create_user_access_token permission denied for system admin

Description

Original report: https://github.com/mattermost/mattermost-server/issues/15188

Environment:
v5.25.0, system admin cannot create any tokens.

Steps to reproduce
https://mattermost.test.shopee.io/seatest/integrations/bots
Create a bot, but cannot create token for this bot and cannot create a user token either

Observed:
You have to login with a password or SAML to create access tokens. If you login with i.e. GitLab, Mattermost denies the token requests because it thinks you're an OAuth application: https://github.com/mattermost/mattermost-server/blob/7f64199a37b8ddbe722ba611cd6df4f1baba7fd3/api4/user.go#L2048-L2052. The IsOAuth field is set for sessions created through the OAuth2 Server API and for user sessions created through OpenID Connect login providers like GitLab. This looks like someone tried to prevent OAuth clients from creating access tokens but also made it impossible for admins who login through an OpenID Connect provider to do the same. Looks like this commit introduced the ambiguity. Before that change, IsOAuth was always set to false in DoLogin().

QA Test Steps

Login as a sysadmin using an OpenID Connect login provider such as Gitlab
Navigate to integrations / bot accounts and attempt to create a new token for a bot
Creating new token should succeed.

Activity

Show:
Rohitesh Gupta
August 12, 2020, 5:57 AM

Tested on the 5.25.3-rc1 test instance and the issue is fixed and is working fine. Will close the ticket once it is also tested on 5.26 test instance.

Rohitesh Gupta
August 12, 2020, 6:17 AM

Tested the issue on the latest 5.26 test instance and the issue is fixed now and is working fine. Closing the ticket.

Done

Mana

None

Assignee

Farhan Munshi

QA Assignee

Rohitesh Gupta

Reporter

Amy Blais

Epic Link

None

Fix versions

Mattermost Team

Enterprise

Sprint

None

Labels

QA Testing Areas

Permissions

GitHub Issue

None

Components

None

Severity

None
Configure