SONAR-21589 Revert gitlab login permission for no group sync to read_user

author Nolwenn Cadic <nolwenn.cadic@sonarsource.com>

Wed, 20 Mar 2024 10:20:45 +0000 (11:20 +0100)

committer sonartech <sonartech@sonarsource.com>

Wed, 20 Mar 2024 20:02:31 +0000 (20:02 +0000)
author Nolwenn Cadic <nolwenn.cadic@sonarsource.com>
Wed, 20 Mar 2024 10:20:45 +0000 (11:20 +0100)
committer sonartech <sonartech@sonarsource.com>
Wed, 20 Mar 2024 20:02:31 +0000 (20:02 +0000)
diff --git a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java

index d2a9b0fb980f36f51aec9860ec2d79f9e61d99b7..1ed3db4beca0d51475722e94476cf83439213f44 100644 (file)
--- a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java
+++ b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java
@@ -42,6 +42,7 @@ import static java.util.stream.Collectors.toSet;
  public class GitLabIdentityProvider implements OAuth2IdentityProvider {
  
    public static final String API_SCOPE = "api";
+  public static final String READ_USER_SCOPE = "read_user";
    public static final String KEY = "gitlab";
    private final GitLabSettings gitLabSettings;
    private final ScribeGitLabOauth2Api scribeApi;
@@ -93,7 +94,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider {
      checkState(isEnabled(), "GitLab authentication is disabled");
      return new ServiceBuilder(gitLabSettings.applicationId())
        .apiSecret(gitLabSettings.secret())
-      .defaultScope(API_SCOPE)
+      .defaultScope(gitLabSettings.syncUserGroups() ? API_SCOPE : READ_USER_SCOPE)
        .callback(context.getCallbackUrl());
    }
  
diff --git a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java

index 3371b3188a1f1112a78737cb707e9c3fd08423e5..49399eb64e75d7fcee49d78145c751f8b3a8a510 100644 (file)
--- a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java
+++ b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java
@@ -85,7 +85,7 @@ public class GitLabIdentityProviderTest {
  
      gitLabIdentityProvider.init(initContext);
  
-    verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=api");
+    verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=read_user");
    }
  
    @Test
author	Nolwenn Cadic <nolwenn.cadic@sonarsource.com>
	Wed, 20 Mar 2024 10:20:45 +0000 (11:20 +0100)
committer	sonartech <sonartech@sonarsource.com>
	Wed, 20 Mar 2024 20:02:31 +0000 (20:02 +0000)
server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java		patch \| blob \| history
server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java		patch \| blob \| history