ScimOauthAccessToken.find_by_token finds instance-level tokens only (!108503) · Merge requests · GitLab.org / GitLab

Jessie Young requested to merge jy-find-by-token-tweak into master Jan 09, 2023

What does this MR do and why?

This method is being used to authenticate requests to instance-level SCIM endpoints, such as those added in this MR: !107770 (merged)
We want to ensure that a group SCIM token cannot be used to authenticate requests made to instance-level SCIM endpoints.
This changes here ensure that no match is returned if the token has a group_id
UI to generate scim tokens will be added via this issue: #376138 (closed)
No changelog here as the method we are changing is unused currently
Also backfilled specs for related method since that was missing unit tests

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Numbered steps to set up and validate the change are strongly suggested.

Edited Jan 10, 2023 by Jessie Young