Merge branch '257843-fix-jira-dvcs-github-scope' into 'master'

Use correct scope when authorizing with Jira GitHub DVCS connector

See merge request gitlab-org/gitlab!61496
https://gitlab.com/gitlab-org/gitlab/-/issues/257843

app/controllers/oauth/jira/authorizations_controller.rb

@@ -16,7 +16,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
 
     redirect_to oauth_authorization_path(client_id: params['client_id'],
                                          response_type: 'code',
-                                         scope: params['scope'],
+                                         scope: normalize_scope(params['scope']),
                                          redirect_uri: oauth_jira_callback_url)
   end
 
@@ -48,4 +48,12 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
   rescue Doorkeeper::Errors::DoorkeeperError => e
     render status: :unauthorized, body: e.type
   end
+
+  private
+
+  # When using the GitHub Enterprise connector in Jira we receive the "repo" scope,
+  # this doesn't exist in GitLab but we can map it to our "api" scope.
+  def normalize_scope(scope)
+    scope == 'repo' ? 'api' : scope
+  end
 end

changelogs/unreleased/257843-fix-jira-dvcs-github-scope.yml

+---
+title: Use correct scope when authorizing with Jira GitHub DVCS connector
+merge_request: 61496
+author:
+type: fixed

doc/integration/jira/dvcs.md

@@ -72,7 +72,7 @@ for the groups you specify, into Jira. This import takes a few minutes and, afte
 it completes, refreshes every 60 minutes:
 
 1. Ensure you have completed the [GitLab configuration](#configure-a-gitlab-application-for-dvcs).
-1. Go to your DVCS account:
+1. Go to your DVCS accounts:
    - *For Jira Server,* go to **Settings (gear) > Applications > DVCS accounts**.
    - *For Jira Cloud,* go to **Settings (gear) > Products > DVCS accounts**.
 1. To create a new integration, select the appropriate value for **Host**:
@@ -94,7 +94,10 @@ it completes, refreshes every 60 minutes:
 1. For **Client ID**, use the **Application ID** value from the previous section.
 1. For **Client Secret**, use the **Secret** value from the previous section.
 1. Ensure that the rest of the checkboxes are checked.
-1. Select **Add** to complete and create the integration.
+1. Select **Add** and then **Continue** to create the DVCS account.
+1. Jira redirects to GitLab where you have to confirm the authorization,
+   and then GitLab redirects back to Jira where you should see the synced
+   projects show up inside the new account.
 
 To connect additional GitLab projects from other GitLab top-level groups, or
 personal namespaces, repeat the previous steps with additional Jira DVCS accounts.

spec/controllers/oauth/jira/authorizations_controller_spec.rb

@@ -5,10 +5,20 @@ require 'spec_helper'
 RSpec.describe Oauth::Jira::AuthorizationsController do
   describe 'GET new' do
     it 'redirects to OAuth authorization with correct params' do
-      get :new, params: { client_id: 'client-123', redirect_uri: 'http://example.com/' }
+      get :new, params: { client_id: 'client-123', scope: 'foo', redirect_uri: 'http://example.com/' }
 
       expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
                                                               response_type: 'code',
+                                                              scope: 'foo',
+                                                              redirect_uri: oauth_jira_callback_url))
+    end
+
+    it 'replaces the GitHub "repo" scope with "api"' do
+      get :new, params: { client_id: 'client-123', scope: 'repo', redirect_uri: 'http://example.com/' }
+
+      expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
+                                                              response_type: 'code',
+                                                              scope: 'api',
                                                               redirect_uri: oauth_jira_callback_url))
     end
   end