diff options
author | Pavel Shutsin <pshutsin@gitlab.com> | 2019-03-18 17:36:34 +0300 |
---|---|---|
committer | Pavel Shutsin <pshutsin@gitlab.com> | 2019-03-19 15:38:16 +0300 |
commit | 8ee1927db90d43205b4e6f8bd13f209c74b41bd1 (patch) | |
tree | 247e5f813947c1bdeb838e2776835208e6a7e2bc /spec/controllers | |
parent | a4b18040778d7272bd8fbbb3746e199699ffd893 (diff) | |
download | gitlab-ce-8ee1927db90d43205b4e6f8bd13f209c74b41bd1.tar.gz |
Move out link\unlink ability checks to a policy
We can extend the policy in EE for additional behavior
Diffstat (limited to 'spec/controllers')
-rw-r--r-- | spec/controllers/omniauth_callbacks_controller_spec.rb | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/spec/controllers/omniauth_callbacks_controller_spec.rb b/spec/controllers/omniauth_callbacks_controller_spec.rb index e0da23ca0b8..06c6f49f7cc 100644 --- a/spec/controllers/omniauth_callbacks_controller_spec.rb +++ b/spec/controllers/omniauth_callbacks_controller_spec.rb @@ -113,6 +113,33 @@ describe OmniauthCallbacksController, type: :controller do expect(request.env['warden']).to be_authenticated end + context 'when user has no linked provider' do + let(:user) { create(:user) } + + before do + sign_in user + end + + it 'links identity' do + expect do + post provider + user.reload + end.to change { user.identities.count }.by(1) + end + + context 'and is not allowed to link the provider' do + before do + allow_any_instance_of(IdentityProviderPolicy).to receive(:can?).with(:link).and_return(false) + end + + it 'returns 403' do + post provider + + expect(response).to have_gitlab_http_status(403) + end + end + end + shared_context 'sign_up' do let(:user) { double(email: 'new@example.com') } |