Notification email for newly authorized and created OAuth applications
What does this MR do and why?
To try to close #414375 & send email when a user create a new application.
This MR does two things:
- send an notification email when a user create a new application. This application can be with three level: User owned application, Group owned application, or Instance-wide application
- send an notification email to the user when they authorized an existing application. This is issue #414375
How to set up and validate locally
Review mail through mail preivew [1]
review notification email when a user create a new application
http://127.0.0.1:3000/rails/mailers/notify/application_created_email
review notification email when a user authorized an existing application
http://127.0.0.1:3000/rails/mailers/notify/application_authorized_email
[1]. https://docs.gitlab.com/ee/development/emails.html#mailer-previews
Test when a new application is created
create a User owned application
- create a new application.
- go to http://localhost:3000/rails/letter_opener/
- there should be a new email!
create a group owned application
- create a new group, and create a new group application at
http://127.0.0.1:3000/groups/<new group>/-/settings/applications
- go to http://localhost:3000/rails/letter_opener/
- there should be a new email
create an Instance-wide application
- go to admin page, and find admin application settings at here:
http://127.0.0.1:3000/admin/applications
. - create a new instance application
- go to http://localhost:3000/rails/letter_opener/
- there should be a new email.
Test when a user authorized an existing application
I am doing this in a complicated way.. not sure if there is some easier way to check this. The original issue description mentioned that we can use glab auth login
to test but I found that glab auth login
might only be used on gitlab.com as its client id is hardcoded [1]. There is no way for me to change the client id in the instance application.
An issue has been raised to address this, by the time when I was testing, the issue has not been resolved so I am using gitpod to test this instead.
The method below needs a gitpod account.
- start the instance on gitpod so that there will be an public host name of a test GitLab instance.
- create a new admin application when using root account.
- find an external service provide (I use gitpod.io). Then add the gitpod instance as the new git interations [2].
- finishing authentication, then go to
https://gitpod.gitlab.instance/rails/letter_opener
. There should be a letter saying an application is authorized by the root. - In the Git provider section at gitpod integration page, there would be a new provider, and the username is root. Delete that provider.
- in GitLab instance, logout root user, and login as a normal user, then go to any project of this user. Add
https://gitpod.io#
in front of the project url. - In the context URL, it should ask to authorize. click okay.
- Go to check
https://gitpod.gitlab.instance/-/profile/applications
for the normal, there should be a new authorized application. - Go to check
https://gitpod.gitlab.instance/rails/letter_opener/
. Now there should be a new letter for this normal user. The letter is like below.
[1]. https://gitlab.com/gitlab-org/cli/-/blob/main/pkg/oauth2/oauth2.go#L23
[2]. https://gitpod.io/user/integrations
MR acceptance checklist
This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.
-
I have evaluated the MR acceptance checklist for this MR.