Commit c1fa5e6d authored by Oswaldo Ferreira's avatar Oswaldo Ferreira Committed by Robert Speicher

Skip oAuth authorization for trusted applications

parent bcd31001
...@@ -50,6 +50,20 @@ class Admin::ApplicationsController < Admin::ApplicationController ...@@ -50,6 +50,20 @@ class Admin::ApplicationsController < Admin::ApplicationController
# Only allow a trusted parameter "white list" through. # Only allow a trusted parameter "white list" through.
def application_params def application_params
params[:doorkeeper_application].permit(:name, :redirect_uri, :scopes) params.require(:doorkeeper_application).permit(application_params_ce << application_params_ee)
end
def application_params_ce
%i[
name
redirect_uri
scopes
]
end
def application_params_ee
%i[
trusted
]
end end
end end
...@@ -6,6 +6,7 @@ ...@@ -6,6 +6,7 @@
.col-sm-10 .col-sm-10
= f.text_field :name, class: 'form-control' = f.text_field :name, class: 'form-control'
= doorkeeper_errors_for application, :name = doorkeeper_errors_for application, :name
= content_tag :div, class: 'form-group' do = content_tag :div, class: 'form-group' do
= f.label :redirect_uri, class: 'col-sm-2 control-label' = f.label :redirect_uri, class: 'col-sm-2 control-label'
.col-sm-10 .col-sm-10
...@@ -19,6 +20,13 @@ ...@@ -19,6 +20,13 @@
%code= Doorkeeper.configuration.native_redirect_uri %code= Doorkeeper.configuration.native_redirect_uri
for local tests for local tests
= content_tag :div, class: 'form-group' do
= f.label :trusted, class: 'col-sm-2 control-label'
.col-sm-10
= f.check_box :trusted
%span.help-block
Trusted applications are automatically authorized on GitLab oAuth flow.
.form-group .form-group
= f.label :scopes, class: 'col-sm-2 control-label' = f.label :scopes, class: 'col-sm-2 control-label'
.col-sm-10 .col-sm-10
......
...@@ -11,6 +11,7 @@ ...@@ -11,6 +11,7 @@
%th Name %th Name
%th Callback URL %th Callback URL
%th Clients %th Clients
%th Trusted
%th %th
%th %th
%tbody.oauth-applications %tbody.oauth-applications
...@@ -19,5 +20,6 @@ ...@@ -19,5 +20,6 @@
%td= link_to application.name, admin_application_path(application) %td= link_to application.name, admin_application_path(application)
%td= application.redirect_uri %td= application.redirect_uri
%td= application.access_tokens.map(&:resource_owner_id).uniq.count %td= application.access_tokens.map(&:resource_owner_id).uniq.count
%td= application.trusted? ? 'Y': 'N'
%td= link_to 'Edit', edit_admin_application_path(application), class: 'btn btn-link' %td= link_to 'Edit', edit_admin_application_path(application), class: 'btn btn-link'
%td= render 'delete_form', application: application %td= render 'delete_form', application: application
...@@ -23,6 +23,12 @@ ...@@ -23,6 +23,12 @@
%div %div
%span.monospace= uri %span.monospace= uri
%tr
%td
Trusted
%td
= @application.trusted? ? 'Y' : 'N'
= render "shared/tokens/scopes_list", token: @application = render "shared/tokens/scopes_list", token: @application
.form-actions .form-actions
......
---
title: Skip oAuth authorization for trusted applications
merge_request:
author:
...@@ -92,9 +92,9 @@ Doorkeeper.configure do ...@@ -92,9 +92,9 @@ Doorkeeper.configure do
# Under some circumstances you might want to have applications auto-approved, # Under some circumstances you might want to have applications auto-approved,
# so that the user skips the authorization step. # so that the user skips the authorization step.
# For example if dealing with trusted a application. # For example if dealing with trusted a application.
# skip_authorization do |resource_owner, client| skip_authorization do |resource_owner, client|
# client.superapp? or resource_owner.admin? client.application.trusted?
# end end
# WWW-Authenticate Realm (default "Doorkeeper"). # WWW-Authenticate Realm (default "Doorkeeper").
# realm "Doorkeeper" # realm "Doorkeeper"
......
class AddTrustedColumnToOauthApplications < ActiveRecord::Migration
include Gitlab::Database::MigrationHelpers
DOWNTIME = false
disable_ddl_transaction!
def up
add_column_with_default(:oauth_applications, :trusted, :boolean, default: false)
end
def down
remove_column(:oauth_applications, :trusted)
end
end
...@@ -1209,6 +1209,7 @@ ActiveRecord::Schema.define(version: 20170719182937) do ...@@ -1209,6 +1209,7 @@ ActiveRecord::Schema.define(version: 20170719182937) do
t.datetime "updated_at" t.datetime "updated_at"
t.integer "owner_id" t.integer "owner_id"
t.string "owner_type" t.string "owner_type"
t.boolean "trusted", default: false, null: false
end end
add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type", using: :btree add_index "oauth_applications", ["owner_id", "owner_type"], name: "index_oauth_applications_on_owner_id_and_owner_type", using: :btree
......
...@@ -63,6 +63,9 @@ it from the admin area. ...@@ -63,6 +63,9 @@ it from the admin area.
![OAuth admin_applications](img/oauth_provider_admin_application.png) ![OAuth admin_applications](img/oauth_provider_admin_application.png)
You're also able to mark an application as _trusted_ when creating it through the admin area. By doing that,
the user authorization step is automatically skipped for this application.
--- ---
## Authorized applications ## Authorized applications
......
...@@ -28,13 +28,16 @@ describe Admin::ApplicationsController do ...@@ -28,13 +28,16 @@ describe Admin::ApplicationsController do
describe 'POST #create' do describe 'POST #create' do
it 'creates the application' do it 'creates the application' do
create_params = attributes_for(:application, trusted: true)
expect do expect do
post :create, doorkeeper_application: attributes_for(:application) post :create, doorkeeper_application: create_params
end.to change { Doorkeeper::Application.count }.by(1) end.to change { Doorkeeper::Application.count }.by(1)
application = Doorkeeper::Application.last application = Doorkeeper::Application.last
expect(response).to redirect_to(admin_application_path(application)) expect(response).to redirect_to(admin_application_path(application))
expect(application).to have_attributes(create_params.except(:uid, :owner_type))
end end
it 'renders the application form on errors' do it 'renders the application form on errors' do
...@@ -49,10 +52,12 @@ describe Admin::ApplicationsController do ...@@ -49,10 +52,12 @@ describe Admin::ApplicationsController do
describe 'PATCH #update' do describe 'PATCH #update' do
it 'updates the application' do it 'updates the application' do
patch :update, id: application.id, doorkeeper_application: { redirect_uri: 'http://example.com/' } patch :update, id: application.id, doorkeeper_application: { redirect_uri: 'http://example.com/', trusted: true }
application.reload
expect(response).to redirect_to(admin_application_path(application)) expect(response).to redirect_to(admin_application_path(application))
expect(application.reload.redirect_uri).to eq 'http://example.com/' expect(application).to have_attributes(redirect_uri: 'http://example.com/', trusted: true)
end end
it 'renders the application form on errors' do it 'renders the application form on errors' do
......
...@@ -34,6 +34,22 @@ describe Oauth::AuthorizationsController do ...@@ -34,6 +34,22 @@ describe Oauth::AuthorizationsController do
end end
context 'with valid params' do context 'with valid params' do
context 'when trusted application' do
before do
doorkeeper.update(trusted: true)
end
it 'deletes session.user_return_to and redirects' do
request.session['user_return_to'] = 'http://example.com'
allow(controller).to receive(:skip_authorization?).and_return(true)
get :new, params
expect(request.session['user_return_to']).to be_nil
expect(response).to have_http_status(302)
end
end
it 'returns 200 code and renders view' do it 'returns 200 code and renders view' do
get :new, params get :new, params
......
...@@ -13,19 +13,24 @@ RSpec.describe 'admin manage applications' do ...@@ -13,19 +13,24 @@ RSpec.describe 'admin manage applications' do
fill_in :doorkeeper_application_name, with: 'test' fill_in :doorkeeper_application_name, with: 'test'
fill_in :doorkeeper_application_redirect_uri, with: 'https://test.com' fill_in :doorkeeper_application_redirect_uri, with: 'https://test.com'
check :doorkeeper_application_trusted
click_on 'Submit' click_on 'Submit'
expect(page).to have_content('Application: test') expect(page).to have_content('Application: test')
expect(page).to have_content('Application Id') expect(page).to have_content('Application Id')
expect(page).to have_content('Secret') expect(page).to have_content('Secret')
expect(page).to have_content('Trusted Y')
click_on 'Edit' click_on 'Edit'
expect(page).to have_content('Edit application') expect(page).to have_content('Edit application')
fill_in :doorkeeper_application_name, with: 'test_changed' fill_in :doorkeeper_application_name, with: 'test_changed'
uncheck :doorkeeper_application_trusted
click_on 'Submit' click_on 'Submit'
expect(page).to have_content('test_changed') expect(page).to have_content('test_changed')
expect(page).to have_content('Application Id') expect(page).to have_content('Application Id')
expect(page).to have_content('Secret') expect(page).to have_content('Secret')
expect(page).to have_content('Trusted N')
visit admin_applications_path visit admin_applications_path
page.within '.oauth-applications' do page.within '.oauth-applications' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment