diff options
Diffstat (limited to 'spec/requests/api/applications_spec.rb')
-rw-r--r-- | spec/requests/api/applications_spec.rb | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/spec/requests/api/applications_spec.rb b/spec/requests/api/applications_spec.rb index b81cdcfea8e..16e24807e67 100644 --- a/spec/requests/api/applications_spec.rb +++ b/spec/requests/api/applications_spec.rb @@ -2,7 +2,7 @@ require 'spec_helper' -RSpec.describe API::Applications, :api, feature_category: :authentication_and_authorization do +RSpec.describe API::Applications, :aggregate_failures, :api, feature_category: :system_access do let_it_be(:admin) { create(:admin) } let_it_be(:user) { create(:user) } let_it_be(:scopes) { 'api' } @@ -10,7 +10,9 @@ RSpec.describe API::Applications, :api, feature_category: :authentication_and_au let!(:application) { create(:application, name: 'another_application', owner: nil, redirect_uri: 'http://other_application.url', scopes: scopes) } describe 'POST /applications' do - it_behaves_like 'POST request permissions for admin mode', { name: 'application_name', redirect_uri: 'http://application.url', scopes: 'api' } + it_behaves_like 'POST request permissions for admin mode' do + let(:params) { { name: 'application_name', redirect_uri: 'http://application.url', scopes: 'api' } } + end context 'authenticated and authorized user' do it 'creates and returns an OAuth application' do @@ -22,7 +24,7 @@ RSpec.describe API::Applications, :api, feature_category: :authentication_and_au expect(json_response).to be_a Hash expect(json_response['application_id']).to eq application.uid - expect(json_response['secret']).to eq application.secret + expect(application.secret_matches?(json_response['secret'])).to eq(true) expect(json_response['callback_url']).to eq application.redirect_uri expect(json_response['confidential']).to eq application.confidential expect(application.scopes.to_s).to eq('api') @@ -133,7 +135,7 @@ RSpec.describe API::Applications, :api, feature_category: :authentication_and_au context 'authorized user without authorization' do it 'does not create application' do expect do - post api('/applications', user), params: { name: 'application_name', redirect_uri: 'http://application.url', scopes: scopes } + post api(path, user), params: { name: 'application_name', redirect_uri: 'http://application.url', scopes: scopes } end.not_to change { Doorkeeper::Application.count } end end |