From 5ee120f46740efac7b8a460d7a92e4da82f4fb0b Mon Sep 17 00:00:00 2001
From: GitLab Bot <gitlab-bot@gitlab.com>
Date: Tue, 18 Feb 2020 03:08:54 +0000
Subject: Add latest changes from gitlab-org/gitlab@master

---
 app/controllers/oauth/applications_controller.rb |  4 ++++
 app/controllers/oauth/token_info_controller.rb   | 19 +++++++++++++++++++
 2 files changed, 23 insertions(+)
 create mode 100644 app/controllers/oauth/token_info_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/oauth/applications_controller.rb b/app/controllers/oauth/applications_controller.rb
index f0e6cebe0e4..2c3e60d12b7 100644
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -8,6 +8,10 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
   include Gitlab::Experimentation::ControllerConcern
   include InitializesCurrentUserMode
 
+  # Defined by the `Doorkeeper::ApplicationsController` and is redundant as we call `authenticate_user!` below. Not
+  # defining or skipping this will result in a `403` response to all requests.
+  skip_before_action :authenticate_admin!
+
   prepend_before_action :verify_user_oauth_applications_enabled, except: :index
   prepend_before_action :authenticate_user!
   before_action :add_gon_variables
diff --git a/app/controllers/oauth/token_info_controller.rb b/app/controllers/oauth/token_info_controller.rb
new file mode 100644
index 00000000000..492c24b53b1
--- /dev/null
+++ b/app/controllers/oauth/token_info_controller.rb
@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+class Oauth::TokenInfoController < Doorkeeper::TokenInfoController
+  def show
+    if doorkeeper_token && doorkeeper_token.accessible?
+      token_json = doorkeeper_token.as_json
+
+      # maintain backwards compatibility
+      render json: token_json.merge(
+        'scopes'             => token_json[:scope],
+        'expires_in_seconds' => token_json[:expires_in]
+      ), status: :ok
+    else
+      error = Doorkeeper::OAuth::ErrorResponse.new(name: :invalid_request)
+      response.headers.merge!(error.headers)
+      render json: error.body, status: error.status
+    end
+  end
+end
-- 
cgit v1.2.1