Add handling for missing internal OAuth app

aaronskiba · aaronskiba · commit 543619010a83 · 2026-02-17T10:34:11.000-07:00
`InternalUserAccessTokenService`: add `application!` (lookup + raise) and `application_present?` (safe check with logging)

`_v2_api_token.html.erb`: gate token UI on `application_present?` and show a warning when missing.
diff --git a/app/services/api/v2/internal_user_access_token_service.rb b/app/services/api/v2/internal_user_access_token_service.rb
@@ -21,9 +21,7 @@ module V2
     # This service does NOT support third-party OAuth clients or delegated consent flows.
     class InternalUserAccessTokenService
       READ_SCOPE = 'read'
-      APPLICATION = Doorkeeper::Application.find_by(
-        name: Rails.application.config.x.application.internal_oauth_app_name
-      )
+      INTERNAL_OAUTH_APP_NAME = Rails.application.config.x.application.internal_oauth_app_name
 
       class << self
         def for_user(user)
@@ -46,8 +44,27 @@ def rotate!(user)
           )
         end
 
+        # Used by views (e.g. devise/registrations/_v2_api_token.html.erb) to safely
+        # gate token UI if the internal OAuth application is missing.
+        def application_present?
+          application!
+          true
+        rescue StandardError => e
+          Rails.logger.error(e.message)
+          false
+        end
+
         private
 
+        def application!
+          Doorkeeper::Application.find_by(name: INTERNAL_OAUTH_APP_NAME) ||
+            raise(
+              StandardError,
+              "Required Doorkeeper application '#{INTERNAL_OAUTH_APP_NAME}' not found. " \
+              'Please ensure the application exists in the database.'
+            )
+        end
+
         def revoke_existing!(user)
           Doorkeeper::AccessToken.revoke_all_for(application!.id, user)
         end
diff --git a/app/views/devise/registrations/_v2_api_token.html.erb b/app/views/devise/registrations/_v2_api_token.html.erb
@@ -1,26 +1,33 @@
 <%# locals: user %>
 
-<% token = Api::V2::InternalUserAccessTokenService.for_user(user) %>
 <div id="v2-api-token" class="card mb-4">
   <div class="card-heading">
     <%= _('V2 API') %>
   </div>
   <div class="card-body">
-    <div class="form-control mb-3 col-xs-8">
-      <%= label_tag(:api_token, _('Access token'), class: 'form-label') %>
-      <% if token.present? %>
-        <code><%= token.token %></code>
-      <% else %>
-        <%= _("Click the button below to generate an API token") %>
-      <% end %>
-    </div>
+    <% if Api::V2::InternalUserAccessTokenService.application_present? %>
+      <% token = Api::V2::InternalUserAccessTokenService.for_user(user) %>
+      <div class="form-control mb-3 col-xs-8">
+        <%= label_tag(:api_token, _('Access token'), class: 'form-label') %>
+        <% if token.present? %>
+          <code><%= token.token %></code>
+        <% else %>
+          <%= _("Click the button below to generate an API token") %>
+        <% end %>
+      </div>
 
-    <div class="form-control mb-3 col-xs-8">
-      <%= link_to _("Regenerate token"),
-                  api_v2_internal_user_access_token_path(format: :js),
-                  method: :post,
-                  class: 'btn btn-secondary',
-                  remote: true %>
-    </div>
+      <div class="form-control mb-3 col-xs-8">
+        <%= link_to _("Regenerate token"),
+                    api_v2_internal_user_access_token_path(format: :js),
+                    method: :post,
+                    class: 'btn btn-secondary',
+                    remote: true %>
+      </div>
+    <% else %>
+      <div class="alert alert-warning">
+        <%= _("V2 API token service is currently unavailable. Please contact us for help.") %>
+        <%= mail_to Rails.application.config.x.organisation.helpdesk_email %>
+      </div>
+    <% end %>
   </div>
 </div>
