diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 18:44:42 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-05-19 18:44:42 +0300 |
commit | 4555e1b21c365ed8303ffb7a3325d773c9b8bf31 (patch) | |
tree | 5423a1c7516cffe36384133ade12572cf709398d /spec/controllers/oauth | |
parent | e570267f2f6b326480d284e0164a6464ba4081bc (diff) |
Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42
Diffstat (limited to 'spec/controllers/oauth')
-rw-r--r-- | spec/controllers/oauth/authorizations_controller_spec.rb | 69 | ||||
-rw-r--r-- | spec/controllers/oauth/jira/authorizations_controller_spec.rb | 12 |
2 files changed, 63 insertions, 18 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb index 21124299b25..5fc5cdfc9b9 100644 --- a/spec/controllers/oauth/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/authorizations_controller_spec.rb @@ -73,39 +73,74 @@ RSpec.describe Oauth::AuthorizationsController do include_examples 'OAuth Authorizations require confirmed user' include_examples "Implicit grant can't be used in confidential application" - context 'when the user is confirmed' do - let(:confirmed_at) { 1.hour.ago } + context 'rendering of views based on the ownership of the application' do + shared_examples 'render views' do + render_views - context 'without valid params' do - it 'returns 200 code and renders error view' do - get :new + it 'returns 200 and renders view with correct info', :aggregate_failures do + subject expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template('doorkeeper/authorizations/error') + expect(response.body).to include(application.owner.name) + expect(response).to render_template('doorkeeper/authorizations/new') end end - context 'with valid params' do - render_views + subject { get :new, params: params } - it 'returns 200 code and renders view' do - subject + context 'when auth app owner is a user' do + context 'with valid params' do + it_behaves_like 'render views' + end + end - expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template('doorkeeper/authorizations/new') + context 'when auth app owner is a group' do + let(:group) { create(:group) } + + context 'when auth app owner is a root group' do + let(:application) { create(:oauth_application, owner_id: group.id, owner_type: 'Namespace') } + + it_behaves_like 'render views' + end + + context 'when auth app owner is a subgroup' do + let(:subgroup) { create(:group, parent: group) } + let(:application) { create(:oauth_application, owner_id: subgroup.id, owner_type: 'Namespace') } + + it_behaves_like 'render views' end + end - it 'deletes session.user_return_to and redirects when skip authorization' do - application.update!(trusted: true) - request.session['user_return_to'] = 'http://example.com' + context 'when there is no owner associated' do + let(:application) { create(:oauth_application, owner_id: nil, owner_type: nil) } + it 'renders view' do subject - expect(request.session['user_return_to']).to be_nil - expect(response).to have_gitlab_http_status(:found) + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/new') end end end + + context 'without valid params' do + it 'returns 200 code and renders error view' do + get :new + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/error') + end + end + + it 'deletes session.user_return_to and redirects when skip authorization' do + application.update!(trusted: true) + request.session['user_return_to'] = 'http://example.com' + + subject + + expect(request.session['user_return_to']).to be_nil + expect(response).to have_gitlab_http_status(:found) + end end describe 'POST #create' do diff --git a/spec/controllers/oauth/jira/authorizations_controller_spec.rb b/spec/controllers/oauth/jira/authorizations_controller_spec.rb index 0b4a691d7ec..f4a335b30f4 100644 --- a/spec/controllers/oauth/jira/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/jira/authorizations_controller_spec.rb @@ -5,10 +5,20 @@ require 'spec_helper' RSpec.describe Oauth::Jira::AuthorizationsController do describe 'GET new' do it 'redirects to OAuth authorization with correct params' do - get :new, params: { client_id: 'client-123', redirect_uri: 'http://example.com/' } + get :new, params: { client_id: 'client-123', scope: 'foo', redirect_uri: 'http://example.com/' } expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123', response_type: 'code', + scope: 'foo', + redirect_uri: oauth_jira_callback_url)) + end + + it 'replaces the GitHub "repo" scope with "api"' do + get :new, params: { client_id: 'client-123', scope: 'repo', redirect_uri: 'http://example.com/' } + + expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123', + response_type: 'code', + scope: 'api', redirect_uri: oauth_jira_callback_url)) end end |