Merge branch 'mmj-actioncable-500-fix' into 'master'

Fix 500 errors during ActionCable connect See merge request https://gitlab.com/gitlab-org/gitlab/-/merge_requests/152363 Merged-by: Imre Farkas <ifarkas@gitlab.com> Approved-by: Heinrich Lee Yu <heinrich@gitlab.com> Approved-by: Imre Farkas <ifarkas@gitlab.com> Co-authored-by: Manoj M J <mmj@gitlab.com>

Merge branch 'mmj-actioncable-500-fix' into 'master'
76c25914 · Imre (Admin) · Stan Hu · b4c0b22c · 76c25914 · 76c25914
Unverified Commit 76c25914 authored 9 months ago by Imre (Admin) Committed by Stan Hu 8 months ago
--- a/app/channels/application_cable/connection.rb
+++ b/app/channels/application_cable/connection.rb
@@ -11,6 +11,8 @@ class Connection < ActionCable::Connection::Base
  
    def connect
      self.current_user = find_user_from_bearer_token || find_user_from_session_store
+    rescue Gitlab::Auth::UnauthorizedError
+      reject_unauthorized_connection
    end
  
    private

--- a/spec/channels/application_cable/connection_spec.rb
+++ b/spec/channels/application_cable/connection_spec.rb
@@ -44,12 +44,52 @@
  end
  
  context 'when bearer header is provided' do
-    let(:user_pat) { create(:personal_access_token) }
+    context 'when it is a personal_access_token' do
+      let(:user_pat) { create(:personal_access_token) }
  
-    it 'finds user by PAT' do
-      connect(ActionCable.server.config.mount_path, headers: { Authorization: "Bearer #{user_pat.token}" })
+      it 'finds user by PAT' do
+        connect(ActionCable.server.config.mount_path, headers: { Authorization: "Bearer #{user_pat.token}" })
  
-      expect(connection.current_user).to eq(user_pat.user)
+        expect(connection.current_user).to eq(user_pat.user)
+      end
+    end
+
+    context 'when it is an OAuth access token' do
+      context 'when it is a valid OAuth access token' do
+        let(:user) { create(:user) }
+
+        let(:application) do
+          Doorkeeper::Application.create!(name: "MyApp", redirect_uri: "https://app.com", owner: user)
+        end
+
+        let(:oauth_token) do
+          create(:oauth_access_token,
+            application_id: application.id,
+            resource_owner_id: user.id,
+            scopes: "api"
+          )
+        end
+
+        it 'finds user by OAuth access token' do
+          connect(ActionCable.server.config.mount_path, headers: {
+            'Authorization' => "Bearer #{oauth_token.plaintext_token}"
+          })
+
+          expect(connection.current_user).to eq(oauth_token.user)
+        end
+      end
+
+      context 'when it is an invalid OAuth access token' do
+        it 'sets the current_user as `nil`, and rejects the connection' do
+          expect do
+            connect(ActionCable.server.config.mount_path, headers: {
+              'Authorization' => "Bearer invalid_token"
+            })
+          end.to have_rejected_connection
+
+          expect(connection.current_user).to be_nil
+        end
+      end
    end
  end