1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Oauth::JiraDvcs::AuthorizationsController, feature_category: :integrations do
let_it_be(:application) { create(:oauth_application, redirect_uri: 'https://example.com/callback') }
describe 'GET new' do
it 'redirects to OAuth authorization with correct params' do
get :new, params: { client_id: application.uid, scope: 'foo', redirect_uri: 'https://example.com/callback' }
expect(response).to redirect_to(oauth_authorization_url(
client_id: application.uid,
response_type: 'code',
scope: 'foo',
redirect_uri: oauth_jira_dvcs_callback_url))
end
it 'replaces the GitHub "repo" scope with "api"' do
get :new, params: { client_id: application.uid, scope: 'repo', redirect_uri: 'https://example.com/callback' }
expect(response).to redirect_to(oauth_authorization_url(
client_id: application.uid,
response_type: 'code',
scope: 'api',
redirect_uri: oauth_jira_dvcs_callback_url))
end
it 'returns 404 with an invalid client' do
get :new, params: { client_id: 'client-123', scope: 'foo', redirect_uri: 'https://example.com/callback' }
expect(response).to have_gitlab_http_status(:not_found)
end
it 'returns 403 with an incorrect redirect_uri' do
get :new, params: { client_id: application.uid, scope: 'foo', redirect_uri: 'http://unsafe-website.com/callback' }
expect(response).to have_gitlab_http_status(:forbidden)
end
end
describe 'GET callback' do
it 'redirects to redirect_uri on session with code param' do
session['redirect_uri'] = 'http://example.com'
get :callback, params: { code: 'hash-123' }
expect(response).to redirect_to('http://example.com?code=hash-123')
end
it 'redirects to redirect_uri on session with code param preserving existing query' do
session['redirect_uri'] = 'http://example.com?foo=bar'
get :callback, params: { code: 'hash-123' }
expect(response).to redirect_to('http://example.com?foo=bar&code=hash-123')
end
end
describe 'POST access_token' do
it 'returns oauth params in a format Jira expects' do
expect_any_instance_of(Doorkeeper::Request::AuthorizationCode).to receive(:authorize) do
double(status: :ok, body: { 'access_token' => 'fake-123', 'scope' => 'foo', 'token_type' => 'bar' })
end
post :access_token, params: { code: 'code-123', client_id: application.uid, client_secret: 'secret-123' }
expect(response.body).to eq('access_token=fake-123&scope=foo&token_type=bar')
end
end
end
|