Merge branch '301056-make-the-geo-oauth-application-trusted-by-default' into 'master'

Make the Geo OAuth application trusted by default See merge request gitlab-org/gitlab!54079

Merge branch '301056-make-the-geo-oauth-application-trusted-by-default' into 'master'
Make the Geo OAuth application trusted by default See merge request gitlab-org/gitlab!54079
48d4c300 · Michael Kozono · c648a838 · ffe76bbe · 48d4c300 · 48d4c300
Commit 48d4c300 authored Feb 22, 2021 by Michael Kozono
5 changed files
--- a/changelogs/unreleased/301056-make-the-geo-oauth-application-trusted-by-default.yml
+++ b/changelogs/unreleased/301056-make-the-geo-oauth-application-trusted-by-default.yml
+---
+title: Make the Geo OAuth application trusted by default
+merge_request: 54079
+author:
+type: changed
--- a/db/migrate/20210212153934_make_the_geo_oauth_application_trusted_by_default.rb
+++ b/db/migrate/20210212153934_make_the_geo_oauth_application_trusted_by_default.rb
+# frozen_string_literal: true
+
+class MakeTheGeoOauthApplicationTrustedByDefault < ActiveRecord::Migration[6.0]
+  DOWNTIME = false
+
+  def up
+    execute(<<-SQL.squish)
+      UPDATE oauth_applications
+      SET confidential = true, trusted = true
+      WHERE id IN (SELECT oauth_application_id FROM geo_nodes);
+    SQL
+  end
+
+  def down
+    # We won't be able to tell which trusted applications weren't
+    # confidential before the migration and setting all trusted
+    # applications are not confidential would introduce security
+    # issues.
+  end
+end
--- a/db/schema_migrations/20210212153934
+++ b/db/schema_migrations/20210212153934
+233a976aab340f16ed1c896963580fb66f4c9b4dee6a34f9536a62a4f7688792
\ No newline at end of file
--- a/ee/app/models/geo_node.rb
+++ b/ee/app/models/geo_node.rb
@@ -377,7 +377,12 @@ class GeoNode < ApplicationRecord
  def update_oauth_application!
    return unless uri

-    self.build_oauth_application if oauth_application.nil?
+    if oauth_application.nil?
+      self.build_oauth_application
+      self.oauth_application.trusted = true
+      self.oauth_application.confidential = true
+    end
+
    self.oauth_application.name = "Geo node: #{self.url}"
    self.oauth_application.redirect_uri = oauth_callback_url
  end

--- a/ee/spec/models/geo_node_spec.rb
+++ b/ee/spec/models/geo_node_spec.rb
@@ -156,17 +156,28 @@ RSpec.describe GeoNode, :request_store, :geo, type: :model do
            expect(node).to be_valid

            expect(node.oauth_application).to be_present
-            expect(node.oauth_application.redirect_uri).to eq(node.oauth_callback_url)
+            expect(node.oauth_application).to have_attributes(
+              confidential: true,
+              trusted: true,
+              redirect_uri: node.oauth_callback_url
+            )
          end
        end

-        it 'overwrites redirect_uri' do
+        it 'overwrites name, and redirect_uri attributes' do
+          node.oauth_application.name = 'Fake App'
+          node.oauth_application.confidential = false
+          node.oauth_application.trusted = false
          node.oauth_application.redirect_uri = 'http://wrong-callback-url'
          node.oauth_application.save!

          expect(node).to be_valid
-
-          expect(node.oauth_application.redirect_uri).to eq(node.oauth_callback_url)
+          expect(node.oauth_application).to have_attributes(
+            name: "Geo node: #{node.url}",
+            confidential: false,
+            trusted: false,
+            redirect_uri: node.oauth_callback_url
+          )
        end
      end