Commit 8a1841c9 authored by Heinrich Lee Yu's avatar Heinrich Lee Yu

Merge branch '351331-diagnose-failed-scope-downgrade' into 'master'

Add logging to diagnose logging downgrade failure

See merge request gitlab-org/gitlab!81037
parents 5eaed869 e8b54d7d
...@@ -12,7 +12,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController ...@@ -12,7 +12,10 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
# Overridden from Doorkeeper::AuthorizationsController to # Overridden from Doorkeeper::AuthorizationsController to
# include the call to session.delete # include the call to session.delete
def new def new
logger.info("#{self.class.name}#new: pre_auth_params['scope'] = #{pre_auth_params['scope'].inspect}")
if pre_auth.authorizable? if pre_auth.authorizable?
logger.info("#{self.class.name}#new: pre_auth.scopes = #{pre_auth.scopes.to_a.inspect}")
if skip_authorization? || matching_token? if skip_authorization? || matching_token?
auth = authorization.authorize auth = authorization.authorize
parsed_redirect_uri = URI.parse(auth.redirect_uri) parsed_redirect_uri = URI.parse(auth.redirect_uri)
...@@ -43,9 +46,15 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController ...@@ -43,9 +46,15 @@ class Oauth::AuthorizationsController < Doorkeeper::AuthorizationsController
auth_type = params.delete('gl_auth_type') auth_type = params.delete('gl_auth_type')
return unless auth_type == 'login' return unless auth_type == 'login'
logger.info("#{self.class.name}: BEFORE application has read_user: #{application_has_read_user_scope?}")
logger.info("#{self.class.name}: BEFORE scope = #{params['scope'].inspect}")
ensure_read_user_scope! ensure_read_user_scope!
params['scope'] = Gitlab::Auth::READ_USER_SCOPE.to_s if application_has_read_user_scope? params['scope'] = Gitlab::Auth::READ_USER_SCOPE.to_s if application_has_read_user_scope?
logger.info("#{self.class.name}: AFTER application has read_user: #{application_has_read_user_scope?}")
logger.info("#{self.class.name}: AFTER scope = #{params['scope'].inspect}")
end end
# Configure the application to support read_user scope, if it already # Configure the application to support read_user scope, if it already
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment