diff options
| author | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-13 10:44:41 +0000 |
|---|---|---|
| committer | GitLab Bot <gitlab-bot@gitlab.com> | 2021-01-13 10:44:41 +0000 |
| commit | e861919633e0aac16509c0415f71eda69902bff9 (patch) | |
| tree | 3e65f7fbe7e738bf0dba2a66c0bf82b962daba34 /spec | |
| parent | 1ef3b81f122ba52e955bee694c38d6fb4dae3068 (diff) | |
| download | gitlab-ce-e861919633e0aac16509c0415f71eda69902bff9.tar.gz | |
Add latest changes from gitlab-org/security/gitlab@13-7-stable-ee
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/controllers/oauth/authorizations_controller_spec.rb | 33 |
1 files changed, 19 insertions, 14 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb index f811f13def8..2df94a06b3e 100644 --- a/spec/controllers/oauth/authorizations_controller_spec.rb +++ b/spec/controllers/oauth/authorizations_controller_spec.rb @@ -51,10 +51,27 @@ RSpec.describe Oauth::AuthorizationsController do end end + shared_examples "Implicit grant can't be used in confidential application" do + context 'when application is confidential' do + before do + application.update(confidential: true) + params[:response_type] = 'token' + end + + it 'does not allow the implicit flow' do + subject + + expect(response).to have_gitlab_http_status(:ok) + expect(response).to render_template('doorkeeper/authorizations/error') + end + end + end + describe 'GET #new' do subject { get :new, params: params } include_examples 'OAuth Authorizations require confirmed user' + include_examples "Implicit grant can't be used in confidential application" context 'when the user is confirmed' do let(:confirmed_at) { 1.hour.ago } @@ -95,26 +112,14 @@ RSpec.describe Oauth::AuthorizationsController do subject { post :create, params: params } include_examples 'OAuth Authorizations require confirmed user' - - context 'when application is confidential' do - before do - application.update(confidential: true) - params[:response_type] = 'token' - end - - it 'does not allow the implicit flow' do - subject - - expect(response).to have_gitlab_http_status(:ok) - expect(response).to render_template('doorkeeper/authorizations/error') - end - end + include_examples "Implicit grant can't be used in confidential application" end describe 'DELETE #destroy' do subject { delete :destroy, params: params } include_examples 'OAuth Authorizations require confirmed user' + include_examples "Implicit grant can't be used in confidential application" end it 'includes Two-factor enforcement concern' do |