Always allow user to revoke an authorized application

Even if User OAuth applications setting is disabled in admin settings.

Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>

1 files changed, 31 insertions, 1 deletions

diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb
index 1195f44f37d..9545815cb04 100644
--- a/spec/controllers/oauth/applications_controller_spec.rb
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -16,13 +16,43 @@ describe Oauth::ApplicationsController do
       end
 
       it 'redirects back to profile page if OAuth applications are disabled' do
-        allow(Gitlab::CurrentSettings.current_application_settings).to receive(:user_oauth_applications?).and_return(false)
+        disable_user_oauth
 
         get :index
 
+        expect(response).to have_gitlab_http_status(200)
+      end
+    end
+
+    describe 'POST #create' do
+      it 'creates an application' do
+        post :create, oauth_params
+
+        expect(response).to have_gitlab_http_status(302)
+        expect(response).to redirect_to(oauth_application_path(Doorkeeper::Application.last))
+      end
+
+      it 'redirects back to profile page if OAuth applications are disabled' do
+        disable_user_oauth
+
+        post :create, oauth_params
+
         expect(response).to have_gitlab_http_status(302)
         expect(response).to redirect_to(profile_path)
       end
     end
   end
+
+  def disable_user_oauth
+    allow(Gitlab::CurrentSettings.current_application_settings).to receive(:user_oauth_applications?).and_return(false)
+  end
+
+  def oauth_params
+    {
+      doorkeeper_application: {
+        name: 'foo',
+        redirect_uri: 'http://example.org'
+      }
+    }
+  end
 end