Make the Geo OAuth application trusted by default

When a Geo secondary node is set up, we create a System OAuth application, which is currently untrusted by default. This means every user that tries to login on a new secondary will first receive this authorization popup. Considering that Geo is actually "provided by GitLab", the popup seems unnecessary, and we could set the application as trusted by default.

Make the Geo OAuth application trusted by default
When a Geo secondary node is set up, we create a System OAuth application, which is currently untrusted by default. This means every user that tries to login on a new secondary will first receive this authorization popup. Considering that Geo is actually "provided by GitLab", the popup seems unnecessary, and we could set the application as trusted by default.
3a44f9d2 · Douglas Barbosa Alexandre · 2f45572c · 3a44f9d2 · 3a44f9d2
Commit 3a44f9d2 authored Feb 12, 2021 by Douglas Barbosa Alexandre
Hide whitespace changes
Inline Side-by-side

Showing with 21 additions and 5 deletions

ee/app/models/geo_node.rb ee/app/models/geo_node.rb +6 -1

ee/spec/models/geo_node_spec.rb ee/spec/models/geo_node_spec.rb +15 -4

No files found.
--- a/ee/app/models/geo_node.rb
+++ b/ee/app/models/geo_node.rb
@@ -377,7 +377,12 @@ class GeoNode < ApplicationRecord
  def update_oauth_application!
    return unless uri

-    self.build_oauth_application if oauth_application.nil?
+    if oauth_application.nil?
+      self.build_oauth_application
+      self.oauth_application.trusted = true
+      self.oauth_application.confidential = true
+    end
+
    self.oauth_application.name = "Geo node: #{self.url}"
    self.oauth_application.redirect_uri = oauth_callback_url
  end

--- a/ee/spec/models/geo_node_spec.rb
+++ b/ee/spec/models/geo_node_spec.rb
@@ -156,17 +156,28 @@ RSpec.describe GeoNode, :request_store, :geo, type: :model do
            expect(node).to be_valid

            expect(node.oauth_application).to be_present
-            expect(node.oauth_application.redirect_uri).to eq(node.oauth_callback_url)
+            expect(node.oauth_application).to have_attributes(
+              confidential: true,
+              trusted: true,
+              redirect_uri: node.oauth_callback_url
+            )
          end
        end

-        it 'overwrites redirect_uri' do
+        it 'overwrites name, and redirect_uri attributes' do
+          node.oauth_application.name = 'Fake App'
+          node.oauth_application.confidential = false
+          node.oauth_application.trusted = false
          node.oauth_application.redirect_uri = 'http://wrong-callback-url'
          node.oauth_application.save!

          expect(node).to be_valid
-
-          expect(node.oauth_application.redirect_uri).to eq(node.oauth_callback_url)
+          expect(node.oauth_application).to have_attributes(
+            name: "Geo node: #{node.url}",
+            confidential: false,
+            trusted: false,
+            redirect_uri: node.oauth_callback_url
+          )
        end
      end