Welcome to mirror list, hosted at ThFree Co, Russian Federation.

jira_authorizations_spec.rb « requests « spec - gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/spec/requests/jira_authorizations_spec.rb
blob: f67288b286b7fdc0b83f318e43fa0e25ea5b2c81 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Jira authorization requests' do
  let(:user) { create :user }
  let(:application) { create :oauth_application, scopes: 'api' }
  let(:redirect_uri) { oauth_jira_dvcs_callback_url(host: "http://www.example.com") }

  def generate_access_grant
    create :oauth_access_grant, application: application, resource_owner_id: user.id, redirect_uri: redirect_uri
  end

  describe 'POST access_token' do
    let(:client_id) { application.uid }
    let(:client_secret) { application.secret }

    it 'returns values similar to a POST to /oauth/token' do
      post_data = {
        client_id: client_id,
        client_secret: client_secret
      }

      post '/oauth/token', params: post_data.merge({
        code: generate_access_grant.token,
        grant_type: 'authorization_code',
        redirect_uri: redirect_uri
      })
      oauth_response = json_response
      oauth_response_access_token, scope, token_type = oauth_response.values_at('access_token', 'scope', 'token_type')

      post '/login/oauth/access_token', params: post_data.merge({
        code: generate_access_grant.token
      })
      jira_response = response.body
      jira_response_access_token = Rack::Utils.parse_nested_query(jira_response)['access_token']

      expect(jira_response).to include("scope=#{scope}&token_type=#{token_type}")
      expect(oauth_response_access_token).not_to eql(jira_response_access_token)
    end

    context 'when authorization fails' do
      before do
        post '/login/oauth/access_token', params: {
          client_id: client_id,
          client_secret: client_secret,
          code: try(:code) || generate_access_grant.token
        }
      end

      shared_examples 'an unauthorized request' do
        it 'returns 401' do
          expect(response).to have_gitlab_http_status(:unauthorized)
        end
      end

      context 'when client_id is invalid' do
        let(:client_id) { "invalid_id" }

        it_behaves_like 'an unauthorized request'
      end

      context 'when client_secret is invalid' do
        let(:client_secret) { "invalid_secret" }

        it_behaves_like 'an unauthorized request'
      end

      context 'when code is invalid' do
        let(:code) { "invalid_code" }

        it 'returns bad request' do
          expect(response).to have_gitlab_http_status(:bad_request)
        end
      end
    end
  end
end
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-19 23:31:55 +0300