Allow blocked user to use OAuth

Zhiyuan Lu请求合并
feat-soft-block main-jh

What does this MR do and why?

Close https://jihulab.com/gitlab-cn/gitlab/-/issues/4566

允许 Blocked 状态下的用户正常使用 OAuth2,以支持官网建设新的账号体系。具体开放了以下权限:

  1. 允许登录
  2. 允许使用 OAuth2 功能
  3. 允许调用用户信息 API /api/v4/user

此改动仅在以下条件下生效:

  • Jihulab.com
  • 极狐GitLab 自建的 OAuth App(重定向地址域名匹配 *.gitlab.cn

References

Please include cross links to any resources that are relevant to this MR This will give reviewers and future readers helpful context to give an efficient review of the changes introduced.

MR acceptance checklist

Please evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.

Screenshots or screen recordings

Screenshots are required for UI changes, and strongly recommended for all other merge requests.

Before After

How to set up and validate locally

  1. GITLAB_SIMULATE_SAAS=1 gdk restart

  2. 在 Admin Application 页面创建 OAuth2 App(勾选 read_user,回调地址的域名必须为 gitlab.cn

  3. 在 Admin 页面对用户 A 进行 Block

  4. 使用用户 A 的身份通过 OAuth2 获取用户信息,期待取到用户信息。大致步骤如下:
    4.1 GET http://127.0.0.1:3000/oauth/authorize?client_id={CLIENT_ID}&redirect_uri=https://gitlab.cn/&response_type=code&scope=read_user
    4.2 POST http://127.0.0.1:3000/oauth/token with code
    4.3 POST http://127.0.0.1:3000/api/v4/user with token

OAuth2 各个步骤详细请求参数如下:Gitlab_OAuth.postman_collection.json

Zhiyuan Lu 编辑于

合并请求报告