diff options
Diffstat (limited to 'spec/requests/jira_connect/users_controller_spec.rb')
-rw-r--r-- | spec/requests/jira_connect/users_controller_spec.rb | 46 |
1 files changed, 0 insertions, 46 deletions
diff --git a/spec/requests/jira_connect/users_controller_spec.rb b/spec/requests/jira_connect/users_controller_spec.rb deleted file mode 100644 index c02bd324708..00000000000 --- a/spec/requests/jira_connect/users_controller_spec.rb +++ /dev/null @@ -1,46 +0,0 @@ -# frozen_string_literal: true - -require 'spec_helper' - -RSpec.describe JiraConnect::UsersController, feature_category: :integrations do - describe 'GET /-/jira_connect/users' do - let_it_be(:user) { create(:user) } - - before do - sign_in(user) - end - - context 'with a valid host' do - let(:return_to) { 'https://testcompany.atlassian.net/plugins/servlet/ac/gitlab-jira-connect-staging.gitlab.com/gitlab-configuration' } - - it 'includes a return url' do - get '/-/jira_connect/users', params: { return_to: return_to } - - expect(response).to have_gitlab_http_status(:ok) - expect(response.body).to include('Return to GitLab') - end - end - - context 'with an invalid host' do - let(:return_to) { 'https://evil.com' } - - it 'does not include a return url' do - get '/-/jira_connect/users', params: { return_to: return_to } - - expect(response).to have_gitlab_http_status(:ok) - expect(response.body).not_to include('Return to GitLab') - end - end - - context 'with a script injected' do - let(:return_to) { 'javascript://test.atlassian.net/%250dalert(document.domain)' } - - it 'does not include a return url' do - get '/-/jira_connect/users', params: { return_to: return_to } - - expect(response).to have_gitlab_http_status(:ok) - expect(response.body).not_to include('Return to GitLab') - end - end - end -end |