Use correct scope when authorizing with Jira GitHub DVCS connector

When using the GitHub Enterprise connector in Jira we receive the
"repo" scope, this doesn't exist in GitLab but we can map it to our
"api" scope.

Changelog: fixed

app/controllers/oauth/jira/authorizations_controller.rb

@@ -16,7 +16,7 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
 
     redirect_to oauth_authorization_path(client_id: params['client_id'],
                                          response_type: 'code',
-                                         scope: params['scope'],
+                                         scope: normalize_scope(params['scope']),
                                          redirect_uri: oauth_jira_callback_url)
   end
 
@@ -48,4 +48,12 @@ class Oauth::Jira::AuthorizationsController < ApplicationController
   rescue Doorkeeper::Errors::DoorkeeperError => e
     render status: :unauthorized, body: e.type
   end
+
+  private
+
+  # When using the GitHub Enterprise connector in Jira we receive the "repo" scope,
+  # this doesn't exist in GitLab but we can map it to our "api" scope.
+  def normalize_scope(scope)
+    scope == 'repo' ? 'api' : scope
+  end
 end

changelogs/unreleased/257843-fix-jira-dvcs-github-scope.yml

+---
+title: Use correct scope when authorizing with Jira GitHub DVCS connector
+merge_request: 61496
+author:
+type: fixed

doc/integration/jira/dvcs.md

@@ -72,7 +72,7 @@ for the groups you specify, into Jira. This import takes a few minutes and, afte
 it completes, refreshes every 60 minutes:
 
 1. Ensure you have completed the [GitLab configuration](#configure-a-gitlab-application-for-dvcs).
-1. Go to your DVCS account:
+1. Go to your DVCS accounts:
    - *For Jira Server,* go to **Settings (gear) > Applications > DVCS accounts**.
    - *For Jira Cloud,* go to **Settings (gear) > Products > DVCS accounts**.
 1. To create a new integration, select the appropriate value for **Host**:
@@ -94,7 +94,10 @@ it completes, refreshes every 60 minutes:
 1. For **Client ID**, use the **Application ID** value from the previous section.
 1. For **Client Secret**, use the **Secret** value from the previous section.
 1. Ensure that the rest of the checkboxes are checked.
-1. Select **Add** to complete and create the integration.
+1. Select **Add** and then **Continue** to create the DVCS account.
+1. Jira redirects to GitLab where you have to confirm the authorization,
+   and then GitLab redirects back to Jira where you should see the synced
+   projects show up inside the new account.
 
 To connect additional GitLab projects from other GitLab top-level groups, or
 personal namespaces, repeat the previous steps with additional Jira DVCS accounts.

spec/controllers/oauth/jira/authorizations_controller_spec.rb

@@ -5,10 +5,20 @@ require 'spec_helper'
 RSpec.describe Oauth::Jira::AuthorizationsController do
   describe 'GET new' do
     it 'redirects to OAuth authorization with correct params' do
-      get :new, params: { client_id: 'client-123', redirect_uri: 'http://example.com/' }
+      get :new, params: { client_id: 'client-123', scope: 'foo', redirect_uri: 'http://example.com/' }
 
       expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
                                                               response_type: 'code',
+                                                              scope: 'foo',
+                                                              redirect_uri: oauth_jira_callback_url))
+    end
+
+    it 'replaces the GitHub "repo" scope with "api"' do
+      get :new, params: { client_id: 'client-123', scope: 'repo', redirect_uri: 'http://example.com/' }
+
+      expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
+                                                              response_type: 'code',
+                                                              scope: 'api',
                                                               redirect_uri: oauth_jira_callback_url))
     end
   end