Commit 0712cc22 authored by Luke Duncalfe's avatar Luke Duncalfe

Merge branch '257843-fix-jira-dvcs-github-scope' into 'master'

Use correct scope when authorizing with Jira GitHub DVCS connector

See merge request gitlab-org/gitlab!61496
https://gitlab.com/gitlab-org/gitlab/-/issues/257843
parents 6d021ce1 72733256
...@@ -16,7 +16,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController ...@@ -16,7 +16,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
redirect_to oauth_authorization_path(client_id: params['client_id'], redirect_to oauth_authorization_path(client_id: params['client_id'],
response_type: 'code', response_type: 'code',
scope: params['scope'], scope: normalize_scope(params['scope']),
redirect_uri: oauth_jira_callback_url) redirect_uri: oauth_jira_callback_url)
end end
...@@ -48,4 +48,12 @@ class Oauth::Jira::AuthorizationsController < ApplicationController ...@@ -48,4 +48,12 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
rescue Doorkeeper::Errors::DoorkeeperError => e rescue Doorkeeper::Errors::DoorkeeperError => e
render status: :unauthorized, body: e.type render status: :unauthorized, body: e.type
end end
private
# When using the GitHub Enterprise connector in Jira we receive the "repo" scope,
# this doesn't exist in GitLab but we can map it to our "api" scope.
def normalize_scope(scope)
scope == 'repo' ? 'api' : scope
end
end end
---
title: Use correct scope when authorizing with Jira GitHub DVCS connector
merge_request: 61496
author:
type: fixed
...@@ -72,7 +72,7 @@ for the groups you specify, into Jira. This import takes a few minutes and, afte ...@@ -72,7 +72,7 @@ for the groups you specify, into Jira. This import takes a few minutes and, afte
it completes, refreshes every 60 minutes: it completes, refreshes every 60 minutes:
1. Ensure you have completed the [GitLab configuration](#configure-a-gitlab-application-for-dvcs). 1. Ensure you have completed the [GitLab configuration](#configure-a-gitlab-application-for-dvcs).
1. Go to your DVCS account: 1. Go to your DVCS accounts:
- *For Jira Server,* go to **Settings (gear) > Applications > DVCS accounts**. - *For Jira Server,* go to **Settings (gear) > Applications > DVCS accounts**.
- *For Jira Cloud,* go to **Settings (gear) > Products > DVCS accounts**. - *For Jira Cloud,* go to **Settings (gear) > Products > DVCS accounts**.
1. To create a new integration, select the appropriate value for **Host**: 1. To create a new integration, select the appropriate value for **Host**:
...@@ -94,7 +94,10 @@ it completes, refreshes every 60 minutes: ...@@ -94,7 +94,10 @@ it completes, refreshes every 60 minutes:
1. For **Client ID**, use the **Application ID** value from the previous section. 1. For **Client ID**, use the **Application ID** value from the previous section.
1. For **Client Secret**, use the **Secret** value from the previous section. 1. For **Client Secret**, use the **Secret** value from the previous section.
1. Ensure that the rest of the checkboxes are checked. 1. Ensure that the rest of the checkboxes are checked.
1. Select **Add** to complete and create the integration. 1. Select **Add** and then **Continue** to create the DVCS account.
1. Jira redirects to GitLab where you have to confirm the authorization,
and then GitLab redirects back to Jira where you should see the synced
projects show up inside the new account.
To connect additional GitLab projects from other GitLab top-level groups, or To connect additional GitLab projects from other GitLab top-level groups, or
personal namespaces, repeat the previous steps with additional Jira DVCS accounts. personal namespaces, repeat the previous steps with additional Jira DVCS accounts.
......
...@@ -5,10 +5,20 @@ require 'spec_helper' ...@@ -5,10 +5,20 @@ require 'spec_helper'
RSpec.describe Oauth::Jira::AuthorizationsController do RSpec.describe Oauth::Jira::AuthorizationsController do
describe 'GET new' do describe 'GET new' do
it 'redirects to OAuth authorization with correct params' do it 'redirects to OAuth authorization with correct params' do
get :new, params: { client_id: 'client-123', redirect_uri: 'http://example.com/' } get :new, params: { client_id: 'client-123', scope: 'foo', redirect_uri: 'http://example.com/' }
expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123', expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
response_type: 'code', response_type: 'code',
scope: 'foo',
redirect_uri: oauth_jira_callback_url))
end
it 'replaces the GitHub "repo" scope with "api"' do
get :new, params: { client_id: 'client-123', scope: 'repo', redirect_uri: 'http://example.com/' }
expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
response_type: 'code',
scope: 'api',
redirect_uri: oauth_jira_callback_url)) redirect_uri: oauth_jira_callback_url))
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment