Merge branch 'fix-endless-redirect' into 'master'

Fix endless redirections when accessing user OAuth applications when they are disabled

## What does this MR do?

This MR fixes a bug where the browser would be redirect endlessly when attempting to access the user's OAuth applications when an admin has disabled this system-wide setting.

## Are there points in the code the reviewer needs to double check?

I assume disabling the nav button is better than showing a page that says, "OAuth applications are disabled by the admin."

## Why was this MR needed?

Lots of users were confused when they hit endless redirect errors.

## What are the relevant issue numbers?

#14770 

See merge request !4525

4 files changed, 37 insertions, 6 deletions

diff --git a/CHANGELOG b/CHANGELOG
index 6b12e31bbb4..0506854599f 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -3,6 +3,7 @@ Please view this file on the master branch, on stable branches it's out of date.
 v 8.9.0 (unreleased)
   - Bulk assign/unassign labels to issues.
   - Ability to prioritize labels !4009 / !3205 (Thijs Wouters)
+  - Fix endless redirections when accessing user OAuth applications when they are disabled
   - Allow enabling wiki page events from Webhook management UI
   - Bump rouge to 1.11.0
   - Make EmailsOnPushWorker use Sidekiq mailers queue
diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index c6bdd0602c1..0f54dfa4efc 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -32,7 +32,7 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
   def verify_user_oauth_applications_enabled
     return if current_application_settings.user_oauth_applications?
 
-    redirect_to applications_profile_url
+    redirect_to profile_path
   end
 
   def set_index_vars
diff --git a/app/views/layouts/nav/_profile.html.haml b/app/views/layouts/nav/_profile.html.haml
index 2efc6c48a48..09d9f0184be 100644
--- a/app/views/layouts/nav/_profile.html.haml
+++ b/app/views/layouts/nav/_profile.html.haml
@@ -10,11 +10,12 @@
       = icon('gear fw')
       %span
         Account
-  = nav_link(controller: 'oauth/applications') do
-    = link_to applications_profile_path, title: 'Applications' do
-      = icon('cloud fw')
-      %span
-        Applications
+  - if current_application_settings.user_oauth_applications?
+    = nav_link(controller: 'oauth/applications') do
+      = link_to applications_profile_path, title: 'Applications' do
+        = icon('cloud fw')
+        %span
+          Applications
   = nav_link(controller: :emails) do
     = link_to profile_emails_path, title: 'Emails' do
       = icon('envelope-o fw')
diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb
new file mode 100644
index 00000000000..af378304893
--- /dev/null
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -0,0 +1,29 @@
+require 'spec_helper'
+
+describe Oauth::ApplicationsController do
+  let(:user) { create(:user) }
+
+  context 'project members' do
+    before do
+      sign_in(user)
+    end
+
+    describe 'GET #index' do
+      it 'shows list of applications' do
+        get :index
+
+        expect(response.status).to eq(200)
+      end
+
+      it 'redirects back to profile page if OAuth applications are disabled' do
+        settings = double(user_oauth_applications?: false)
+        allow_any_instance_of(Gitlab::CurrentSettings).to receive(:current_application_settings).and_return(settings)
+
+        get :index
+
+        expect(response.status).to eq(302)
+        expect(response).to redirect_to(profile_path)
+      end
+    end
+  end
+end