Authorizing an admin-created OAauth application fails
Reported by @jaydg in https://gitlab.com/gitlab-org/gitlab-ce/issues/32059#note_46995057:
For us this change breaks authentication for Jenkins:
Started GET "/oauth/authorize?redirect_uri=https%3A%2F%2FXXXXX.XXXXX.XX%2FsecurityRealm%2FfinishLogin&response_type=code&client_id=7b07183539a885c59cb25b519fb275a2e11b8ebcf793bff5b2ecb7ff1e0f9a16" for n.n.n.n at 2017-11-13 11:46:19 +0100 Processing by Oauth::AuthorizationsController#new as HTML Parameters: {"redirect_uri"=>"https://FXXXXX.XXXXX.XX/securityRealm/finishLogin", "response_type"=>"code", "client_id"=>"7b07183539a885c59cb25b519fb275a2e11b8ebcf793bff5b2ecb7ff1e0f9a16"} Completed 500 Internal Server Error in 12ms (ActiveRecord: 1.5ms) ActionView::Template::Error (undefined method `name' for nil:NilClass): 22: = link_to @pre_auth.client.name, @pre_auth.redirect_uri, target: '_blank', rel: 'noopener noreferrer' 23: is requesting access to your GitLab account. This application was created by 24: = succeed "." do 25: = link_to auth_app_owner.name, user_path(auth_app_owner) 26: Please note that this application is not provided by GitLab and you should verify its authenticity before 27: allowing access. 28: - if @pre_auth.scopes app/views/doorkeeper/authorizations/new.html.haml:25:in `block in _app_views_doorkeeper_authorizations_new_html_haml__1204228730598527299_70106958937340' app/views/doorkeeper/authorizations/new.html.haml:24:in `_app_views_doorkeeper_authorizations_new_html_haml__1204228730598527299_70106958937340' app/controllers/oauth/authorizations_controller.rb:13:in `new' lib/gitlab/middleware/multipart.rb:93:in `call' lib/gitlab/request_profiler/middleware.rb:14:in `call' lib/gitlab/middleware/go.rb:17:in `call' lib/gitlab/etag_caching/middleware.rb:11:in `call' lib/gitlab/middleware/read_only.rb:30:in `call' lib/gitlab/request_context.rb:18:in `call' lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'
The error is in auth_app_owner.name
, where auth_app_owner
is @pre_auth.client.application.owner
, which is apparently nil
here. It looks like OAuth Applications created through the Admin Area do not have an owner set, while applications created by an individual user do.