summaryrefslogtreecommitdiff
path: root/spec/requests/api/oauth_tokens_spec.rb
diff options
context:
space:
mode:
authorPatricio Cano <suprnova32@gmail.com>2016-08-12 16:16:12 -0500
committerPatricio Cano <suprnova32@gmail.com>2016-08-18 16:47:26 -0500
commite2f9c87600e34a415d43c981e0182094b123771f (patch)
treefbda99f75e02c61e018e68ad3557e0c0d59f086f /spec/requests/api/oauth_tokens_spec.rb
parent717366d28da11acc6dbe60301bf7e2394400b3c1 (diff)
downloadgitlab-ce-e2f9c87600e34a415d43c981e0182094b123771f.tar.gz
Added checks for 2FA to the API `/sessions` endpoint and the Resource Owner Password Credentials flow.
Diffstat (limited to 'spec/requests/api/oauth_tokens_spec.rb')
-rw-r--r--spec/requests/api/oauth_tokens_spec.rb31
1 files changed, 31 insertions, 0 deletions
diff --git a/spec/requests/api/oauth_tokens_spec.rb b/spec/requests/api/oauth_tokens_spec.rb
new file mode 100644
index 00000000000..4730e9aa13c
--- /dev/null
+++ b/spec/requests/api/oauth_tokens_spec.rb
@@ -0,0 +1,31 @@
+require 'spec_helper'
+
+describe API::API, api: true do
+ include ApiHelpers
+
+ context 'Resource Owner Password Credentials' do
+ def request_oauth_token(user)
+ post '/oauth/token', username: user.username, password: user.password, grant_type: 'password'
+ end
+
+ context 'when user has 2FA enabled' do
+ it 'does not create an access token' do
+ user = create(:user, :two_factor)
+ request_oauth_token(user)
+
+ expect(response).to have_http_status(401)
+ expect(json_response['error']).to eq('invalid_grant')
+ end
+ end
+
+ context 'when user does not have 2FA enabled' do
+ it 'creates an access token' do
+ user = create(:user)
+ request_oauth_token(user)
+
+ expect(response).to have_http_status(200)
+ expect(json_response['access_token']).not_to be_nil
+ end
+ end
+ end
+end \ No newline at end of file
View Lorry Controller Status