Add comment with reason for skipping admin auth

Updating Doorkeeper to 5.0.2 introduced a change where all controllers that inherit from `Doorkeeper::ApplicationsController` must define the admin_authenticator in the config, otherwise all the endpoints will always return a `403`. As we have our own authenication logic for this controller defined in `authenticate_user!`, this call is redundant. We've chosen to explicitly skip it here, so that anyone who inherits from this controller in the future will have to decide how to handle the authenication explicitly.

Add comment with reason for skipping admin auth
Updating Doorkeeper to 5.0.2 introduced a change where all controllers that inherit from `Doorkeeper::ApplicationsController` must define the admin_authenticator in the config, otherwise all the endpoints will always return a `403`. As we have our own authenication logic for this controller defined in `authenticate_user!`, this call is redundant. We've chosen to explicitly skip it here, so that anyone who inherits from this controller in the future will have to decide how to handle the authenication explicitly.
fe035a3a · Josianne Hyson · a550a54b · fe035a3a
Commit fe035a3a authored Feb 11, 2020 by Josianne Hyson
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

app/controllers/oauth/applications_controller.rb app/controllers/oauth/applications_controller.rb +2 -0

No files found.
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -8,6 +8,8 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
  include Gitlab::Experimentation::ControllerConcern
  include InitializesCurrentUserMode
+  # Defined by the `Doorkeeper::ApplicationsController` and is redundant as we call `authenticate_user!` below. Not
+  # defining or skipping this will result in a `403` response to all requests.
  skip_before_action :authenticate_admin!
  prepend_before_action :verify_user_oauth_applications_enabled, except: :index