gitlab oauth scope setting (#613)

JerrySentry · web-flow · commit ff7cbcad5282 · 2024-06-12T15:27:32.000Z
diff --git a/codecov/settings_base.py b/codecov/settings_base.py
@@ -451,7 +451,7 @@
 GITLAB_REDIRECT_URI = get_config(
     "gitlab", "redirect_uri", default="https://codecov.io/login/gitlab"
 )
-
+GITLAB_SCOPE = get_config("gitlab", "scope", default="api")
 GITLAB_BOT_KEY = get_config("gitlab", "bot", "key")
 GITLAB_TOKENLESS_BOT_KEY = get_config(
     "gitlab", "bots", "tokenless", "key", default=GITLAB_BOT_KEY
diff --git a/codecov_auth/tests/unit/views/test_gitlab.py b/codecov_auth/tests/unit/views/test_gitlab.py
@@ -33,7 +33,7 @@ def test_get_gitlab_redirect(client, settings, mock_redis, mocker):
     assert res.status_code == 302
     assert (
         res.url
-        == f"https://gitlab.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgitlab&state={state}"
+        == f"https://gitlab.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgitlab&state={state}&scope=api"
     )
 
 
diff --git a/codecov_auth/tests/unit/views/test_gitlab_enterprise.py b/codecov_auth/tests/unit/views/test_gitlab_enterprise.py
@@ -37,7 +37,7 @@ def test_get_gle_redirect(client, settings, mock_redis, mocker):
     assert res.status_code == 302
     assert (
         res.url
-        == f"https://my.gitlabenterprise.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgle&state={state}"
+        == f"https://my.gitlabenterprise.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgle&state={state}&scope=api"
     )
     mock_get_config.assert_called_with("gitlab_enterprise", "url")
 
diff --git a/codecov_auth/views/gitlab.py b/codecov_auth/views/gitlab.py
@@ -12,6 +12,7 @@
 from shared.torngit.exceptions import TorngitError
 
 from codecov_auth.views.base import LoginMixin, StateMixin
+from utils.config import get_config
 
 log = logging.getLogger(__name__)
 
@@ -40,11 +41,16 @@ def get_url_to_redirect_to(self):
         redirect_info = self.redirect_info
         base_url = urljoin(redirect_info["repo_service"].service_url, "oauth/authorize")
         state = self.generate_state()
+
+        scope = settings.GITLAB_SCOPE
+        log.info(f"Gitlab oauth with scope: '{scope}'")
+
         query = dict(
             response_type="code",
             client_id=redirect_info["client_id"],
             redirect_uri=redirect_info["redirect_uri"],
             state=state,
+            scope=scope,
         )
         query_str = urlencode(query)
         return f"{base_url}?{query_str}"

Original file line number	Diff line number	Diff line change
`@@ -451,7 +451,7 @@`
`451`	`451`	`GITLAB_REDIRECT_URI = get_config(`
`452`	`452`	`"gitlab", "redirect_uri", default="https://codecov.io/login/gitlab"`
`453`	`453`	`)`
`454`		`-`
	`454`	`+GITLAB_SCOPE = get_config("gitlab", "scope", default="api")`
`455`	`455`	`GITLAB_BOT_KEY = get_config("gitlab", "bot", "key")`
`456`	`456`	`GITLAB_TOKENLESS_BOT_KEY = get_config(`
`457`	`457`	`"gitlab", "bots", "tokenless", "key", default=GITLAB_BOT_KEY`
Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ def test_get_gitlab_redirect(client, settings, mock_redis, mocker):`
`33`	`33`	`assert res.status_code == 302`
`34`	`34`	`assert (`
`35`	`35`	`res.url`
`36`		`- == f"https://gitlab.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgitlab&state={state}"`
	`36`	`+ == f"https://gitlab.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgitlab&state={state}&scope=api"`
`37`	`37`	`)`
`38`	`38`
`39`	`39`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ def test_get_gle_redirect(client, settings, mock_redis, mocker):`
`37`	`37`	`assert res.status_code == 302`
`38`	`38`	`assert (`
`39`	`39`	`res.url`
`40`		`- == f"https://my.gitlabenterprise.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgle&state={state}"`
	`40`	`+ == f"https://my.gitlabenterprise.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgle&state={state}&scope=api"`
`41`	`41`	`)`
`42`	`42`	`mock_get_config.assert_called_with("gitlab_enterprise", "url")`
`43`	`43`