diff options
| author | Francisco Javier López <fjlopez@gitlab.com> | 2018-06-29 08:15:42 +0000 |
|---|---|---|
| committer | Sean McGivern <sean@mcgivern.me.uk> | 2018-06-29 08:15:42 +0000 |
| commit | 7a0bb214f33bf25af7e5a53981f93b95ac6a4235 (patch) | |
| tree | fe7ee43a6995285a1d4ce633d923fdfaaf5aac98 /config | |
| parent | 4c09fb329b97879771dbf82b32300f59f098a7b0 (diff) | |
| download | gitlab-ce-7a0bb214f33bf25af7e5a53981f93b95ac6a4235.tar.gz | |
Fix OAuth application authorization screen to appear with every access
Diffstat (limited to 'config')
| -rw-r--r-- | config/initializers/doorkeeper.rb | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index e3a342590d4..5b61e505911 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -106,3 +106,53 @@ Doorkeeper.configure do base_controller '::Gitlab::BaseDoorkeeperController' end + +# Monkey patch to avoid creating new applications if the scope of the +# app created does not match the complete list of scopes of the configured app. +# It also prevents the OAuth authorize application window to appear every time. + +# Remove after we upgrade the doorkeeper gem from version 4.3.2 +if Doorkeeper.gem_version > Gem::Version.new('4.3.2') + raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}" +end + +module Doorkeeper + module AccessTokenMixin + module ClassMethods + def matching_token_for(application, resource_owner_or_id, scopes) + resource_owner_id = + if resource_owner_or_id.respond_to?(:to_key) + resource_owner_or_id.id + else + resource_owner_or_id + end + + tokens = authorized_tokens_for(application.try(:id), resource_owner_id) + tokens.detect do |token| + scopes_match?(token.scopes, scopes, application.try(:scopes)) + end + end + + def scopes_match?(token_scopes, param_scopes, app_scopes) + return true if token_scopes.empty? && param_scopes.empty? + + (token_scopes.sort == param_scopes.sort) && + Doorkeeper::OAuth::Helpers::ScopeChecker.valid?( + param_scopes.to_s, + Doorkeeper.configuration.scopes, + app_scopes) + end + + def authorized_tokens_for(application_id, resource_owner_id) + ordered_by(:created_at, :desc) + .where(application_id: application_id, + resource_owner_id: resource_owner_id, + revoked_at: nil) + end + + def last_authorized_token_for(application_id, resource_owner_id) + authorized_tokens_for(application_id, resource_owner_id).first + end + end + end +end |