diff options
Diffstat (limited to 'spec/requests/api/oauth_tokens_spec.rb')
-rw-r--r-- | spec/requests/api/oauth_tokens_spec.rb | 61 |
1 files changed, 50 insertions, 11 deletions
diff --git a/spec/requests/api/oauth_tokens_spec.rb b/spec/requests/api/oauth_tokens_spec.rb index 80eae97f41a..5e775841f12 100644 --- a/spec/requests/api/oauth_tokens_spec.rb +++ b/spec/requests/api/oauth_tokens_spec.rb @@ -3,16 +3,22 @@ require 'spec_helper' describe 'OAuth tokens' do + include HttpBasicAuthHelpers + context 'Resource Owner Password Credentials' do - def request_oauth_token(user) - post '/oauth/token', params: { username: user.username, password: user.password, grant_type: 'password' } + def request_oauth_token(user, headers = {}) + post '/oauth/token', + params: { username: user.username, password: user.password, grant_type: 'password' }, + headers: headers end + let_it_be(:client) { create(:oauth_application) } + context 'when user has 2FA enabled' do it 'does not create an access token' do user = create(:user, :two_factor) - request_oauth_token(user) + request_oauth_token(user, client_basic_auth_header(client)) expect(response).to have_gitlab_http_status(:unauthorized) expect(json_response['error']).to eq('invalid_grant') @@ -20,13 +26,46 @@ describe 'OAuth tokens' do end context 'when user does not have 2FA enabled' do - it 'creates an access token' do - user = create(:user) + # NOTE: using ROPS grant flow without client credentials will be deprecated + # and removed in the next version of Doorkeeper. + # See https://gitlab.com/gitlab-org/gitlab/-/issues/219137 + context 'when no client credentials provided' do + it 'creates an access token' do + user = create(:user) + + request_oauth_token(user) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['access_token']).not_to be_nil + end + end + + context 'when client credentials provided' do + context 'with valid credentials' do + it 'creates an access token' do + user = create(:user) + + request_oauth_token(user, client_basic_auth_header(client)) + + expect(response).to have_gitlab_http_status(:ok) + expect(json_response['access_token']).not_to be_nil + end + end + + context 'with invalid credentials' do + it 'does not create an access token' do + # NOTE: remove this after update to Doorkeeper 5.5 or newer, see + # https://gitlab.com/gitlab-org/gitlab/-/issues/219137 + pending 'Enable this example after upgrading Doorkeeper to 5.5 or newer' + + user = create(:user) - request_oauth_token(user) + request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret')) - expect(response).to have_gitlab_http_status(:ok) - expect(json_response['access_token']).not_to be_nil + expect(response).to have_gitlab_http_status(:unauthorized) + expect(json_response['error']).to eq('invalid_client') + end + end end end @@ -40,7 +79,7 @@ describe 'OAuth tokens' do before do user.block - request_oauth_token(user) + request_oauth_token(user, client_basic_auth_header(client)) end include_examples 'does not create an access token' @@ -50,7 +89,7 @@ describe 'OAuth tokens' do before do user.ldap_block - request_oauth_token(user) + request_oauth_token(user, client_basic_auth_header(client)) end include_examples 'does not create an access token' @@ -60,7 +99,7 @@ describe 'OAuth tokens' do before do user.update!(confirmed_at: nil) - request_oauth_token(user) + request_oauth_token(user, client_basic_auth_header(client)) end include_examples 'does not create an access token' |