From 9da717ff256530a1c83e0bf8aa375554d2ccc853 Mon Sep 17 00:00:00 2001
From: Marius Balteanu <marius.balteanu@zitec.com>
Date: Fri, 20 Mar 2026 07:00:27 +0000
Subject: [PATCH] Merge r24514 from trunk to 6.1-stable (#43698).

git-svn-id: https://svn.redmine.org/redmine/branches/6.1-stable@24520 e93f8b46-1217-0410-a6f0-8f06a7374b81
---
 config/initializers/30-redmine.rb  | 9 +++++++++
 test/system/oauth_provider_test.rb | 9 +++++++++
 2 files changed, 18 insertions(+)

diff --git a/config/initializers/30-redmine.rb b/config/initializers/30-redmine.rb
index 16bcebec4..64ff177b1 100644
--- a/config/initializers/30-redmine.rb
+++ b/config/initializers/30-redmine.rb
@@ -113,6 +113,15 @@ Rails.application.config.to_prepare do
 
   Doorkeeper::AuthorizationsController.class_eval do
     require_sudo_mode :create, :destroy
+
+    alias_method :doorkeeper_render_error, :render_error
+    def render_error(arg = nil)
+      if arg
+        super
+      else
+        doorkeeper_render_error
+      end
+    end
   end
 end
 
diff --git a/test/system/oauth_provider_test.rb b/test/system/oauth_provider_test.rb
index df3f8fa7e..f9439affa 100644
--- a/test/system/oauth_provider_test.rb
+++ b/test/system/oauth_provider_test.rb
@@ -108,6 +108,15 @@ class OauthProviderSystemTest < ApplicationSystemTestCase
         RestClient.get "http://localhost:#{test_port}/projects/onlinestore/time_entries.json", headers
       end
     end
+
+    def test_oauth_authorize_with_rest_api_disabled_should_render_403
+      with_settings rest_api_enabled: 0 do
+        log_user 'admin', 'admin'
+        visit '/oauth/authorize'
+
+        assert_text "You are not authorized to access this page."
+      end
+    end
   end
 
   private