From fad2d8ceaa45f18ea43f74851d2ef9ac55ea3dd3 Mon Sep 17 00:00:00 2001 From: Nolwenn Cadic Date: Wed, 20 Mar 2024 11:20:45 +0100 Subject: [PATCH] SONAR-21589 Revert gitlab login permission for no group sync to read_user (cherry picked from commit 011fda4677874677d688456d8cedc8806e0d84a2) --- .../java/org/sonar/auth/gitlab/GitLabIdentityProvider.java | 5 +++-- .../org/sonar/auth/gitlab/GitLabIdentityProviderTest.java | 2 +- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java index fdd76dcd932..ebfa534c55c 100644 --- a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java +++ b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java @@ -43,6 +43,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider { public static final String API_SCOPE = "api"; public static final String READ_USER_SCOPE = "read_user"; + public static final String KEY = "gitlab"; private final GitLabSettings gitLabSettings; private final ScribeGitLabOauth2Api scribeApi; private final GitLabRestClient gitLabRestClient; @@ -55,7 +56,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider { @Override public String getKey() { - return "gitlab"; + return KEY; } @Override @@ -93,7 +94,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider { checkState(isEnabled(), "GitLab authentication is disabled"); return new ServiceBuilder(gitLabSettings.applicationId()) .apiSecret(gitLabSettings.secret()) - .defaultScope(API_SCOPE) + .defaultScope(gitLabSettings.syncUserGroups() ? API_SCOPE : READ_USER_SCOPE) .callback(context.getCallbackUrl()); } diff --git a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java index 3371b3188a1..49399eb64e7 100644 --- a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java +++ b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java @@ -85,7 +85,7 @@ public class GitLabIdentityProviderTest { gitLabIdentityProvider.init(initContext); - verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=api"); + verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=read_user"); } @Test -- 2.39.5