diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-06 22:21:00 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-06 22:21:00 +0300 |
commit | fa70ce1068babe592d348497c772f1b5160cbb6e (patch) | |
tree | 88e00024a01cd6464afc88150a378f3e1de5bc7e /spec/controllers | |
parent | bd200951d7e928b84bd5b4ef1210a56d688a03c9 (diff) |
Add latest changes from gitlab-org/security/gitlab@13-7-stable-ee
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/oauth/authorizations_controller_spec.rb | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb index 23d472f6853..f811f13def8 100644 --- a/spec/controllers/oauth/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/authorizations_controller_spec.rb @@ -95,6 +95,20 @@ RSpec.describe Oauth::AuthorizationsController do subject { post :create, params: params } include_examples 'OAuth Authorizations require confirmed user' + + context 'when application is confidential' do + before do + application.update(confidential: true) + params[:response_type] = 'token' + end + + it 'does not allow the implicit flow' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/error') + end + end end describe 'DELETE #destroy' do |