SONAR-21589 Revert gitlab login permission for no group sync to read_user

(cherry picked from commit 011fda4677874677d688456d8cedc8806e0d84a2)
author: Nolwenn Cadic <nolwenn.cadic@sonarsource.com> 2024-03-20 11:20:45 +0100
committer: sonartech <sonartech@sonarsource.com> 2024-04-25 20:02:44 +0000
commit: fad2d8ceaa45f18ea43f74851d2ef9ac55ea3dd3 (patch)
tree: 0165ba22578a04338e50937d26f1394c3be70966
parent: 4a950bdc9c10cb5c46e311734d666c27dce63a2f (diff)
download: sonarqube-fad2d8ceaa45f18ea43f74851d2ef9ac55ea3dd3.tar.gz
sonarqube-fad2d8ceaa45f18ea43f74851d2ef9ac55ea3dd3.zip
2 files changed, 4 insertions, 3 deletions
diff --git a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java
index fdd76dcd932..ebfa534c55c 100644
--- a/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java
+++ b/server/sonar-auth-gitlab/src/main/java/org/sonar/auth/gitlab/GitLabIdentityProvider.java
@@ -43,6 +43,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider {
 
   public static final String API_SCOPE = "api";
   public static final String READ_USER_SCOPE = "read_user";
+  public static final String KEY = "gitlab";
   private final GitLabSettings gitLabSettings;
   private final ScribeGitLabOauth2Api scribeApi;
   private final GitLabRestClient gitLabRestClient;
@@ -55,7 +56,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider {
 
   @Override
   public String getKey() {
-    return "gitlab";
+    return KEY;
   }
 
   @Override
@@ -93,7 +94,7 @@ public class GitLabIdentityProvider implements OAuth2IdentityProvider {
     checkState(isEnabled(), "GitLab authentication is disabled");
     return new ServiceBuilder(gitLabSettings.applicationId())
       .apiSecret(gitLabSettings.secret())
-      .defaultScope(API_SCOPE)
+      .defaultScope(gitLabSettings.syncUserGroups() ? API_SCOPE : READ_USER_SCOPE)
       .callback(context.getCallbackUrl());
   }
 
diff --git a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java
index 3371b3188a1..49399eb64e7 100644
--- a/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java
+++ b/server/sonar-auth-gitlab/src/test/java/org/sonar/auth/gitlab/GitLabIdentityProviderTest.java
@@ -85,7 +85,7 @@ public class GitLabIdentityProviderTest {
 
     gitLabIdentityProvider.init(initContext);
 
-    verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=api");
+    verify(initContext).redirectTo("http://server/oauth/authorize?response_type=code&client_id=123&redirect_uri=http%3A%2F%2Fserver%2Fcallback&scope=read_user");
   }
 
   @Test
author	Nolwenn Cadic <nolwenn.cadic@sonarsource.com>	2024-03-20 11:20:45 +0100
committer	sonartech <sonartech@sonarsource.com>	2024-04-25 20:02:44 +0000
commit	fad2d8ceaa45f18ea43f74851d2ef9ac55ea3dd3 (patch)
tree	0165ba22578a04338e50937d26f1394c3be70966
parent	4a950bdc9c10cb5c46e311734d666c27dce63a2f (diff)
download	sonarqube-fad2d8ceaa45f18ea43f74851d2ef9ac55ea3dd3.tar.gz sonarqube-fad2d8ceaa45f18ea43f74851d2ef9ac55ea3dd3.zip