summaryrefslogtreecommitdiff
path: root/spec/controllers
diff options
context:
space:
mode:
authorGitLab Bot <gitlab-bot@gitlab.com>2020-09-01 22:43:06 +0000
committerGitLab Bot <gitlab-bot@gitlab.com>2020-09-01 22:43:06 +0000
commitd40003afdea391c2d1396f3ab6c78705fa6d2a79 (patch)
tree9db27e723a5ce38b50106da5ef878453cbf4f990 /spec/controllers
parenta986819a7bce2002018dfafed3900dc3f2e8fb81 (diff)
downloadgitlab-ce-d40003afdea391c2d1396f3ab6c78705fa6d2a79.tar.gz
Add latest changes from gitlab-org/security/gitlab@13-3-stable-ee
Diffstat (limited to 'spec/controllers')
-rw-r--r--spec/controllers/admin/applications_controller_spec.rb16
-rw-r--r--spec/controllers/oauth/applications_controller_spec.rb23
2 files changed, 35 insertions, 4 deletions
diff --git a/spec/controllers/admin/applications_controller_spec.rb b/spec/controllers/admin/applications_controller_spec.rb
index 732d20666cb..6c423097e70 100644
--- a/spec/controllers/admin/applications_controller_spec.rb
+++ b/spec/controllers/admin/applications_controller_spec.rb
@@ -40,7 +40,7 @@ RSpec.describe Admin::ApplicationsController do
describe 'POST #create' do
it 'creates the application' do
- create_params = attributes_for(:application, trusted: true, confidential: false)
+ create_params = attributes_for(:application, trusted: true, confidential: false, scopes: ['api'])
expect do
post :create, params: { doorkeeper_application: create_params }
@@ -63,7 +63,7 @@ RSpec.describe Admin::ApplicationsController do
context 'when the params are for a confidential application' do
it 'creates a confidential application' do
- create_params = attributes_for(:application, confidential: true)
+ create_params = attributes_for(:application, confidential: true, scopes: ['read_user'])
expect do
post :create, params: { doorkeeper_application: create_params }
@@ -75,6 +75,18 @@ RSpec.describe Admin::ApplicationsController do
expect(application).to have_attributes(create_params.except(:uid, :owner_type))
end
end
+
+ context 'when scopes are not present' do
+ it 'renders the application form on errors' do
+ create_params = attributes_for(:application, trusted: true, confidential: false)
+
+ expect do
+ post :create, params: { doorkeeper_application: create_params }
+ end.not_to change { Doorkeeper::Application.count }
+
+ expect(response).to render_template :new
+ end
+ end
end
describe 'PATCH #update' do
diff --git a/spec/controllers/oauth/applications_controller_spec.rb b/spec/controllers/oauth/applications_controller_spec.rb
index 0a7975b8c1b..f21ef324884 100644
--- a/spec/controllers/oauth/applications_controller_spec.rb
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -123,7 +123,8 @@ RSpec.describe Oauth::ApplicationsController do
invalid_uri_params = {
doorkeeper_application: {
name: 'foo',
- redirect_uri: 'javascript://alert()'
+ redirect_uri: 'javascript://alert()',
+ scopes: ['api']
}
}
@@ -133,6 +134,23 @@ RSpec.describe Oauth::ApplicationsController do
end
end
+ context 'when scopes are not present' do
+ render_views
+
+ it 'shows an error for blank scopes' do
+ invalid_uri_params = {
+ doorkeeper_application: {
+ name: 'foo',
+ redirect_uri: 'http://example.org'
+ }
+ }
+
+ post :create, params: invalid_uri_params
+
+ expect(response.body).to include 'Scopes can&#39;t be blank'
+ end
+ end
+
it_behaves_like 'redirects to login page when the user is not signed in'
it_behaves_like 'redirects to 2fa setup page when the user requires it'
end
@@ -172,7 +190,8 @@ RSpec.describe Oauth::ApplicationsController do
{
doorkeeper_application: {
name: 'foo',
- redirect_uri: 'http://example.org'
+ redirect_uri: 'http://example.org',
+ scopes: ['api']
}
}
end