fix(auth): make authentication scope for Pages configurable

This MR makes required authentication permission scope for Pages configurable. By default, Pages will use `api` scope to authenticate with Pages Application registered on GitLab. With this MR, the scope is configurable and can be set to `read_api` by providing the `auth-scope` variable in the arguments or in the `gitlab-pages.conf` /label ~security Changelog: added
author: Ercan Ucan <ercan.ucan@siemens.com> 2021-02-15 03:28:29 +0300
committer: Jaime Martinez <jmartinez@gitlab.com> 2021-02-15 03:28:29 +0300
commit: b41995a13969b2926ad265bcc769f473e48166cb (patch)
tree: 2d70d9c1c201a6e9a4bf73cbe06b9b9d792cd825 /app.go
parent: 2eefcef73409cf7510d7ecacce76b299a8340a4c (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/app.go b/app.go
index 096a1c28..0a6f0cd4 100644
--- a/app.go
+++ b/app.go
@@ -537,7 +537,7 @@ func (a *theApp) setAuth(config appConfig) {
 
 	var err error
 	a.Auth, err = auth.New(config.Domain, config.StoreSecret, config.ClientID, config.ClientSecret,
-		config.RedirectURI, config.GitLabServer)
+		config.RedirectURI, config.GitLabServer, config.AuthScope)
 	if err != nil {
 		log.WithError(err).Fatal("could not initialize auth package")
 	}
author	Ercan Ucan <ercan.ucan@siemens.com>	2021-02-15 03:28:29 +0300
committer	Jaime Martinez <jmartinez@gitlab.com>	2021-02-15 03:28:29 +0300
commit	b41995a13969b2926ad265bcc769f473e48166cb (patch)
tree	2d70d9c1c201a6e9a4bf73cbe06b9b9d792cd825 /app.go
parent	2eefcef73409cf7510d7ecacce76b299a8340a4c (diff)