Skip to content

Notification email for newly authorized and created OAuth applications

nobody requested to merge gitlab-community/gitlab:issue-414375 into master

What does this MR do and why?

To try to close #414375 & send email when a user create a new application.

This MR does two things:

  1. send an notification email when a user create a new application. This application can be with three level: User owned application, Group owned application, or Instance-wide application
  2. send an notification email to the user when they authorized an existing application. This is issue #414375

How to set up and validate locally

Review mail through mail preivew [1]

review notification email when a user create a new application

http://127.0.0.1:3000/rails/mailers/notify/application_created_email

review notification email when a user authorized an existing application

http://127.0.0.1:3000/rails/mailers/notify/application_authorized_email

[1]. https://docs.gitlab.com/ee/development/emails.html#mailer-previews

Test when a new application is created

create a User owned application

  1. create a new application.
  2. go to http://localhost:3000/rails/letter_opener/
  3. there should be a new email!

Screenshot 2023-09-05 at 9.48.46 pm.png

create a group owned application

  1. create a new group, and create a new group application at http://127.0.0.1:3000/groups/<new group>/-/settings/applications
  2. go to http://localhost:3000/rails/letter_opener/
  3. there should be a new email

create an Instance-wide application

  1. go to admin page, and find admin application settings at here: http://127.0.0.1:3000/admin/applications.
  2. create a new instance application
  3. go to http://localhost:3000/rails/letter_opener/
  4. there should be a new email.

Test when a user authorized an existing application

I am doing this in a complicated way.. not sure if there is some easier way to check this. The original issue description mentioned that we can use glab auth login to test but I found that glab auth login might only be used on gitlab.com as its client id is hardcoded [1]. There is no way for me to change the client id in the instance application.

An issue has been raised to address this, by the time when I was testing, the issue has not been resolved so I am using gitpod to test this instead.

The method below needs a gitpod account.

  1. start the instance on gitpod so that there will be an public host name of a test GitLab instance.
  2. create a new admin application when using root account.
  3. find an external service provide (I use gitpod.io). Then add the gitpod instance as the new git interations [2].
  4. finishing authentication, then go to https://gitpod.gitlab.instance/rails/letter_opener. There should be a letter saying an application is authorized by the root.
  5. In the Git provider section at gitpod integration page, there would be a new provider, and the username is root. Delete that provider.
  6. in GitLab instance, logout root user, and login as a normal user, then go to any project of this user. Add https://gitpod.io# in front of the project url.
  7. In the context URL, it should ask to authorize. click okay.
  8. Go to check https://gitpod.gitlab.instance/-/profile/applications for the normal, there should be a new authorized application.
  9. Go to check https://gitpod.gitlab.instance/rails/letter_opener/. Now there should be a new letter for this normal user. The letter is like below.

Screenshot_2023-09-05_at_11.42.31_pm

[1]. https://gitlab.com/gitlab-org/cli/-/blob/main/pkg/oauth2/oauth2.go#L23

[2]. https://gitpod.io/user/integrations

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by nobody

Merge request reports