diff options
author | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 19:27:12 +0300 |
---|---|---|
committer | Yorick Peterse <yorickpeterse@gmail.com> | 2019-01-24 19:27:29 +0300 |
commit | 52a4c0cb3f3fca755b0d46b794558073629f3bf0 (patch) | |
tree | 2547e84910812d650a6d19bc94768d0a5edc547f /spec | |
parent | df28ee36a60d759ff632bc6aa44cdc133ee8d370 (diff) |
Merge branch 'sh-fix-issue-56663-11-7' into 'security-11-7'
[11.7] Alias GitHub and BitBucket OAuth2 callback URLs
See merge request gitlab/gitlabhq!2845
(cherry picked from commit 7d3c6d8ba58e0e9875fdd2dfbe7690ddc50fad81)
9ec0072d Alias GitHub and BitBucket OAuth2 callback URLs
Diffstat (limited to 'spec')
-rw-r--r-- | spec/controllers/import/bitbucket_controller_spec.rb | 11 | ||||
-rw-r--r-- | spec/controllers/import/github_controller_spec.rb | 8 |
2 files changed, 16 insertions, 3 deletions
diff --git a/spec/controllers/import/bitbucket_controller_spec.rb b/spec/controllers/import/bitbucket_controller_spec.rb index 51793f2c048..0bc09c86939 100644 --- a/spec/controllers/import/bitbucket_controller_spec.rb +++ b/spec/controllers/import/bitbucket_controller_spec.rb @@ -8,6 +8,7 @@ describe Import::BitbucketController do let(:secret) { "sekrettt" } let(:refresh_token) { SecureRandom.hex(15) } let(:access_params) { { token: token, expires_at: nil, expires_in: nil, refresh_token: nil } } + let(:code) { SecureRandom.hex(8) } def assign_session_tokens session[:bitbucket_token] = token @@ -32,10 +33,16 @@ describe Import::BitbucketController do expires_in: expires_in, refresh_token: refresh_token) allow_any_instance_of(OAuth2::Client) - .to receive(:get_token).and_return(access_token) + .to receive(:get_token) + .with(hash_including( + 'grant_type' => 'authorization_code', + 'code' => code, + redirect_uri: users_import_bitbucket_callback_url), + {}) + .and_return(access_token) stub_omniauth_provider('bitbucket') - get :callback + get :callback, params: { code: code } expect(session[:bitbucket_token]).to eq(token) expect(session[:bitbucket_refresh_token]).to eq(refresh_token) diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb index 780e49f7b93..bca5f3f6589 100644 --- a/spec/controllers/import/github_controller_spec.rb +++ b/spec/controllers/import/github_controller_spec.rb @@ -12,9 +12,15 @@ describe Import::GithubController do it "redirects to GitHub for an access token if logged in with GitHub" do allow(controller).to receive(:logged_in_with_provider?).and_return(true) - expect(controller).to receive(:go_to_provider_for_permissions) + expect(controller).to receive(:go_to_provider_for_permissions).and_call_original + allow_any_instance_of(Gitlab::LegacyGithubImport::Client) + .to receive(:authorize_url) + .with(users_import_github_callback_url) + .and_call_original get :new + + expect(response).to have_http_status(302) end it "prompts for an access token if GitHub not configured" do |