summaryrefslogtreecommitdiff
path: root/spec/controllers
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-08-05 18:10:10 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-08-05 18:10:10 +0000
commitea4766228b5536c83f1917d6058be913472ffa2d (patch)
tree5ebf5ea0f996be6c6908e6b631b72c33bc13e997 /spec/controllers
parent4b64dc27ae5bac20dec888431c236fef2bfdc449 (diff)
downloadgitlab-ce-ea4766228b5536c83f1917d6058be913472ffa2d.tar.gz
Add latest changes from gitlab-org/gitlab@13-2-stable-ee
Diffstat (limited to 'spec/controllers')
-rw-r--r--spec/controllers/oauth/applications_controller_spec.rb27
-rw-r--r--spec/controllers/oauth/authorizations_controller_spec.rb84
-rw-r--r--spec/controllers/oauth/authorized_applications_controller_spec.rb20
-rw-r--r--spec/controllers/oauth/token_info_controller_spec.rb4
-rw-r--r--spec/controllers/oauth/tokens_controller_spec.rb9
5 files changed, 114 insertions, 30 deletions
diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb
index 38f46ee7b15..0a7975b8c1b 100644
--- a/spec/controllers/oauth/applications_controller_spec.rb
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -19,12 +19,29 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to redirect_to(new_user_session_path) }
end
+ shared_examples 'redirects to 2fa setup page when the user requires it' do
+ context 'when 2fa is set up on application level' do
+ before do
+ stub_application_setting(require_two_factor_authentication: true)
+ end
+
+ it { is_expected.to redirect_to(profile_two_factor_auth_path) }
+ end
+
+ context 'when 2fa is set up on group level' do
+ let(:user) { create(:user, require_two_factor_authentication_from_group: true) }
+
+ it { is_expected.to redirect_to(profile_two_factor_auth_path) }
+ end
+ end
+
describe 'GET #new' do
subject { get :new }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'DELETE #destroy' do
@@ -33,6 +50,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to redirect_to(oauth_applications_url) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'GET #edit' do
@@ -41,6 +59,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'PUT #update' do
@@ -49,6 +68,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to redirect_to(oauth_application_url(application)) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'GET #show' do
@@ -57,6 +77,7 @@ RSpec.describe Oauth::ApplicationsController do
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'GET #index' do
@@ -73,6 +94,7 @@ RSpec.describe Oauth::ApplicationsController do
end
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
describe 'POST #create' do
@@ -112,6 +134,7 @@ RSpec.describe Oauth::ApplicationsController do
end
it_behaves_like 'redirects to login page when the user is not signed in'
+ it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
end
@@ -119,6 +142,10 @@ RSpec.describe Oauth::ApplicationsController do
it 'current_user_mode available' do
expect(subject.current_user_mode).not_to be_nil
end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
end
describe 'locale' do
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index 89b74675d28..23d472f6853 100644
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -3,6 +3,8 @@
require 'spec_helper'
RSpec.describe Oauth::AuthorizationsController do
+ let(:user) { create(:user, confirmed_at: confirmed_at) }
+ let(:confirmed_at) { 1.hour.ago }
let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') }
let(:params) do
{
@@ -17,9 +19,45 @@ RSpec.describe Oauth::AuthorizationsController do
sign_in(user)
end
+ shared_examples 'OAuth Authorizations require confirmed user' do
+ context 'when the user is confirmed' do
+ context 'when there is already an access token for the application with a matching scope' do
+ before do
+ scopes = Doorkeeper::OAuth::Scopes.from_string('api')
+
+ allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)
+
+ create(:oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes)
+ end
+
+ it 'authorizes the request and redirects' do
+ subject
+
+ expect(request.session['user_return_to']).to be_nil
+ expect(response).to have_gitlab_http_status(:found)
+ end
+ end
+ end
+
+ context 'when the user is unconfirmed' do
+ let(:confirmed_at) { nil }
+
+ it 'returns 200 and renders error view' do
+ subject
+
+ expect(response).to have_gitlab_http_status(:ok)
+ expect(response).to render_template('doorkeeper/authorizations/error')
+ end
+ end
+ end
+
describe 'GET #new' do
+ subject { get :new, params: params }
+
+ include_examples 'OAuth Authorizations require confirmed user'
+
context 'when the user is confirmed' do
- let(:user) { create(:user) }
+ let(:confirmed_at) { 1.hour.ago }
context 'without valid params' do
it 'returns 200 code and renders error view' do
@@ -34,7 +72,7 @@ RSpec.describe Oauth::AuthorizationsController do
render_views
it 'returns 200 code and renders view' do
- get :new, params: params
+ subject
expect(response).to have_gitlab_http_status(:ok)
expect(response).to render_template('doorkeeper/authorizations/new')
@@ -44,42 +82,28 @@ RSpec.describe Oauth::AuthorizationsController do
application.update(trusted: true)
request.session['user_return_to'] = 'http://example.com'
- get :new, params: params
+ subject
expect(request.session['user_return_to']).to be_nil
expect(response).to have_gitlab_http_status(:found)
end
-
- context 'when there is already an access token for the application' do
- context 'when the request scope matches any of the created token scopes' do
- before do
- scopes = Doorkeeper::OAuth::Scopes.from_string('api')
-
- allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)
-
- create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes
- end
-
- it 'authorizes the request and redirects' do
- get :new, params: params
-
- expect(request.session['user_return_to']).to be_nil
- expect(response).to have_gitlab_http_status(:found)
- end
- end
- end
end
end
+ end
- context 'when the user is unconfirmed' do
- let(:user) { create(:user, confirmed_at: nil) }
+ describe 'POST #create' do
+ subject { post :create, params: params }
- it 'returns 200 and renders error view' do
- get :new, params: params
+ include_examples 'OAuth Authorizations require confirmed user'
+ end
- expect(response).to have_gitlab_http_status(:ok)
- expect(response).to render_template('doorkeeper/authorizations/error')
- end
- end
+ describe 'DELETE #destroy' do
+ subject { delete :destroy, params: params }
+
+ include_examples 'OAuth Authorizations require confirmed user'
+ end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
end
end
diff --git a/spec/controllers/oauth/authorized_applications_controller_spec.rb b/spec/controllers/oauth/authorized_applications_controller_spec.rb
index 15b2969a859..cb047e55752 100644
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@@ -18,4 +18,24 @@ RSpec.describe Oauth::AuthorizedApplicationsController do
expect(response).to have_gitlab_http_status(:not_found)
end
end
+
+ describe 'DELETE #destroy' do
+ let(:application) { create(:oauth_application) }
+ let!(:grant) { create(:oauth_access_grant, resource_owner_id: user.id, application: application) }
+ let!(:access_token) { create(:oauth_access_token, resource_owner: user, application: application) }
+
+ it 'revokes both access grants and tokens' do
+ expect(grant).not_to be_revoked
+ expect(access_token).not_to be_revoked
+
+ delete :destroy, params: { id: application.id }
+
+ expect(grant.reload).to be_revoked
+ expect(access_token.reload).to be_revoked
+ end
+ end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
end
diff --git a/spec/controllers/oauth/token_info_controller_spec.rb b/spec/controllers/oauth/token_info_controller_spec.rb
index 4658c2702ca..91a986db251 100644
--- a/spec/controllers/oauth/token_info_controller_spec.rb
+++ b/spec/controllers/oauth/token_info_controller_spec.rb
@@ -68,4 +68,8 @@ RSpec.describe Oauth::TokenInfoController do
end
end
end
+
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
end
diff --git a/spec/controllers/oauth/tokens_controller_spec.rb b/spec/controllers/oauth/tokens_controller_spec.rb
new file mode 100644
index 00000000000..389153d138e
--- /dev/null
+++ b/spec/controllers/oauth/tokens_controller_spec.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Oauth::TokensController do
+ it 'includes Two-factor enforcement concern' do
+ expect(described_class.included_modules.include?(EnforcesTwoFactorAuthentication)).to eq(true)
+ end
+end