diff options
author | Francisco Javier López <fjlopez@gitlab.com> | 2018-06-29 08:15:42 +0000 |
---|---|---|
committer | Sean McGivern <sean@mcgivern.me.uk> | 2018-06-29 08:15:42 +0000 |
commit | 7a0bb214f33bf25af7e5a53981f93b95ac6a4235 (patch) | |
tree | fe7ee43a6995285a1d4ce633d923fdfaaf5aac98 /spec/controllers | |
parent | 4c09fb329b97879771dbf82b32300f59f098a7b0 (diff) | |
download | gitlab-ce-7a0bb214f33bf25af7e5a53981f93b95ac6a4235.tar.gz |
Fix OAuth application authorization screen to appear with every access
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/oauth/authorizations_controller_spec.rb | 34 |
1 files changed, 23 insertions, 11 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb index 149b690ff70..8c10ea53a7a 100644 --- a/spec/controllers/oauth/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/authorizations_controller_spec.rb @@ -2,19 +2,12 @@ require 'spec_helper' describe Oauth::AuthorizationsController do let(:user) { create(:user) } - - let(:doorkeeper) do - Doorkeeper::Application.create( - name: "MyApp", - redirect_uri: 'http://example.com', - scopes: "") - end - + let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') } let(:params) do { response_type: "code", - client_id: doorkeeper.uid, - redirect_uri: doorkeeper.redirect_uri, + client_id: application.uid, + redirect_uri: application.redirect_uri, state: 'state' } end @@ -44,7 +37,7 @@ describe Oauth::AuthorizationsController do end it 'deletes session.user_return_to and redirects when skip authorization' do - doorkeeper.update(trusted: true) + application.update(trusted: true) request.session['user_return_to'] = 'http://example.com' get :new, params @@ -52,6 +45,25 @@ describe Oauth::AuthorizationsController do expect(request.session['user_return_to']).to be_nil expect(response).to have_gitlab_http_status(302) end + + context 'when there is already an access token for the application' do + context 'when the request scope matches any of the created token scopes' do + before do + scopes = Doorkeeper::OAuth::Scopes.from_string('api') + + allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes) + + create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes + end + + it 'authorizes the request and redirects' do + get :new, params + + expect(request.session['user_return_to']).to be_nil + expect(response).to have_gitlab_http_status(302) + end + end + end end end end |