summaryrefslogtreecommitdiff
path: root/config
diff options
context:
space:
mode:
authorFrancisco Javier López <fjlopez@gitlab.com>2018-06-29 08:15:42 +0000
committerSean McGivern <sean@mcgivern.me.uk>2018-06-29 08:15:42 +0000
commit7a0bb214f33bf25af7e5a53981f93b95ac6a4235 (patch)
treefe7ee43a6995285a1d4ce633d923fdfaaf5aac98 /config
parent4c09fb329b97879771dbf82b32300f59f098a7b0 (diff)
downloadgitlab-ce-7a0bb214f33bf25af7e5a53981f93b95ac6a4235.tar.gz
Fix OAuth application authorization screen to appear with every access
Diffstat (limited to 'config')
-rw-r--r--config/initializers/doorkeeper.rb50
1 files changed, 50 insertions, 0 deletions
diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb
index e3a342590d4..5b61e505911 100644
--- a/config/initializers/doorkeeper.rb
+++ b/config/initializers/doorkeeper.rb
@@ -106,3 +106,53 @@ Doorkeeper.configure do
base_controller '::Gitlab::BaseDoorkeeperController'
end
+
+# Monkey patch to avoid creating new applications if the scope of the
+# app created does not match the complete list of scopes of the configured app.
+# It also prevents the OAuth authorize application window to appear every time.
+
+# Remove after we upgrade the doorkeeper gem from version 4.3.2
+if Doorkeeper.gem_version > Gem::Version.new('4.3.2')
+ raise "Doorkeeper was upgraded, please remove the monkey patch in #{__FILE__}"
+end
+
+module Doorkeeper
+ module AccessTokenMixin
+ module ClassMethods
+ def matching_token_for(application, resource_owner_or_id, scopes)
+ resource_owner_id =
+ if resource_owner_or_id.respond_to?(:to_key)
+ resource_owner_or_id.id
+ else
+ resource_owner_or_id
+ end
+
+ tokens = authorized_tokens_for(application.try(:id), resource_owner_id)
+ tokens.detect do |token|
+ scopes_match?(token.scopes, scopes, application.try(:scopes))
+ end
+ end
+
+ def scopes_match?(token_scopes, param_scopes, app_scopes)
+ return true if token_scopes.empty? && param_scopes.empty?
+
+ (token_scopes.sort == param_scopes.sort) &&
+ Doorkeeper::OAuth::Helpers::ScopeChecker.valid?(
+ param_scopes.to_s,
+ Doorkeeper.configuration.scopes,
+ app_scopes)
+ end
+
+ def authorized_tokens_for(application_id, resource_owner_id)
+ ordered_by(:created_at, :desc)
+ .where(application_id: application_id,
+ resource_owner_id: resource_owner_id,
+ revoked_at: nil)
+ end
+
+ def last_authorized_token_for(application_id, resource_owner_id)
+ authorized_tokens_for(application_id, resource_owner_id).first
+ end
+ end
+ end
+end