Merge branch...

Merge branch '5523-geo-relative-url-roots-in-external_url-causes-redirect-loop-on-secondary-login' into 'master' Geo: Fix OAuth authentication with relative URLs Closes #5523 See merge request gitlab-org/gitlab-ee!11976

Merge branch...
Merge branch '5523-geo-relative-url-roots-in-external_url-causes-redirect-loop-on-secondary-login' into 'master' Geo: Fix OAuth authentication with relative URLs Closes #5523 See merge request gitlab-org/gitlab-ee!11976
a66b2077 · Ash McKenzie · e518d9a8 · 0f69a31f · a66b2077 · a66b2077
Commit a66b2077 authored May 06, 2019 by Ash McKenzie
3 changed files
--- a/ee/changelogs/unreleased/5523-geo-relative-url-roots-in-external_url-causes-redirect-loop-on-secondary-login.yml
+++ b/ee/changelogs/unreleased/5523-geo-relative-url-roots-in-external_url-causes-redirect-loop-on-secondary-login.yml
+---
+title: 'Geo: Fix OAuth authentication with relative URLs'
+merge_request: 11976
+author:
+type: fixed
--- a/ee/lib/gitlab/geo/oauth/session.rb
+++ b/ee/lib/gitlab/geo/oauth/session.rb
@@ -8,13 +8,19 @@ module Gitlab
        include Gitlab::Utils::StrongMemoize
        include GrapePathHelpers::NamedRouteMatcher

+        # We don't use oauth_token_path helper because its output depends
+        # on secondary configuration (ex., relative URL) while we really need
+        # it for a primary. This is why we're building it ourselves using
+        # primary node configuration and this static URL
+        TOKEN_PATH = '/oauth/token'
+
        def authorize_url(params = {})
          oauth_client.auth_code.authorize_url(params)
        end

        def authenticate(access_token)
          api = OAuth2::AccessToken.from_hash(oauth_client, access_token: access_token)
-          api.get(api_v4_user_path).parsed
+          api.get(primary_api_user_path).parsed
        end

        def get_token(code, params = {}, opts = {})
@@ -41,8 +47,12 @@ module Gitlab
          end
        end

+        def primary_api_user_path
+          Gitlab::Utils.append_path(Gitlab::Geo.primary_node.internal_url, api_v4_user_path)
+        end
+
        def token_url
-          Gitlab::Utils.append_path(Gitlab::Geo.primary_node.internal_url, oauth_token_path)
+          Gitlab::Utils.append_path(Gitlab::Geo.primary_node.internal_url, TOKEN_PATH)
        end
      end
    end

--- a/ee/spec/lib/gitlab/geo/oauth/session_spec.rb
+++ b/ee/spec/lib/gitlab/geo/oauth/session_spec.rb
@@ -49,5 +49,35 @@ describe Gitlab::Geo::Oauth::Session, :geo do
        expect { subject.authenticate(access_token.token) }.to raise_error(OAuth2::Error)
      end
    end
+
+    context 'primary is configured with relative URL' do
+      it 'includes primary relative URL path' do
+        primary_node.update(url: 'http:://localhost/relative-path/')
+
+        api_response = double(parsed: true)
+
+        expect_any_instance_of(OAuth2::AccessToken)
+          .to receive(:get).with(%r{^http:://localhost/relative-path/}).and_return(api_response)
+
+        subject.authenticate('any token')
+      end
+    end
+  end
+
+  describe '#get_token' do
+    context 'primary is configured with relative URL' do
+      it "makes the request to a primary's relative URL" do
+        response = ActiveSupport::JSON.encode({ access_token: 'fake-token' }.as_json)
+        primary_node.update(url: 'http://example.com/gitlab/')
+        api_url = "#{primary_node.internal_url}oauth/token"
+
+        stub_request(:post, api_url).to_return(
+          body: response,
+          headers: { 'Content-Type' => 'application/json' }
+        )
+
+        expect(subject.get_token('any code')).to eq('fake-token')
+      end
+    end
  end
 end