Redmine

When the REST web service is disabled in Redmine settings, accessing the OAuth authorization endpoint causes an exception: ArgumentError (wrong number of arguments (given 1, expected 0))

Steps to reproduce:¶

• Go to Administration → Settings → API
• Uncheck Enable REST web service and save
• Access <redmine url>/oauth/authorize
• An exception is raised instead of returning a normal 403 response: ArgumentError (wrong number of arguments (given 1, expected 0))

Cause¶

The exception happens when render_403 calls render_error.
However, Doorkeeper::AuthorizationController also defines a method named render_error, and that method takes no arguments.
Due to method lookup / precedence, the Doorkeeper version of render_error is called instead of Redmine’s render_error, which leads to:

• Redmine calls: render_error <something>
• Doorkeeper receives 1 argument but expects 0 → ArgumentError

Notes¶

Normally, OAuth cannot be used when the REST web service is disabled, so this issue may not occur in typical usage.
I found this during testing and created this issue.