debian-mirror-gitlab/spec/controllers/google_api/authorizations_controller_spec.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

114 lines
3.3 KiB
Ruby
Raw Permalink Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
2018-03-17 18:26:18 +05:30
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe GoogleApi::AuthorizationsController do
2018-03-17 18:26:18 +05:30
describe 'GET|POST #callback' do
let(:user) { create(:user) }
let(:token) { 'token' }
let(:expires_at) { 1.hour.since.strftime('%s') }
2019-03-13 22:55:13 +05:30
subject { get :callback, params: { code: 'xxx', state: state } }
2018-03-17 18:26:18 +05:30
before do
sign_in(user)
end
2019-03-13 22:55:13 +05:30
shared_examples_for 'access denied' do
it 'returns a 404' do
subject
2018-03-17 18:26:18 +05:30
2019-03-13 22:55:13 +05:30
expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token]).to be_nil
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:not_found)
2019-03-13 22:55:13 +05:30
end
2018-03-17 18:26:18 +05:30
end
2019-03-13 22:55:13 +05:30
context 'session key is present' do
let(:session_key) { 'session-key' }
let(:redirect_uri) { 'example.com' }
2018-03-17 18:26:18 +05:30
before do
2019-03-13 22:55:13 +05:30
session[GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(session_key)] = redirect_uri
end
context 'session key matches state param' do
let(:state) { session_key }
2020-05-24 23:13:21 +05:30
before do
allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |instance|
allow(instance).to receive(:get_token).and_return([token, expires_at])
end
end
2019-03-13 22:55:13 +05:30
it 'sets token and expires_at in session' do
subject
expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token])
.to eq(token)
expect(session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at])
.to eq(expires_at)
end
it 'redirects to the URL stored in state param' do
expect(subject).to redirect_to(redirect_uri)
2018-03-17 18:26:18 +05:30
end
end
2019-03-13 22:55:13 +05:30
context 'session key does not match state param' do
let(:state) { 'bad-key' }
it_behaves_like 'access denied'
2018-03-17 18:26:18 +05:30
end
2019-03-13 22:55:13 +05:30
context 'state param is blank' do
let(:state) { '' }
it_behaves_like 'access denied'
2018-03-17 18:26:18 +05:30
end
2020-05-24 23:13:21 +05:30
context 'when a Faraday exception occurs' do
let(:state) { session_key }
[::Faraday::TimeoutError, ::Faraday::ConnectionFailed].each do |error|
it "sets a flash alert on #{error}" do
allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |instance|
allow(instance).to receive(:get_token).and_raise(error.new(nil))
end
subject
expect(flash[:alert]).to eq('Timeout connecting to the Google API. Please try again.')
end
end
end
2018-03-17 18:26:18 +05:30
end
2019-03-13 22:55:13 +05:30
context 'state param is present, but session key is blank' do
let(:state) { 'session-key' }
it_behaves_like 'access denied'
end
2022-01-26 12:08:38 +05:30
context 'user logs in but declines authorizations' do
subject { get :callback, params: { error: 'xxx', state: state } }
let(:session_key) { 'session-key' }
let(:redirect_uri) { 'example.com' }
let(:error_uri) { 'error.com' }
let(:state) { session_key }
before do
session[GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(session_key)] = redirect_uri
session[:error_uri] = error_uri
allow_next_instance_of(GoogleApi::CloudPlatform::Client) do |instance|
allow(instance).to receive(:get_token).and_return([token, expires_at])
end
end
it 'redirects to error uri' do
expect(subject).to redirect_to(error_uri)
end
end
2018-03-17 18:26:18 +05:30
end
end