Add latest changes from gitlab-org/security/gitlab@13-7-stable-ee

author: GitLab Bot <gitlab-bot@gitlab.com> 2021-01-06 19:21:00 +0000
committer: GitLab Bot <gitlab-bot@gitlab.com> 2021-01-06 19:21:00 +0000
commit: fa70ce1068babe592d348497c772f1b5160cbb6e (patch)
tree: 88e00024a01cd6464afc88150a378f3e1de5bc7e /spec
parent: bd200951d7e928b84bd5b4ef1210a56d688a03c9 (diff)
download: gitlab-ce-fa70ce1068babe592d348497c772f1b5160cbb6e.tar.gz
1 files changed, 14 insertions, 0 deletions
diff --git a/spec/controllers/oauth/authorizations_controller_spec.rb b/spec/controllers/oauth/authorizations_controller_spec.rb
index 23d472f6853..f811f13def8 100644
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -95,6 +95,20 @@ RSpec.describe Oauth::AuthorizationsController do
     subject { post :create, params: params }
 
     include_examples 'OAuth Authorizations require confirmed user'
+
+    context 'when application is confidential' do
+      before do
+        application.update(confidential: true)
+        params[:response_type] = 'token'
+      end
+
+      it 'does not allow the implicit flow' do
+        subject
+
+        expect(response).to have_gitlab_http_status(:ok)
+        expect(response).to render_template('doorkeeper/authorizations/error')
+      end
+    end
   end
 
   describe 'DELETE #destroy' do
author	GitLab Bot <gitlab-bot@gitlab.com>	2021-01-06 19:21:00 +0000
committer	GitLab Bot <gitlab-bot@gitlab.com>	2021-01-06 19:21:00 +0000
commit	fa70ce1068babe592d348497c772f1b5160cbb6e (patch)
tree	88e00024a01cd6464afc88150a378f3e1de5bc7e /spec
parent	bd200951d7e928b84bd5b4ef1210a56d688a03c9 (diff)
download	gitlab-ce-fa70ce1068babe592d348497c772f1b5160cbb6e.tar.gz