Improve OAuth rewiring and routing

bfc57099 · Oswaldo Ferreira · af617386 · bfc57099 · bfc57099 · bfc57099
Commit bfc57099 authored Aug 17, 2017 by Oswaldo Ferreira
3 changed files
--- a/app/controllers/oauth/jira/authorizations_controller.rb
+++ b/app/controllers/oauth/jira/authorizations_controller.rb
-class Oauth::Jira::AuthorizationsController < Doorkeeper::AuthorizationsController
-  skip_before_action :authenticate_resource_owner!, only: :access_token
-  skip_before_action :verify_authenticity_token, only: :access_token
-
-  # Overriden from Doorkeeper::AuthorizationsController to
-  # include the call to session.delete
+# This controller's role is to mimic the Gitlab OAuth flow routes for Jira DVCS
+# integration.
+# See https://gitlab.com/gitlab-org/gitlab-ee/issues/2381
+#
+class Oauth::Jira::AuthorizationsController < ActionController::Base
+  # 1. Rewire Jira OAuth initial request to our stablished OAuth authorization URL.
  def new
    session[:redirect_uri] = params['redirect_uri']

    redirect_to oauth_authorization_path(client_id: params['client_id'],
                                         response_type: 'code',
-                                         redirect_uri: 'http://glgh-api-proxy.ngrok.io/jira/login/oauth/authorize_callback')
+                                         redirect_uri: oauth_jira_callback_url)
  end

+  # 2. Handle the callback call as we were a Github Enterprise instance client.
  def callback
-    redirect_uri = session[:redirect_uri]
-    session[:redirect_uri] = nil
-
-    redirect_to(redirect_uri + '&code=' + params[:code])
+    # TODO: join url params in a better way
+    redirect_to(session['redirect_uri'] + '&code=' + params[:code])
  end

+  # 3. Rewire and adjust access_token request accordingly.
  def access_token
-    req_params =  { client_id: params[:client_id],
-                    client_secret: params[:client_secret],
-                    code: params[:code],
-                    grant_type: 'authorization_code',
-                    redirect_uri: 'http://glgh-api-proxy.ngrok.io/jira/login/oauth/authorize_callback' }
-
-    Rails.logger.info("------ #{req_params}")
-
-    response = HTTParty.post('http://glgh-api-proxy.ngrok.io/jira/login/oauth/token', body: req_params)
-
-    token = "access_token=" + response['access_token'] + "&scope=" + response['scope'] + "&token_type=" + response['token_type']
+    auth_params = params
+                    .slice(:code, :client_id, :client_secret)
+                    .merge(grant_type: 'authorization_code', redirect_uri: oauth_jira_callback_url)
+
+    auth_response =
+      HTTParty.post(oauth_token_url, body: auth_params)
+
+    # TODO: join url params in a better way
+    token = "access_token=" +
+            auth_response['access_token'] + "&scope=" +
+            auth_response['scope'] + "&token_type=" +
+            auth_response['token_type']

    render text: token
  end

--- a/config/routes.rb
+++ b/config/routes.rb
@@ -22,16 +22,10 @@ Rails.application.routes.draw do

  end

-  # TODO: find a :only sort of option to generate only the routes we need
-  scope path: '/jira/login' do
-    use_doorkeeper do
-      controllers authorizations: 'oauth/jira/authorizations'
-      as authorizations: :jira_authorization
-    end
-
-    # Making the role of Github for Jira
-    get '/oauth/authorize_callback' => 'oauth/jira/authorizations#callback', as: :oauth_jira_callback
-    post '/oauth/access_token' => 'oauth/jira/authorizations#access_token'
+  scope path: '/jira/login/oauth', controller: 'oauth/jira/authorizations', as: :oauth_jira do
+    get :authorize, action: :new
+    get :callback
+    post :access_token
  end

  namespace :oauth do

--- a/spec/controllers/oauth/jira/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/jira/authorizations_controller_spec.rb
+require 'spec_helper'
+
+describe Oauth::Jira::AuthorizationsController do
+  describe 'GET new' do
+    it 'redirects to OAuth authorization with correct params' do
+      get :new, client_id: 'client-123', redirect_uri: 'http://example.com/'
+
+      expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
+                                                              response_type: 'code',
+                                                              redirect_uri: oauth_jira_callback_url))
+    end
+  end
+
+  describe 'GET callback' do
+    it 'redirects to redirect_uri on session with code param' do
+      session['redirect_uri'] = 'http://example.com?foo=bar'
+
+      get :callback, code: 'hash-123'
+
+      expect(response).to redirect_to('http://example.com?foo=bar&code=hash-123')
+    end
+  end
+
+  describe 'POST access_token' do
+    it 'send post call to oauth_token_url with correct params' do
+      expected_auth_params = { 'code' => 'code-123',
+                               'client_id' => 'client-123',
+                               'client_secret' => 'secret-123',
+                               'grant_type' => 'authorization_code',
+                               'redirect_uri' => 'http://test.host/jira/login/oauth/callback' }
+
+      expect(HTTParty).to receive(:post).with(oauth_token_url, body: expected_auth_params) do
+        { 'access_token' => 'fake-123', 'scope' => 'foo', 'token_type' => 'bar' }
+      end
+
+      post :access_token, code: 'code-123', client_id: 'client-123', client_secret: 'secret-123'
+
+      expect(response.body).to eq('access_token=fake-123&scope=foo&token_type=bar')
+    end
+  end
+end