diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-09-19 04:45:44 +0300 |
commit | 85dc423f7090da0a52c73eb66faf22ddb20efff9 (patch) | |
tree | 9160f299afd8c80c038f08e1545be119f5e3f1e1 /spec/requests/jira_authorizations_spec.rb | |
parent | 15c2c8c66dbe422588e5411eee7e68f1fa440bb8 (diff) |
Add latest changes from gitlab-org/gitlab@13-4-stable-ee
Diffstat (limited to 'spec/requests/jira_authorizations_spec.rb')
-rw-r--r-- | spec/requests/jira_authorizations_spec.rb | 76 |
1 files changed, 76 insertions, 0 deletions
diff --git a/spec/requests/jira_authorizations_spec.rb b/spec/requests/jira_authorizations_spec.rb new file mode 100644 index 00000000000..24c6001814c --- /dev/null +++ b/spec/requests/jira_authorizations_spec.rb @@ -0,0 +1,76 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe 'Jira authorization requests' do + let(:user) { create :user } + let(:application) { create :oauth_application, scopes: 'api' } + let(:redirect_uri) { oauth_jira_callback_url(host: "http://www.example.com") } + + def generate_access_grant + create :oauth_access_grant, application: application, resource_owner_id: user.id, redirect_uri: redirect_uri + end + + describe 'POST access_token' do + let(:client_id) { application.uid } + let(:client_secret) { application.secret } + + it 'returns values similar to a POST to /oauth/token' do + post_data = { + client_id: client_id, + client_secret: client_secret + } + + post '/oauth/token', params: post_data.merge({ + code: generate_access_grant.token, + grant_type: 'authorization_code', + redirect_uri: redirect_uri + }) + oauth_response = json_response + + post '/login/oauth/access_token', params: post_data.merge({ + code: generate_access_grant.token + }) + jira_response = response.body + + access_token, scope, token_type = oauth_response.values_at('access_token', 'scope', 'token_type') + expect(jira_response).to eq("access_token=#{access_token}&scope=#{scope}&token_type=#{token_type}") + end + + context 'when authorization fails' do + before do + post '/login/oauth/access_token', params: { + client_id: client_id, + client_secret: client_secret, + code: try(:code) || generate_access_grant.token + } + end + + shared_examples 'an unauthorized request' do + it 'returns 401' do + expect(response).to have_gitlab_http_status(:unauthorized) + end + end + + context 'when client_id is invalid' do + let(:client_id) { "invalid_id" } + + it_behaves_like 'an unauthorized request' + end + + context 'when client_secret is invalid' do + let(:client_secret) { "invalid_secret" } + + it_behaves_like 'an unauthorized request' + end + + context 'when code is invalid' do + let(:code) { "invalid_code" } + + it 'returns bad request' do + expect(response).to have_gitlab_http_status(:bad_request) + end + end + end + end +end |