diff options
Diffstat (limited to 'spec/controllers/oauth/authorizations_controller_spec.rb')
| -rw-r--r-- | spec/controllers/oauth/authorizations_controller_spec.rb | 69 |
1 files changed, 52 insertions, 17 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb index 21124299b25..5fc5cdfc9b9 100644 --- a/spec/controllers/oauth/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/authorizations_controller_spec.rb @@ -73,39 +73,74 @@ RSpec.describe Oauth::AuthorizationsController do include_examples 'OAuth Authorizations require confirmed user' include_examples "Implicit grant can't be used in confidential application" - context 'when the user is confirmed' do - let(:confirmed_at) { 1.hour.ago } + context 'rendering of views based on the ownership of the application' do + shared_examples 'render views' do + render_views - context 'without valid params' do - it 'returns 200 code and renders error view' do - get :new + it 'returns 200 and renders view with correct info', :aggregate_failures do + subject expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template('doorkeeper/authorizations/error') + expect(response.body).to include(application.owner.name) + expect(response).to render_template('doorkeeper/authorizations/new') end end - context 'with valid params' do - render_views + subject { get :new, params: params } - it 'returns 200 code and renders view' do - subject + context 'when auth app owner is a user' do + context 'with valid params' do + it_behaves_like 'render views' + end + end - expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template('doorkeeper/authorizations/new') + context 'when auth app owner is a group' do + let(:group) { create(:group) } + + context 'when auth app owner is a root group' do + let(:application) { create(:oauth_application, owner_id: group.id, owner_type: 'Namespace') } + + it_behaves_like 'render views' + end + + context 'when auth app owner is a subgroup' do + let(:subgroup) { create(:group, parent: group) } + let(:application) { create(:oauth_application, owner_id: subgroup.id, owner_type: 'Namespace') } + + it_behaves_like 'render views' end + end - it 'deletes session.user_return_to and redirects when skip authorization' do - application.update!(trusted: true) - request.session['user_return_to'] = 'http://example.com' + context 'when there is no owner associated' do + let(:application) { create(:oauth_application, owner_id: nil, owner_type: nil) } + it 'renders view' do subject - expect(request.session['user_return_to']).to be_nil - expect(response).to have_gitlab_http_status(:found) + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/new') end end end + + context 'without valid params' do + it 'returns 200 code and renders error view' do + get :new + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/error') + end + end + + it 'deletes session.user_return_to and redirects when skip authorization' do + application.update!(trusted: true) + request.session['user_return_to'] = 'http://example.com' + + subject + + expect(request.session['user_return_to']).to be_nil + expect(response).to have_gitlab_http_status(:found) + end end describe 'POST #create' do |