Skip to content

Authorizing an admin-created OAauth application fails

Reported by @jaydg in https://gitlab.com/gitlab-org/gitlab-ce/issues/32059#note_46995057:

For us this change breaks authentication for Jenkins:

Started GET "/oauth/authorize?redirect_uri=https%3A%2F%2FXXXXX.XXXXX.XX%2FsecurityRealm%2FfinishLogin&response_type=code&client_id=7b07183539a885c59cb25b519fb275a2e11b8ebcf793bff5b2ecb7ff1e0f9a16" for n.n.n.n at 2017-11-13 11:46:19 +0100
Processing by Oauth::AuthorizationsController#new as HTML
  Parameters: {"redirect_uri"=>"https://FXXXXX.XXXXX.XX/securityRealm/finishLogin", "response_type"=>"code", "client_id"=>"7b07183539a885c59cb25b519fb275a2e11b8ebcf793bff5b2ecb7ff1e0f9a16"}
Completed 500 Internal Server Error in 12ms (ActiveRecord: 1.5ms)

ActionView::Template::Error (undefined method `name' for nil:NilClass):
    22:           = link_to @pre_auth.client.name, @pre_auth.redirect_uri, target: '_blank', rel: 'noopener noreferrer'
    23:           is requesting access to your GitLab account. This application was created by
    24:           = succeed "." do
    25:             = link_to auth_app_owner.name, user_path(auth_app_owner)
    26:           Please note that this application is not provided by GitLab and you should verify its authenticity before
    27:           allowing access.
    28:         - if @pre_auth.scopes
  app/views/doorkeeper/authorizations/new.html.haml:25:in `block in _app_views_doorkeeper_authorizations_new_html_haml__1204228730598527299_70106958937340'
  app/views/doorkeeper/authorizations/new.html.haml:24:in `_app_views_doorkeeper_authorizations_new_html_haml__1204228730598527299_70106958937340'
  app/controllers/oauth/authorizations_controller.rb:13:in `new'
  lib/gitlab/middleware/multipart.rb:93:in `call'
  lib/gitlab/request_profiler/middleware.rb:14:in `call'
  lib/gitlab/middleware/go.rb:17:in `call'
  lib/gitlab/etag_caching/middleware.rb:11:in `call'
  lib/gitlab/middleware/read_only.rb:30:in `call'
  lib/gitlab/request_context.rb:18:in `call'
  lib/gitlab/metrics/requests_rack_middleware.rb:27:in `call'

The error is in auth_app_owner.name, where auth_app_owner is @pre_auth.client.application.owner, which is apparently nil here. It looks like OAuth Applications created through the Admin Area do not have an owner set, while applications created by an individual user do.