Fix 500 error on service account PAT endpoint for admin service accounts

Rinku Crequested to merge
gitlab-community/gitlab-org/gitlab:rc-fix-596745 into master

What does this MR do and why?

Fixing the bug where GET /groups/:id/service_accounts/:user_id/personal_access_tokens endpoint returns an HTTP 500 with ArgumentError: wrong number of arguments (given 1, expected 0) when the service account user has admin privileges.

It was caused by clash between same user method between PersonalAccessTokensHelpers and GroupServiceAccounts

So this MR fixes it by renaming user method in PersonalAccessTokensHelpers to find_user_by_id

References

#596745 (closed)

Screenshots or screen recordings

Before After
N/A N/A

How to set up and validate locally

  1. Open a gitlab rails console and create the test data:
# Create a group owner
owner_result = ::Users::CreateService.new(
  User.find(1),
  {
    name: 'Test Owner',
    username: 'sa-bug-test-owner',
    email: 'sa-bug-test-owner@example.com',
    password: SecureRandom.hex(16) + 'A1!',
    skip_confirmation: true,
    organization_id: Organizations::Organization.default_organization.id
  }
).execute
owner = owner_result.payload[:user]

# Create group
result = Groups::CreateService.new(
  owner,
  { name: 'sa-bug-test', path: 'sa-bug-test', organization_id: Organizations::Organization.default_organization.id }
).execute
group = result.payload[:group]

# Create service account (requires instance admin)
sa_result = ::Namespaces::ServiceAccounts::GroupCreateService.new(
  User.find(1),
  { namespace_id: group.id, organization_id: group.organization_id }
).execute
sa = sa_result.payload[:user]

# Make the service account an admin (this is the trigger condition)
sa.admin = true
sa.save!

# Create a PAT for the service account
token = PersonalAccessToken.create!(
  user: sa,
  name: 'test-token',
  scopes: ['api'],
  expires_at: 1.day.from_now
)

# Create an owner PAT
owner_pat = PersonalAccessToken.create!(
  user: owner,
  name: 'owner-test-token',
  scopes: ['api'],
  expires_at: 1.day.from_now
)

puts "Group ID: #{group.id}"
puts "Service Account ID: #{sa.id}"
puts "Owner PAT: #{owner_pat.token}"
  1. Call the endpoint as the group owner:
curl --header "PRIVATE-TOKEN: <owner_pat_token>" \
  "http://<gitlab-host>/api/v4/groups/<group_id>/service_accounts/<sa_id>/personal_access_tokens"
  1. Observe the 200 response now. Previously it was throwing 500 error.

MR acceptance checklist

Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Rinku C

Merge request reports