Merge branch 'sh-fix-issue-56663-11-6' into 'security-11-6'

[11.6] Alias GitHub and BitBucket OAuth2 callback URLs See merge request gitlab/gitlabhq!2846 (cherry picked from commit f8a23d89e6f94a74b2779b3b215c475a39ba8de3) f652a9e0 Alias GitHub and BitBucket OAuth2 callback URLs
author: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-24 19:27:17 +0300
committer: Yorick Peterse <yorickpeterse@gmail.com> 2019-01-24 19:27:41 +0300
commit: cdc01f897c45ad6b7638c1b37a9b5c5e583e27bd (patch)
tree: 36b8cbe960afbe396cd55e732d562cc52490e4d7 /spec
parent: 9149beee1b363fbceec7c48a51a4e85ba19d06a5 (diff)
2 files changed, 16 insertions, 3 deletions
diff --git a/spec/controllers/import/bitbucket_controller_spec.rb b/spec/controllers/import/bitbucket_controller_spec.rb
index be49b92d23f..6081c5458b5 100644
--- a/spec/controllers/import/bitbucket_controller_spec.rb
+++ b/spec/controllers/import/bitbucket_controller_spec.rb
@@ -8,6 +8,7 @@ describe Import::BitbucketController do
   let(:secret) { "sekrettt" }
   let(:refresh_token) { SecureRandom.hex(15) }
   let(:access_params) { { token: token, expires_at: nil, expires_in: nil, refresh_token: nil } }
+  let(:code) { SecureRandom.hex(8) }
 
   def assign_session_tokens
     session[:bitbucket_token] = token
@@ -32,10 +33,16 @@ describe Import::BitbucketController do
                             expires_in: expires_in,
                             refresh_token: refresh_token)
       allow_any_instance_of(OAuth2::Client)
-        .to receive(:get_token).and_return(access_token)
+        .to receive(:get_token)
+        .with(hash_including(
+                'grant_type' => 'authorization_code',
+                'code' => code,
+                redirect_uri: users_import_bitbucket_callback_url),
+              {})
+        .and_return(access_token)
       stub_omniauth_provider('bitbucket')
 
-      get :callback
+      get :callback, code: code
 
       expect(session[:bitbucket_token]).to eq(token)
       expect(session[:bitbucket_refresh_token]).to eq(refresh_token)
diff --git a/spec/controllers/import/github_controller_spec.rb b/spec/controllers/import/github_controller_spec.rb
index 9bbd97ec305..e6070fc429d 100644
--- a/spec/controllers/import/github_controller_spec.rb
+++ b/spec/controllers/import/github_controller_spec.rb
@@ -12,9 +12,15 @@ describe Import::GithubController do
 
     it "redirects to GitHub for an access token if logged in with GitHub" do
       allow(controller).to receive(:logged_in_with_provider?).and_return(true)
-      expect(controller).to receive(:go_to_provider_for_permissions)
+      expect(controller).to receive(:go_to_provider_for_permissions).and_call_original
+      allow_any_instance_of(Gitlab::LegacyGithubImport::Client)
+        .to receive(:authorize_url)
+        .with(users_import_github_callback_url)
+        .and_call_original
 
       get :new
+
+      expect(response).to have_http_status(302)
     end
   end
author	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-24 19:27:17 +0300
committer	Yorick Peterse <yorickpeterse@gmail.com>	2019-01-24 19:27:41 +0300
commit	cdc01f897c45ad6b7638c1b37a9b5c5e583e27bd (patch)
tree	36b8cbe960afbe396cd55e732d562cc52490e4d7 /spec
parent	9149beee1b363fbceec7c48a51a4e85ba19d06a5 (diff)