diff options
Diffstat (limited to 'spec/controllers/groups/settings/applications_controller_spec.rb')
-rw-r--r-- | spec/controllers/groups/settings/applications_controller_spec.rb | 219 |
1 files changed, 219 insertions, 0 deletions
diff --git a/spec/controllers/groups/settings/applications_controller_spec.rb b/spec/controllers/groups/settings/applications_controller_spec.rb new file mode 100644 index 00000000000..0804a5536e0 --- /dev/null +++ b/spec/controllers/groups/settings/applications_controller_spec.rb @@ -0,0 +1,219 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Groups::Settings::ApplicationsController do + let_it_be(:user) { create(:user) } + let_it_be(:group) { create(:group) } + let_it_be(:application) { create(:oauth_application, owner_id: group.id, owner_type: 'Namespace') } + + before do + sign_in(user) + end + + describe 'GET #index' do + context 'when user is owner' do + before do + group.add_owner(user) + end + + it 'renders the application form' do + get :index, params: { group_id: group } + + expect(response).to render_template :index + expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes) + end + end + + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + it 'renders a 404' do + get :index, params: { group_id: group } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + describe 'GET #edit' do + context 'when user is owner' do + before do + group.add_owner(user) + end + + it 'renders the application form' do + get :edit, params: { group_id: group, id: application.id } + + expect(response).to render_template :edit + expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes) + end + end + + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + it 'renders a 404' do + get :edit, params: { group_id: group, id: application.id } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + describe 'POST #create' do + context 'when user is owner' do + before do + group.add_owner(user) + end + + it 'creates the application' do + create_params = attributes_for(:application, trusted: false, confidential: false, scopes: ['api']) + + expect do + post :create, params: { group_id: group, doorkeeper_application: create_params } + end.to change { Doorkeeper::Application.count }.by(1) + + application = Doorkeeper::Application.last + + expect(response).to redirect_to(group_settings_application_path(group, application)) + expect(application).to have_attributes(create_params.except(:uid, :owner_type)) + end + + it 'renders the application form on errors' do + expect do + post :create, params: { group_id: group, doorkeeper_application: attributes_for(:application).merge(redirect_uri: nil) } + end.not_to change { Doorkeeper::Application.count } + + expect(response).to render_template :index + expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes) + end + + context 'when the params are for a confidential application' do + it 'creates a confidential application' do + create_params = attributes_for(:application, confidential: true, scopes: ['read_user']) + + expect do + post :create, params: { group_id: group, doorkeeper_application: create_params } + end.to change { Doorkeeper::Application.count }.by(1) + + application = Doorkeeper::Application.last + + expect(response).to redirect_to(group_settings_application_path(group, application)) + expect(application).to have_attributes(create_params.except(:uid, :owner_type)) + end + end + + context 'when scopes are not present' do + it 'renders the application form on errors' do + create_params = attributes_for(:application, trusted: true, confidential: false) + + expect do + post :create, params: { group_id: group, doorkeeper_application: create_params } + end.not_to change { Doorkeeper::Application.count } + + expect(response).to render_template :index + end + end + end + + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + it 'renders a 404' do + create_params = attributes_for(:application, trusted: true, confidential: false, scopes: ['api']) + + post :create, params: { group_id: group, doorkeeper_application: create_params } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + describe 'PATCH #update' do + context 'when user is owner' do + before do + group.add_owner(user) + end + + it 'updates the application' do + doorkeeper_params = { redirect_uri: 'http://example.com/', trusted: true, confidential: false } + + patch :update, params: { group_id: group, id: application.id, doorkeeper_application: doorkeeper_params } + + application.reload + + expect(response).to redirect_to(group_settings_application_path(group, application)) + expect(application) + .to have_attributes(redirect_uri: 'http://example.com/', trusted: false, confidential: false) + end + + it 'renders the application form on errors' do + patch :update, params: { group_id: group, id: application.id, doorkeeper_application: { redirect_uri: nil } } + + expect(response).to render_template :edit + expect(assigns[:scopes]).to be_kind_of(Doorkeeper::OAuth::Scopes) + end + + context 'when updating the application to be confidential' do + it 'successfully sets the application to confidential' do + doorkeeper_params = { confidential: true } + + patch :update, params: { group_id: group, id: application.id, doorkeeper_application: doorkeeper_params } + + application.reload + + expect(response).to redirect_to(group_settings_application_path(group, application)) + expect(application).to be_confidential + end + end + end + + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + it 'renders a 404' do + doorkeeper_params = { redirect_uri: 'http://example.com/', trusted: true, confidential: false } + + patch :update, params: { group_id: group, id: application.id, doorkeeper_application: doorkeeper_params } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end + + describe 'DELETE #destroy' do + context 'when user is owner' do + before do + group.add_owner(user) + end + + it 'deletes the application' do + delete :destroy, params: { group_id: group, id: application.id } + + expect(Doorkeeper::Application.exists?(application.id)).to be_falsy + expect(response).to redirect_to(group_settings_applications_url(group)) + end + end + + context 'when user is not owner' do + before do + group.add_maintainer(user) + end + + it 'renders a 404' do + delete :destroy, params: { group_id: group, id: application.id } + + expect(response).to have_gitlab_http_status(:not_found) + end + end + end +end |