gitlab oauth scope setting (#613)

codecov · Jun 12, 2024 · ff7cbca · ff7cbca
1 parent 7bed118
commit ff7cbca
Show file tree

Hide file tree

Showing 4 changed files with 9 additions and 3 deletions.
diff --git a/codecov/settings_base.py b/codecov/settings_base.py
@@ -451,7 +451,7 @@
 GITLAB_REDIRECT_URI = get_config(
     "gitlab", "redirect_uri", default="https://codecov.io/login/gitlab"
 )
-
+GITLAB_SCOPE = get_config("gitlab", "scope", default="api")
 GITLAB_BOT_KEY = get_config("gitlab", "bot", "key")
 GITLAB_TOKENLESS_BOT_KEY = get_config(
     "gitlab", "bots", "tokenless", "key", default=GITLAB_BOT_KEY

diff --git a/codecov_auth/tests/unit/views/test_gitlab.py b/codecov_auth/tests/unit/views/test_gitlab.py
@@ -33,7 +33,7 @@ def test_get_gitlab_redirect(client, settings, mock_redis, mocker):
     assert res.status_code == 302
     assert (
         res.url
-        == f"https://gitlab.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgitlab&state={state}"
+        == f"https://gitlab.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgitlab&state={state}&scope=api"
     )
 
 

diff --git a/codecov_auth/tests/unit/views/test_gitlab_enterprise.py b/codecov_auth/tests/unit/views/test_gitlab_enterprise.py
@@ -37,7 +37,7 @@ def test_get_gle_redirect(client, settings, mock_redis, mocker):
     assert res.status_code == 302
     assert (
         res.url
-        == f"https://my.gitlabenterprise.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgle&state={state}"
+        == f"https://my.gitlabenterprise.com/oauth/authorize?response_type=code&client_id=testfiuozujcfo5kxgigugr5x3xxx2ukgyandp16x6w566uits7f32crzl4yvmth&redirect_uri=http%3A%2F%2Flocalhost%2Flogin%2Fgle&state={state}&scope=api"
     )
     mock_get_config.assert_called_with("gitlab_enterprise", "url")
 

diff --git a/codecov_auth/views/gitlab.py b/codecov_auth/views/gitlab.py
@@ -12,6 +12,7 @@
 from shared.torngit.exceptions import TorngitError
 
 from codecov_auth.views.base import LoginMixin, StateMixin
+from utils.config import get_config
 
 log = logging.getLogger(__name__)
 
@@ -40,11 +41,16 @@ def get_url_to_redirect_to(self):
         redirect_info = self.redirect_info
         base_url = urljoin(redirect_info["repo_service"].service_url, "oauth/authorize")
         state = self.generate_state()
+
+        scope = settings.GITLAB_SCOPE
+        log.info(f"Gitlab oauth with scope: '{scope}'")
+
         query = dict(
             response_type="code",
             client_id=redirect_info["client_id"],
             redirect_uri=redirect_info["redirect_uri"],
             state=state,
+            scope=scope,
         )
         query_str = urlencode(query)
         return f"{base_url}?{query_str}"