Merge branch '30305-oauth-token-push-code' into 'master'

Allow OAuth clients to push code

Closes #30305

See merge request !10677

changelogs/unreleased/30305-oauth-token-push-code.yml

+---
+title: Allow OAuth clients to push code
+merge_request: 10677
+author:

lib/gitlab/auth.rb

@@ -108,7 +108,7 @@ module Gitlab
           token = Doorkeeper::AccessToken.by_token(password)
           if valid_oauth_token?(token)
             user = User.find_by(id: token.resource_owner_id)
-            Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities)
+            Gitlab::Auth::Result.new(user, nil, :oauth, full_authentication_abilities)
           end
         end
       end

spec/lib/gitlab/auth_spec.rb

@@ -118,7 +118,7 @@ describe Gitlab::Auth, lib: true do
 
       it 'succeeds for OAuth tokens with the `api` scope' do
         expect(gl_auth).to receive(:rate_limit!).with('ip', success: true, login: 'oauth2')
-        expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, read_authentication_abilities))
+        expect(gl_auth.find_for_git_client("oauth2", token_w_api_scope.token, project: nil, ip: 'ip')).to eq(Gitlab::Auth::Result.new(user, nil, :oauth, full_authentication_abilities))
       end
 
       it 'fails for OAuth tokens with other scopes' do

spec/requests/git_http_spec.rb

@@ -279,10 +279,10 @@ describe 'Git HTTP requests', lib: true do
                   expect(response.content_type.to_s).to eq(Gitlab::Workhorse::INTERNAL_API_CONTENT_TYPE)
                 end
 
-                it "uploads get status 401 (no project existence information leak)" do
+                it "uploads get status 200" do
                   push_get "#{project.path_with_namespace}.git", user: 'oauth2', password: @token.token
 
-                  expect(response).to have_http_status(401)
+                  expect(response).to have_http_status(200)
                 end
               end