Add latest changes from gitlab-org/gitlab@13-12-stable-eev13.12.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-19 18:44:42 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-05-19 18:44:42 +0300
commit: 4555e1b21c365ed8303ffb7a3325d773c9b8bf31 (patch)
tree: 5423a1c7516cffe36384133ade12572cf709398d /spec/controllers/oauth
parent: e570267f2f6b326480d284e0164a6464ba4081bc (diff)
2 files changed, 63 insertions, 18 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index 21124299b25..5fc5cdfc9b9 100644
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -73,39 +73,74 @@ RSpec.describe Oauth::AuthorizationsController do
     include_examples 'OAuth Authorizations require confirmed user'
     include_examples "Implicit grant can't be used in confidential application"
 
-    context 'when the user is confirmed' do
-      let(:confirmed_at) { 1.hour.ago }
+    context 'rendering of views based on the ownership of the application' do
+      shared_examples 'render views' do
+        render_views
 
-      context 'without valid params' do
-        it 'returns 200 code and renders error view' do
-          get :new
+        it 'returns 200 and renders view with correct info', :aggregate_failures do
+          subject
 
           expect(response).to have_gitlab_http_status(:ok)
-          expect(response).to render_template('doorkeeper/authorizations/error')
+          expect(response.body).to include(application.owner.name)
+          expect(response).to render_template('doorkeeper/authorizations/new')
         end
       end
 
-      context 'with valid params' do
-        render_views
+      subject { get :new, params: params }
 
-        it 'returns 200 code and renders view' do
-          subject
+      context 'when auth app owner is a user' do
+        context 'with valid params' do
+          it_behaves_like 'render views'
+        end
+      end
 
-          expect(response).to have_gitlab_http_status(:ok)
-          expect(response).to render_template('doorkeeper/authorizations/new')
+      context 'when auth app owner is a group' do
+        let(:group) { create(:group) }
+
+        context 'when auth app owner is a root group' do
+          let(:application) { create(:oauth_application, owner_id: group.id, owner_type: 'Namespace') }
+
+          it_behaves_like 'render views'
+        end
+
+        context 'when auth app owner is a subgroup' do
+          let(:subgroup) { create(:group, parent: group) }
+          let(:application) { create(:oauth_application, owner_id: subgroup.id, owner_type: 'Namespace') }
+
+          it_behaves_like 'render views'
         end
+      end
 
-        it 'deletes session.user_return_to and redirects when skip authorization' do
-          application.update!(trusted: true)
-          request.session['user_return_to'] = 'http://example.com'
+      context 'when there is no owner associated' do
+        let(:application) { create(:oauth_application, owner_id: nil, owner_type: nil) }
 
+        it 'renders view' do
           subject
 
-          expect(request.session['user_return_to']).to be_nil
-          expect(response).to have_gitlab_http_status(:found)
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to render_template('doorkeeper/authorizations/new')
         end
       end
     end
+
+    context 'without valid params' do
+      it 'returns 200 code and renders error view' do
+        get :new
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template('doorkeeper/authorizations/error')
+      end
+    end
+
+    it 'deletes session.user_return_to and redirects when skip authorization' do
+      application.update!(trusted: true)
+      request.session['user_return_to'] = 'http://example.com'
+
+      subject
+
+      expect(request.session['user_return_to']).to be_nil
+      expect(response).to have_gitlab_http_status(:found)
+    end
   end
 
   describe 'POST #create' do
diff --git a/spec/controllers/oauth/jira/authorizations_controller_spec.rb b/spec/controllers/oauth/jira/authorizations_controller_spec.rb
index 0b4a691d7ec..f4a335b30f4 100644
--- a/spec/controllers/oauth/jira/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/jira/authorizations_controller_spec.rb
@@ -5,10 +5,20 @@ require 'spec_helper'
 RSpec.describe Oauth::Jira::AuthorizationsController do
   describe 'GET new' do
     it 'redirects to OAuth authorization with correct params' do
-      get :new, params: { client_id: 'client-123', redirect_uri: 'http://example.com/' }
+      get :new, params: { client_id: 'client-123', scope: 'foo', redirect_uri: 'http://example.com/' }
 
       expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
                                                               response_type: 'code',
+                                                              scope: 'foo',
+                                                              redirect_uri: oauth_jira_callback_url))
+    end
+
+    it 'replaces the GitHub "repo" scope with "api"' do
+      get :new, params: { client_id: 'client-123', scope: 'repo', redirect_uri: 'http://example.com/' }
+
+      expect(response).to redirect_to(oauth_authorization_url(client_id: 'client-123',
+                                                              response_type: 'code',
+                                                              scope: 'api',
                                                               redirect_uri: oauth_jira_callback_url))
     end
   end
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-19 18:44:42 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-05-19 18:44:42 +0300
commit	4555e1b21c365ed8303ffb7a3325d773c9b8bf31 (patch)
tree	5423a1c7516cffe36384133ade12572cf709398d /spec/controllers/oauth
parent	e570267f2f6b326480d284e0164a6464ba4081bc (diff)