Merge branch 'master' into developer_can_push_to_protected_branches_option

Conflicts:
	db/schema.rb

2 files changed, 32 insertions, 0 deletions

diff --git a/spec/requests/api/api_helpers_spec.rb b/spec/requests/api/api_helpers_spec.rb
index e2f222c0d34..cc071342d7c 100644
--- a/spec/requests/api/api_helpers_spec.rb
+++ b/spec/requests/api/api_helpers_spec.rb
@@ -41,6 +41,7 @@ describe API, api: true do
   describe ".current_user" do
     it "should return nil for an invalid token" do
       env[API::APIHelpers::PRIVATE_TOKEN_HEADER] = 'invalid token'
+      self.class.any_instance.stub(:doorkeeper_guard){ false }
       current_user.should be_nil
     end
 
diff --git a/spec/requests/api/doorkeeper_access_spec.rb b/spec/requests/api/doorkeeper_access_spec.rb
new file mode 100644
index 00000000000..ddef99d77af
--- /dev/null
+++ b/spec/requests/api/doorkeeper_access_spec.rb
@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe API::API, api: true  do
+  include ApiHelpers
+
+  let!(:user) { create(:user) }
+  let!(:application) { Doorkeeper::Application.create!(:name => "MyApp", :redirect_uri => "https://app.com", :owner => user) }
+  let!(:token) { Doorkeeper::AccessToken.create! :application_id => application.id, :resource_owner_id => user.id }
+
+  
+  describe "when unauthenticated" do
+    it "returns authentication success" do
+      get api("/user"), :access_token => token.token
+      response.status.should == 200
+    end
+  end
+
+  describe "when token invalid" do
+    it "returns authentication error" do
+      get api("/user"), :access_token => "123a"
+      response.status.should == 401
+    end
+  end
+
+  describe "authorization by private token" do
+    it "returns authentication success" do
+      get api("/user", user)
+      response.status.should == 200
+    end
+  end
+end