim')
       @org = OpenStruct.new(login: 'company')
       @org_repo = OpenStruct.new(login: 'company', full_name: 'company/repo')
+      assign_session_token
     end
 
     it "assigns variables" do
@@ -66,13 +73,14 @@ describe Import::GithubController do
 
     before do
       stub_client(user: github_user, repo: github_repo)
+      assign_session_token
     end
 
     context "when the repository owner is the GitHub user" do
       context "when the GitHub user and GitLab user's usernames match" do
         it "takes the current user's namespace" do
           expect(Gitlab::GithubImport::ProjectCreator).
-            to receive(:new).with(github_repo, user.namespace, user).
+            to receive(:new).with(github_repo, user.namespace, user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
@@ -84,7 +92,7 @@ describe Import::GithubController do
 
         it "takes the current user's namespace" do
           expect(Gitlab::GithubImport::ProjectCreator).
-            to receive(:new).with(github_repo, user.namespace, user).
+            to receive(:new).with(github_repo, user.namespace, user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
@@ -97,6 +105,7 @@ describe Import::GithubController do
 
       before do
         github_repo.owner = OpenStruct.new(login: other_username)
+        assign_session_token
       end
 
       context "when a namespace with the GitHub user's username already exists" do
@@ -105,7 +114,7 @@ describe Import::GithubController do
         context "when the namespace is owned by the GitLab user" do
           it "takes the existing namespace" do
             expect(Gitlab::GithubImport::ProjectCreator).
-              to receive(:new).with(github_repo, existing_namespace, user).
+              to receive(:new).with(github_repo, existing_namespace, user, access_params).
               and_return(double(execute: true))
 
             post :create, format: :js
@@ -139,7 +148,7 @@ describe Import::GithubController do
 
         it "takes the new namespace" do
           expect(Gitlab::GithubImport::ProjectCreator).
-            to receive(:new).with(github_repo, an_instance_of(Group), user).
+            to receive(:new).with(github_repo, an_instance_of(Group), user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
diff --git a/spec/controllers/import/gitlab_controller_spec.rb b/spec/controllers/import/gitlab_controller_spec.rb
index 4bc67c86703..198d006af76 100644
--- a/spec/controllers/import/gitlab_controller_spec.rb
+++ b/spec/controllers/import/gitlab_controller_spec.rb
@@ -4,7 +4,13 @@ require_relative 'import_spec_helper'
 describe Import::GitlabController do
   include ImportSpecHelper
 
-  let(:user) { create(:user, gitlab_access_token: 'asd123') }
+  let(:user) { create(:user) }
+  let(:token) { "asdasd12345" }
+  let(:access_params) { { gitlab_access_token: token } }
+
+  def assign_session_token
+    session[:gitlab_access_token] = token
+  end
 
   before do
     sign_in(user)
@@ -13,14 +19,13 @@ describe Import::GitlabController do
 
   describe "GET callback" do
     it "updates access token" do
-      token = "asdasd12345"
       allow_any_instance_of(Gitlab::GitlabImport::Client).
         to receive(:get_token).and_return(token)
       stub_omniauth_provider('gitlab')
 
       get :callback
 
-      expect(user.reload.gitlab_access_token).to eq(token)
+      expect(session[:gitlab_access_token]).to eq(token)
       expect(controller).to redirect_to(status_import_gitlab_url)
     end
   end
@@ -28,6 +33,7 @@ describe Import::GitlabController do
   describe "GET status" do
     before do
       @repo = OpenStruct.new(path: 'vim', path_with_namespace: 'asd/vim')
+      assign_session_token
     end
 
     it "assigns variables" do
@@ -67,13 +73,14 @@ describe Import::GitlabController do
 
     before do
       stub_client(user: gitlab_user, project: gitlab_repo)
+      assign_session_token
     end
 
     context "when the repository owner is the GitLab.com user" do
       context "when the GitLab.com user and GitLab server user's usernames match" do
         it "takes the current user's namespace" do
           expect(Gitlab::GitlabImport::ProjectCreator).
-            to receive(:new).with(gitlab_repo, user.namespace, user).
+            to receive(:new).with(gitlab_repo, user.namespace, user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
@@ -85,7 +92,7 @@ describe Import::GitlabController do
 
         it "takes the current user's namespace" do
           expect(Gitlab::GitlabImport::ProjectCreator).
-            to receive(:new).with(gitlab_repo, user.namespace, user).
+            to receive(:new).with(gitlab_repo, user.namespace, user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
@@ -98,6 +105,7 @@ describe Import::GitlabController do
 
       before do
         gitlab_repo["namespace"]["path"] = other_username
+        assign_session_token
       end
 
       context "when a namespace with the GitLab.com user's username already exists" do
@@ -106,7 +114,7 @@ describe Import::GitlabController do
         context "when the namespace is owned by the GitLab server user" do
           it "takes the existing namespace" do
             expect(Gitlab::GitlabImport::ProjectCreator).
-              to receive(:new).with(gitlab_repo, existing_namespace, user).
+              to receive(:new).with(gitlab_repo, existing_namespace, user, access_params).
               and_return(double(execute: true))
 
             post :create, format: :js
@@ -140,7 +148,7 @@ describe Import::GitlabController do
 
         it "takes the new namespace" do
           expect(Gitlab::GitlabImport::ProjectCreator).
-            to receive(:new).with(gitlab_repo, an_instance_of(Group), user).
+            to receive(:new).with(gitlab_repo, an_instance_of(Group), user, access_params).
             and_return(double(execute: true))
 
           post :create, format: :js
diff --git a/spec/lib/gitlab/bitbucket_import/project_creator_spec.rb b/spec/lib/gitlab/bitbucket_import/project_creator_spec.rb
index f8958c9bab8..0e826a319e0 100644
--- a/spec/lib/gitlab/bitbucket_import/project_creator_spec.rb
+++ b/spec/lib/gitlab/bitbucket_import/project_creator_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::BitbucketImport::ProjectCreator do
-  let(:user) { create(:user, bitbucket_access_token: "asdffg", bitbucket_access_token_secret: "sekret") }
+  let(:user) { create(:user) }
   let(:repo) do
     {
       name: 'Vim',
@@ -11,6 +11,9 @@ describe Gitlab::BitbucketImport::ProjectCreator do
     }.with_indifferent_access
   end
   let(:namespace){ create(:group, owner: user) }
+  let(:token) { "asdasd12345" }
+  let(:secret) { "sekrettt" }
+  let(:access_params) { { bitbucket_access_token: token, bitbucket_access_token_secret: secret } }
 
   before do
     namespace.add_owner(user)
@@ -19,7 +22,7 @@ describe Gitlab::BitbucketImport::ProjectCreator do
   it 'creates project' do
     allow_any_instance_of(Project).to receive(:add_import_job)
 
-    project_creator = Gitlab::BitbucketImport::ProjectCreator.new(repo, namespace, user)
+    project_creator = Gitlab::BitbucketImport::ProjectCreator.new(repo, namespace, user, access_params)
     project = project_creator.execute
 
     expect(project.import_url).to eq("ssh://git@bitbucket.org/asd/vim.git")
diff --git a/spec/lib/gitlab/github_import/project_creator_spec.rb b/spec/lib/gitlab/github_import/project_creator_spec.rb
index 4fe7bd3b77d..ca61d3c5234 100644
--- a/spec/lib/gitlab/github_import/project_creator_spec.rb
+++ b/spec/lib/gitlab/github_import/project_creator_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::GithubImport::ProjectCreator do
-  let(:user) { create(:user, github_access_token: "asdffg") }
+  let(:user) { create(:user) }
   let(:repo) do
     OpenStruct.new(
       login: 'vim',
@@ -13,6 +13,8 @@ describe Gitlab::GithubImport::ProjectCreator do
     )
   end
   let(:namespace){ create(:group, owner: user) }
+  let(:token) { "asdffg" }
+  let(:access_params) { { github_access_token: token } }
 
   before do
     namespace.add_owner(user)
@@ -21,7 +23,7 @@ describe Gitlab::GithubImport::ProjectCreator do
   it 'creates project' do
     allow_any_instance_of(Project).to receive(:add_import_job)
 
-    project_creator = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, user)
+    project_creator = Gitlab::GithubImport::ProjectCreator.new(repo, namespace, user, access_params)
     project = project_creator.execute
 
     expect(project.import_url).to eq("https://asdffg@gitlab.com/asd/vim.git")
diff --git a/spec/lib/gitlab/gitlab_import/project_creator_spec.rb b/spec/lib/gitlab/gitlab_import/project_creator_spec.rb
index 938d08396fd..2d8923d14bb 100644
--- a/spec/lib/gitlab/gitlab_import/project_creator_spec.rb
+++ b/spec/lib/gitlab/gitlab_import/project_creator_spec.rb
@@ -1,7 +1,7 @@
 require 'spec_helper'
 
 describe Gitlab::GitlabImport::ProjectCreator do
-  let(:user) { create(:user, gitlab_access_token: "asdffg") }
+  let(:user) { create(:user) }
   let(:repo) do
     {
       name: 'vim',
@@ -13,6 +13,8 @@ describe Gitlab::GitlabImport::ProjectCreator do
     }.with_indifferent_access
   end
   let(:namespace){ create(:group, owner: user) }
+  let(:token) { "asdffg" }
+  let(:access_params) { { gitlab_access_token: token } }
 
   before do
     namespace.add_owner(user)
@@ -21,7 +23,7 @@ describe Gitlab::GitlabImport::ProjectCreator do
   it 'creates project' do
     allow_any_instance_of(Project).to receive(:add_import_job)
 
-    project_creator = Gitlab::GitlabImport::ProjectCreator.new(repo, namespace, user)
+    project_creator = Gitlab::GitlabImport::ProjectCreator.new(repo, namespace, user, access_params)
     project = project_creator.execute
 
     expect(project.import_url).to eq("https://oauth2:asdffg@gitlab.com/asd/vim.git")