use oauth integrations as part of gitlab app oauth integrations

api/server/handlers/oauth_callback/gitlab.go

@@ -12,6 +12,7 @@ import (
 	"github.com/porter-dev/porter/api/server/shared/apierrors"
 	"github.com/porter-dev/porter/api/server/shared/commonutils"
 	"github.com/porter-dev/porter/api/server/shared/config"
+	"github.com/porter-dev/porter/api/types"
 	"github.com/porter-dev/porter/internal/models/integrations"
 	"gorm.io/gorm"
 )
@@ -80,19 +81,36 @@ func (p *OAuthCallbackGitlabHandler) ServeHTTP(w http.ResponseWriter, r *http.Re
 		return
 	}
 
-	oauthInt := &integrations.GitlabAppOAuthIntegration{
+	oauthInt := &integrations.OAuthIntegration{
 		SharedOAuthModel: integrations.SharedOAuthModel{
 			AccessToken:  []byte(token.AccessToken),
 			RefreshToken: []byte(token.RefreshToken),
 			Expiry:       token.Expiry,
 		},
-		UserID:        userID,
-		ProjectID:     projID,
-		IntegrationID: integrationID,
+		Client:    types.OAuthGitlab,
+		UserID:    userID,
+		ProjectID: projID,
+	}
+
+	oauthInt, err = p.Repo().OAuthIntegration().CreateOAuthIntegration(oauthInt)
+
+	if err != nil {
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	if oauthInt.ID == 0 {
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(fmt.Errorf("error creating oauth integration for gitlab")))
+		return
+	}
+
+	giOAuthInt := &integrations.GitlabAppOAuthIntegration{
+		OAuthIntegrationID:  oauthInt.ID,
+		GitlabIntegrationID: integrationID,
 	}
 
 	// create the oauth integration first
-	_, err = p.Repo().GitlabAppOAuthIntegration().CreateGitlabAppOAuthIntegration(oauthInt)
+	_, err = p.Repo().GitlabAppOAuthIntegration().CreateGitlabAppOAuthIntegration(giOAuthInt)
 
 	if err != nil {
 		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))

api/server/handlers/project_integration/get_gitlab_repo_buildpack.go

@@ -100,9 +100,21 @@ func (p *GetGitlabRepoBuildpackHandler) ServeHTTP(w http.ResponseWriter, r *http
 		return
 	}
 
-	accessToken, _, err := oauth.GetAccessToken(giAppOAuth.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
+	oauthInt, err := p.Repo().OAuthIntegration().ReadOAuthIntegration(project.ID, giAppOAuth.OAuthIntegrationID)
+
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("unauthorized gitlab user"), http.StatusUnauthorized))
+			return
+		}
+
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	accessToken, _, err := oauth.GetAccessToken(oauthInt.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
 		p.Config(), gi,
-	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(giAppOAuth, p.Repo()))
+	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(project.ID, giAppOAuth, p.Repo()))
 
 	if err != nil {
 		p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("invalid gitlab access token"),

api/server/handlers/project_integration/get_gitlab_repo_contents.go

@@ -111,9 +111,21 @@ func (p *GetGitlabRepoContentsHandler) ServeHTTP(w http.ResponseWriter, r *http.
 		return
 	}
 
-	accessToken, _, err := oauth.GetAccessToken(giAppOAuth.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
+	oauthInt, err := p.Repo().OAuthIntegration().ReadOAuthIntegration(project.ID, giAppOAuth.OAuthIntegrationID)
+
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("unauthorized gitlab user"), http.StatusUnauthorized))
+			return
+		}
+
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	accessToken, _, err := oauth.GetAccessToken(oauthInt.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
 		p.Config(), gi,
-	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(giAppOAuth, p.Repo()))
+	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(project.ID, giAppOAuth, p.Repo()))
 
 	if err != nil {
 		p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("invalid gitlab access token"),

api/server/handlers/project_integration/get_gitlab_repo_procfile.go

@@ -108,9 +108,21 @@ func (p *GetGitlabRepoProcfileHandler) ServeHTTP(w http.ResponseWriter, r *http.
 		return
 	}
 
-	accessToken, _, err := oauth.GetAccessToken(giAppOAuth.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
+	oauthInt, err := p.Repo().OAuthIntegration().ReadOAuthIntegration(project.ID, giAppOAuth.OAuthIntegrationID)
+
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("unauthorized gitlab user"), http.StatusUnauthorized))
+			return
+		}
+
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	accessToken, _, err := oauth.GetAccessToken(oauthInt.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
 		p.Config(), gi,
-	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(giAppOAuth, p.Repo()))
+	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(project.ID, giAppOAuth, p.Repo()))
 
 	if err != nil {
 		p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("invalid gitlab access token"),

api/server/handlers/project_integration/list_gitlab_repo_branches.go

@@ -81,9 +81,21 @@ func (p *ListGitlabRepoBranchesHandler) ServeHTTP(w http.ResponseWriter, r *http
 		return
 	}
 
-	accessToken, _, err := oauth.GetAccessToken(giAppOAuth.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
+	oauthInt, err := p.Repo().OAuthIntegration().ReadOAuthIntegration(project.ID, giAppOAuth.OAuthIntegrationID)
+
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("unauthorized gitlab user"), http.StatusUnauthorized))
+			return
+		}
+
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	accessToken, _, err := oauth.GetAccessToken(oauthInt.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
 		p.Config(), gi,
-	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(giAppOAuth, p.Repo()))
+	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(project.ID, giAppOAuth, p.Repo()))
 
 	if err != nil {
 		p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("invalid gitlab access token"),

api/server/handlers/project_integration/list_gitlab_repos.go

@@ -67,9 +67,21 @@ func (p *ListGitlabReposHandler) ServeHTTP(w http.ResponseWriter, r *http.Reques
 		return
 	}
 
-	accessToken, _, err := oauth.GetAccessToken(giAppOAuth.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
+	oauthInt, err := p.Repo().OAuthIntegration().ReadOAuthIntegration(project.ID, giAppOAuth.OAuthIntegrationID)
+
+	if err != nil {
+		if errors.Is(err, gorm.ErrRecordNotFound) {
+			p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("unauthorized gitlab user"), http.StatusUnauthorized))
+			return
+		}
+
+		p.HandleAPIError(w, r, apierrors.NewErrInternal(err))
+		return
+	}
+
+	accessToken, _, err := oauth.GetAccessToken(oauthInt.SharedOAuthModel, commonutils.GetGitlabOAuthConf(
 		p.Config(), gi,
-	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(giAppOAuth, p.Repo()))
+	), oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(project.ID, giAppOAuth, p.Repo()))
 
 	if err != nil {
 		p.HandleAPIError(w, r, apierrors.NewErrPassThroughToClient(fmt.Errorf("invalid gitlab access token"),

ee/integrations/vault/vault.go

@@ -194,7 +194,9 @@ func (c *Client) WriteGitlabCredential(giIntegration *integrations.GitlabIntegra
 	return c.postRequest(fmt.Sprintf("/v1/%s", c.getGitlabCredentialPath(giIntegration)), reqData, nil)
 }
 
-func (c *Client) GetGitlabCredential(giIntegration *integrations.GitlabIntegration) (*credentials.GitlabCredential, error) {
+func (c *Client) GetGitlabCredential(
+	giIntegration *integrations.GitlabIntegration,
+) (*credentials.GitlabCredential, error) {
 	resp := &GetGitlabCredentialResponse{}
 
 	err := c.getRequest(fmt.Sprintf("/v1/%s", c.getGitlabCredentialPath(giIntegration)), resp)

ee/migrate/migrate_vault.go

@@ -1,3 +1,4 @@
+//go:build ee
 // +build ee
 
 package migrate
@@ -52,6 +53,14 @@ func MigrateVault(db *gorm.DB, dbConf *env.DBConf, shouldFinalize bool) error {
 		return err
 	}
 
+	err = migrateGitlabIntegrationModel(db, vaultClient, shouldFinalize)
+
+	if err != nil {
+		fmt.Printf("failed on gitlab migration: %v\n", err)
+
+		return err
+	}
+
 	return nil
 }
 
@@ -286,3 +295,79 @@ func migrateAWSIntegrationModel(db *gorm.DB, client *vault.Client, shouldFinaliz
 
 	return nil
 }
+
+func migrateGitlabIntegrationModel(db *gorm.DB, client *vault.Client, shouldFinalize bool) error {
+	// get count of model
+	var count int64
+
+	if err := db.Model(&ints.GitlabIntegration{}).Count(&count).Error; err != nil {
+		return err
+	}
+
+	// make a map of ids to errors -- we don't clear the integrations with errors
+	errors := make(map[uint]error)
+
+	// iterate (count / stepSize) + 1 times using Limit and Offset
+	for i := 0; i < (int(count)/stepSize)+1; i++ {
+		giInts := []*ints.GitlabIntegration{}
+
+		if err := db.Order("id asc").Offset(i * stepSize).Limit(stepSize).Find(&giInts).Error; err != nil {
+			return err
+		}
+
+		// decrypt with the old key
+		for _, gi := range giInts {
+			// Check if record already exists in vault client. If so, we don't write anything to vault,
+			// since we don't want to overwrite any data that's been written.
+			if resp, _ := client.GetGitlabCredential(gi); resp != nil {
+				continue
+			}
+
+			// write the data to the vault client
+			if err := client.WriteGitlabCredential(gi, &credentials.GitlabCredential{
+				AppClientID:     gi.AppClientID,
+				AppClientSecret: gi.AppClientSecret,
+			}); err != nil {
+				errors[gi.ID] = err
+				fmt.Printf("gitlab vault write error on ID %d: %v\n", gi.ID, err)
+			}
+		}
+	}
+
+	fmt.Printf("migrated %d gitlab integrations with %d errors\n", count, len(errors))
+
+	if shouldFinalize {
+		saveErrors := make(map[uint]error, 0)
+
+		// iterate a second time, clearing the data
+		// iterate (count / stepSize) + 1 times using Limit and Offset
+		for i := 0; i < (int(count)/stepSize)+1; i++ {
+			giInts := []*ints.GitlabIntegration{}
+
+			if err := db.Order("id asc").Offset(i * stepSize).Limit(stepSize).Find(&giInts).Error; err != nil {
+				return err
+			}
+
+			// decrypt with the old key
+			for _, gi := range giInts {
+				if _, found := errors[gi.ID]; !found {
+					// clear the data from the db, and save
+					gi.AppClientID = []byte{}
+					gi.AppClientSecret = []byte{}
+
+					if err := db.Save(gi).Error; err != nil {
+						saveErrors[gi.ID] = err
+					}
+				}
+			}
+		}
+
+		fmt.Printf("cleared %d gitlab integrations with %d errors\n", count, len(saveErrors))
+
+		for saveErrorID, saveError := range saveErrors {
+			fmt.Printf("gitlab save error on ID %d: %v\n", saveErrorID, saveError)
+		}
+	}
+
+	return nil
+}

internal/integrations/ci/gitlab/ci.go

@@ -318,14 +318,23 @@ func (g *GitlabCI) getClient() (*gitlab.Client, error) {
 		return nil, err
 	}
 
-	oauthInt, err := g.Repo.GitlabAppOAuthIntegration().ReadGitlabAppOAuthIntegration(g.UserID, g.ProjectID, g.IntegrationID)
+	giOAuthInt, err := g.Repo.GitlabAppOAuthIntegration().ReadGitlabAppOAuthIntegration(g.UserID, g.ProjectID, g.IntegrationID)
 
 	if err != nil {
 		return nil, err
 	}
 
-	accessToken, _, err := oauth.GetAccessToken(oauthInt.SharedOAuthModel, commonutils.GetGitlabOAuthConf(g.PorterConf, gi),
-		oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(oauthInt, g.Repo))
+	oauthInt, err := g.Repo.OAuthIntegration().ReadOAuthIntegration(g.ProjectID, giOAuthInt.GitlabIntegrationID)
+
+	if err != nil {
+		return nil, err
+	}
+
+	accessToken, _, err := oauth.GetAccessToken(
+		oauthInt.SharedOAuthModel,
+		commonutils.GetGitlabOAuthConf(g.PorterConf, gi),
+		oauth.MakeUpdateGitlabAppOAuthIntegrationFunction(g.ProjectID, giOAuthInt, g.Repo),
+	)
 
 	if err != nil {
 		return nil, err

internal/models/integrations/oauth.go

@@ -96,17 +96,12 @@ type GithubAppOAuthIntegration struct {
 }
 
 // GitlabAppOAuthIntegration is the model used for storing gitlab app oauth data
-// Unlike the above, this model is tied to a specific user, not a project
 type GitlabAppOAuthIntegration struct {
 	gorm.Model
-	SharedOAuthModel
 
-	// The id of the user that linked with this auth mechanism
-	UserID uint `json:"user_id"`
-
-	// The id of the project that linked with this auth mechanism
-	ProjectID uint `json:"project_id"`
+	// The ID of the oauth integration linked with this auth mechanism
+	OAuthIntegrationID uint `json:"oauth_integration_id"`
 
-	// The id of the gitlab integration linked with this auth mechanism
-	IntegrationID uint `json:"integration_id"`
+	// The ID of the gitlab integration linked with this auth mechanism
+	GitlabIntegrationID uint `json:"gitlab_integration_id"`
 }

internal/oauth/config.go

@@ -155,14 +155,22 @@ func MakeUpdateGithubAppOauthIntegrationFunction(
 // MakeUpdateGitlabAppOAuthIntegrationFunction creates a function to be passed to GetAccessToken that updates the GitlabAppOAuthIntegration
 // if it needs to be updated
 func MakeUpdateGitlabAppOAuthIntegrationFunction(
+	projectID uint,
 	o *integrations.GitlabAppOAuthIntegration,
-	repo repository.Repository) func(accessToken []byte, refreshToken []byte, expiry time.Time) error {
+	repo repository.Repository,
+) func(accessToken []byte, refreshToken []byte, expiry time.Time) error {
 	return func(accessToken []byte, refreshToken []byte, expiry time.Time) error {
+		o, err := repo.OAuthIntegration().ReadOAuthIntegration(projectID, o.OAuthIntegrationID)
+
+		if err != nil {
+			return err
+		}
+
 		o.AccessToken = accessToken
 		o.RefreshToken = refreshToken
 		o.Expiry = expiry
 
-		_, err := repo.GitlabAppOAuthIntegration().UpdateGitlabAppOAuthIntegration(o)
+		_, err = repo.OAuthIntegration().UpdateOAuthIntegration(o)
 
 		return err
 	}

internal/repository/credentials/credentials.go

@@ -60,18 +60,27 @@ type GitlabCredential struct {
 }
 
 type CredentialStorage interface {
+	// OAuth
 	WriteOAuthCredential(oauthIntegration *integrations.OAuthIntegration, data *OAuthCredential) error
 	GetOAuthCredential(oauthIntegration *integrations.OAuthIntegration) (*OAuthCredential, error)
 	CreateOAuthToken(oauthIntegration *integrations.OAuthIntegration) (string, error)
+
+	// GCP
 	WriteGCPCredential(gcpIntegration *integrations.GCPIntegration, data *GCPCredential) error
 	GetGCPCredential(gcpIntegration *integrations.GCPIntegration) (*GCPCredential, error)
 	CreateGCPToken(gcpIntegration *integrations.GCPIntegration) (string, error)
+
+	// AWS
 	WriteAWSCredential(awsIntegration *integrations.AWSIntegration, data *AWSCredential) error
 	GetAWSCredential(awsIntegration *integrations.AWSIntegration) (*AWSCredential, error)
 	CreateAWSToken(awsIntegration *integrations.AWSIntegration) (string, error)
+
+	// Azure
 	WriteAzureCredential(azIntegration *integrations.AzureIntegration, data *AzureCredential) error
 	GetAzureCredential(azIntegration *integrations.AzureIntegration) (*AzureCredential, error)
 	CreateAzureToken(azIntegration *integrations.AzureIntegration) (string, error)
+
+	// Gitlab
 	WriteGitlabCredential(giIntegration *integrations.GitlabIntegration, data *GitlabCredential) error
 	GetGitlabCredential(giIntegration *integrations.GitlabIntegration) (*GitlabCredential, error)
 	CreateGitlabToken(giIntegration *integrations.GitlabIntegration) (string, error)

internal/repository/gorm/auth.go

@@ -1751,27 +1751,10 @@ func NewGitlabAppOAuthIntegrationRepository(
 func (repo *GitlabAppOAuthIntegrationRepository) CreateGitlabAppOAuthIntegration(
 	gi *ints.GitlabAppOAuthIntegration,
 ) (*ints.GitlabAppOAuthIntegration, error) {
-	err := repo.EncryptGitlabAppOAuthIntegrationData(gi, repo.key)
-
-	if err != nil {
-		return nil, err
-	}
-
-	// if storage backend is not nil, strip out credential data, which will be stored in credential
-	// storage backend after write to DB
-	// var credentialData = &credentials.GitlabCredential{}
-
-	// if repo.storageBackend != nil {
-	// 	credentialData.AppClientID = gi.AppClientID
-	// 	credentialData.AppClientSecret = gi.AppClientSecret
-
-	// 	gi.AppClientID = []byte{}
-	// 	gi.AppClientSecret = []byte{}
-	// }
-
 	if err := repo.db.Create(gi).Error; err != nil {
 		return nil, err
 	}
+
 	return gi, nil
 }
 
@@ -1782,117 +1765,14 @@ func (repo *GitlabAppOAuthIntegrationRepository) ReadGitlabAppOAuthIntegration(
 
 	if err := repo.db.
 		Order("gitlab_app_o_auth_integrations.id desc").
-		Joins("INNER JOIN gitlab_integrations ON gitlab_integrations.id = gitlab_app_o_auth_integrations.integration_id").
-		Where("gitlab_app_o_auth_integrations.user_id = ? AND gitlab_app_o_auth_integrations.project_id = ? AND"+
+		Joins("INNER JOIN gitlab_integrations ON gitlab_integrations.id = gitlab_app_o_auth_integrations.gitlab_integration_id").
+		Joins("INNER JOIN o_auth_integrations ON o_auth_integrations.id = gitlab_app_o_auth_integrations.oauth_integration_id").
+		Where("o_auth_integrations.user_id = ? AND o_auth_integrations.project_id = ? AND"+
 			" gitlab_integrations.id = ? AND gitlab_integrations.deleted_at IS NULL AND"+
-			" gitlab_app_o_auth_integrations.deleted_at IS NULL",
+			" gitlab_app_o_auth_integrations.deleted_at IS NULL AND o_auth_integrations.deleted_at IS NULL",
 			userID, projectID, integrationID).First(&gi).Error; err != nil {
 		return nil, err
 	}
 
-	// if repo.storageBackend != nil {
-	// 	credentialData, err := repo.storageBackend.GetGitlabCredential(gi)
-
-	// 	if err != nil {
-	// 		return nil, err
-	// 	}
-
-	// 	gi.AppClientID = credentialData.AppClientID
-
-	// 	gi.AppClientSecret = credentialData.AppClientSecret
-	// }
-
-	err := repo.DecryptGitlabAppOAuthIntegrationData(gi, repo.key)
-
-	if err != nil {
-		return nil, err
-	}
-
 	return gi, nil
 }
-
-func (repo *GitlabAppOAuthIntegrationRepository) UpdateGitlabAppOAuthIntegration(
-	gi *ints.GitlabAppOAuthIntegration,
-) (*ints.GitlabAppOAuthIntegration, error) {
-	err := repo.EncryptGitlabAppOAuthIntegrationData(gi, repo.key)
-
-	if err != nil {
-		return nil, err
-	}
-
-	// if storage backend is not nil, strip out credential data, which will be stored in credential
-	// storage backend after write to DB
-	// var credentialData = &credentials.GitlabCredential{}
-
-	// if repo.storageBackend != nil {
-	// 	credentialData.AppClientID = gi.AppClientID
-	// 	credentialData.AppClientSecret = gi.AppClientSecret
-
-	// 	gi.AppClientID = []byte{}
-	// 	gi.AppClientSecret = []byte{}
-	// }
-
-	if err := repo.db.Save(gi).Error; err != nil {
-		return nil, err
-	}
-
-	return gi, nil
-}
-
-// EncryptGitlabAppOAuthIntegrationData will encrypt the gitlab app oauth integration data before
-// writing to the DB
-func (repo *GitlabAppOAuthIntegrationRepository) EncryptGitlabAppOAuthIntegrationData(
-	gi *ints.GitlabAppOAuthIntegration,
-	key *[32]byte,
-) error {
-	if len(gi.AccessToken) > 0 {
-		cipherData, err := encryption.Encrypt(gi.AccessToken, key)
-
-		if err != nil {
-			return err
-		}
-
-		gi.AccessToken = cipherData
-	}
-
-	if len(gi.RefreshToken) > 0 {
-		cipherData, err := encryption.Encrypt(gi.RefreshToken, key)
-
-		if err != nil {
-			return err
-		}
-
-		gi.RefreshToken = cipherData
-	}
-
-	return nil
-}
-
-// DecryptAppOAuthGitlabIntegrationData will decrypt the gitlab app oauth integration data before
-// returning it from the DB
-func (repo *GitlabAppOAuthIntegrationRepository) DecryptGitlabAppOAuthIntegrationData(
-	gi *ints.GitlabAppOAuthIntegration,
-	key *[32]byte,
-) error {
-	if len(gi.AccessToken) > 0 {
-		plaintext, err := encryption.Decrypt(gi.AccessToken, key)
-
-		if err != nil {
-			return err
-		}
-
-		gi.AccessToken = plaintext
-	}
-
-	if len(gi.RefreshToken) > 0 {
-		plaintext, err := encryption.Decrypt(gi.RefreshToken, key)
-
-		if err != nil {
-			return err
-		}
-
-		gi.RefreshToken = plaintext
-	}
-
-	return nil
-}

internal/repository/integrations.go

@@ -98,5 +98,4 @@ type GitlabIntegrationRepository interface {
 type GitlabAppOAuthIntegrationRepository interface {
 	CreateGitlabAppOAuthIntegration(gi *ints.GitlabAppOAuthIntegration) (*ints.GitlabAppOAuthIntegration, error)
 	ReadGitlabAppOAuthIntegration(userID, projectID, integrationID uint) (*ints.GitlabAppOAuthIntegration, error)
-	UpdateGitlabAppOAuthIntegration(gi *ints.GitlabAppOAuthIntegration) (*ints.GitlabAppOAuthIntegration, error)
 }

internal/repository/test/auth.go

@@ -688,18 +688,3 @@ func (repo *GitlabAppOAuthIntegrationRepository) ReadGitlabAppOAuthIntegration(
 ) (*ints.GitlabAppOAuthIntegration, error) {
 	panic("not implemented")
 }
-
-func (repo *GitlabAppOAuthIntegrationRepository) UpdateGitlabAppOAuthIntegration(gi *ints.GitlabAppOAuthIntegration) (*ints.GitlabAppOAuthIntegration, error) {
-	if !repo.canQuery {
-		return nil, errors.New("Cannot write database")
-	}
-
-	if int(gi.ID-1) >= len(repo.gitlabAppOAuthIntegrations) || repo.gitlabAppOAuthIntegrations[gi.ID-1] == nil {
-		return nil, gorm.ErrRecordNotFound
-	}
-
-	index := int(gi.ID - 1)
-	repo.gitlabAppOAuthIntegrations[index] = gi
-
-	return gi, nil
-}