Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee

1 files changed, 14 insertions, 2 deletions

diff --git a/spec/controllers/admin/applications_controller_spec.rb b/spec/controllers/admin/applications_controller_spec.rb
index 732d20666cb..6c423097e70 100644
--- a/spec/controllers/admin/applications_controller_spec.rb
+++ b/spec/controllers/admin/applications_controller_spec.rb
@@ -40,7 +40,7 @@ RSpec.describe Admin::ApplicationsController do
 
   describe 'POST #create' do
     it 'creates the application' do
-      create_params = attributes_for(:application, trusted: true, confidential: false)
+      create_params = attributes_for(:application, trusted: true, confidential: false, scopes: ['api'])
 
       expect do
         post :create, params: { doorkeeper_application: create_params }
@@ -63,7 +63,7 @@ RSpec.describe Admin::ApplicationsController do
 
     context 'when the params are for a confidential application' do
       it 'creates a confidential application' do
-        create_params = attributes_for(:application, confidential: true)
+        create_params = attributes_for(:application, confidential: true, scopes: ['read_user'])
 
         expect do
           post :create, params: { doorkeeper_application: create_params }
@@ -75,6 +75,18 @@ RSpec.describe Admin::ApplicationsController do
         expect(application).to have_attributes(create_params.except(:uid, :owner_type))
       end
     end
+
+    context 'when scopes are not present' do
+      it 'renders the application form on errors' do
+        create_params = attributes_for(:application, trusted: true, confidential: false)
+
+        expect do
+          post :create, params: { doorkeeper_application: create_params }
+        end.not_to change { Doorkeeper::Application.count }
+
+        expect(response).to render_template :new
+      end
+    end
   end
 
   describe 'PATCH #update' do