Add latest changes from gitlab-org/security/gitlab@13-0-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 14:34:31 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2020-05-26 14:34:31 +0000
commit: c85ab58601ab9ac12cd72fa8a96b298875b37039 (patch)
tree: 165c7a04f5e77f9aa422667f37e901c960019f65 /spec/controllers
parent: 5bc4a1efecfffbd467d7e2e2f42f3f1bf6e6f030 (diff)
download: gitlab-ce-c85ab58601ab9ac12cd72fa8a96b298875b37039.tar.gz
1 files changed, 46 insertions, 32 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index 1b4bebd9707..f975502ca4e 100644
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -3,7 +3,6 @@
 require 'spec_helper'
 
 describe Oauth::AuthorizationsController do
-  let(:user) { create(:user) }
   let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') }
   let(:params) do
     {
@@ -19,53 +18,68 @@ describe Oauth::AuthorizationsController do
   end
 
   describe 'GET #new' do
-    context 'without valid params' do
-      it 'returns 200 code and renders error view' do
-        get :new
+    context 'when the user is confirmed' do
+      let(:user) { create(:user) }
 
-        expect(response).to have_gitlab_http_status(:ok)
-        expect(response).to render_template('doorkeeper/authorizations/error')
+      context 'without valid params' do
+        it 'returns 200 code and renders error view' do
+          get :new
+
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to render_template('doorkeeper/authorizations/error')
+        end
       end
-    end
 
-    context 'with valid params' do
-      render_views
+      context 'with valid params' do
+        render_views
 
-      it 'returns 200 code and renders view' do
-        get :new, params: params
+        it 'returns 200 code and renders view' do
+          get :new, params: params
 
-        expect(response).to have_gitlab_http_status(:ok)
-        expect(response).to render_template('doorkeeper/authorizations/new')
-      end
+          expect(response).to have_gitlab_http_status(:ok)
+          expect(response).to render_template('doorkeeper/authorizations/new')
+        end
 
-      it 'deletes session.user_return_to and redirects when skip authorization' do
-        application.update(trusted: true)
-        request.session['user_return_to'] = 'http://example.com'
+        it 'deletes session.user_return_to and redirects when skip authorization' do
+          application.update(trusted: true)
+          request.session['user_return_to'] = 'http://example.com'
 
-        get :new, params: params
+          get :new, params: params
 
-        expect(request.session['user_return_to']).to be_nil
-        expect(response).to have_gitlab_http_status(:found)
-      end
+          expect(request.session['user_return_to']).to be_nil
+          expect(response).to have_gitlab_http_status(:found)
+        end
 
-      context 'when there is already an access token for the application' do
-        context 'when the request scope matches any of the created token scopes' do
-          before do
-            scopes = Doorkeeper::OAuth::Scopes.from_string('api')
+        context 'when there is already an access token for the application' do
+          context 'when the request scope matches any of the created token scopes' do
+            before do
+              scopes = Doorkeeper::OAuth::Scopes.from_string('api')
 
-            allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)
+              allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)
 
-            create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes
-          end
+              create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes
+            end
 
-          it 'authorizes the request and redirects' do
-            get :new, params: params
+            it 'authorizes the request and redirects' do
+              get :new, params: params
 
-            expect(request.session['user_return_to']).to be_nil
-            expect(response).to have_gitlab_http_status(:found)
+              expect(request.session['user_return_to']).to be_nil
+              expect(response).to have_gitlab_http_status(:found)
+            end
           end
         end
       end
     end
+
+    context 'when the user is unconfirmed' do
+      let(:user) { create(:user, confirmed_at: nil) }
+
+      it 'returns 200 and renders error view' do
+        get :new, params: params
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template('doorkeeper/authorizations/error')
+      end
+    end
   end
 end
author	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 14:34:31 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2020-05-26 14:34:31 +0000
commit	c85ab58601ab9ac12cd72fa8a96b298875b37039 (patch)
tree	165c7a04f5e77f9aa422667f37e901c960019f65 /spec/controllers
parent	5bc4a1efecfffbd467d7e2e2f42f3f1bf6e6f030 (diff)
download	gitlab-ce-c85ab58601ab9ac12cd72fa8a96b298875b37039.tar.gz