debian-mirror-gitlab/spec/controllers/oauth/applications_controller_spec.rb

137 lines
3.5 KiB
Ruby
Raw Normal View History

2019-07-31 22:56:46 +05:30
# frozen_string_literal: true
require 'spec_helper'
2020-06-23 00:09:42 +05:30
RSpec.describe Oauth::ApplicationsController do
let(:user) { create(:user) }
2020-03-13 15:44:24 +05:30
let(:application) { create(:oauth_application, owner: user) }
context 'project members' do
before do
sign_in(user)
end
2020-03-13 15:44:24 +05:30
shared_examples 'redirects to login page when the user is not signed in' do
before do
sign_out(user)
end
2020-03-13 15:44:24 +05:30
it { is_expected.to redirect_to(new_user_session_path) }
end
describe 'GET #new' do
subject { get :new }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'DELETE #destroy' do
subject { delete :destroy, params: { id: application.id } }
it { is_expected.to redirect_to(oauth_applications_url) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #edit' do
subject { get :edit, params: { id: application.id } }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'PUT #update' do
subject { put :update, params: { id: application.id, doorkeeper_application: { name: 'application' } } }
it { is_expected.to redirect_to(oauth_application_url(application)) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #show' do
subject { get :show, params: { id: application.id } }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #index' do
subject { get :index }
it { is_expected.to have_gitlab_http_status(:ok) }
2020-03-13 15:44:24 +05:30
context 'when OAuth applications are disabled' do
before do
disable_user_oauth
end
2020-03-13 15:44:24 +05:30
it { is_expected.to have_gitlab_http_status(:ok) }
2018-12-05 23:21:45 +05:30
end
2020-03-13 15:44:24 +05:30
it_behaves_like 'redirects to login page when the user is not signed in'
2018-12-05 23:21:45 +05:30
end
describe 'POST #create' do
2020-03-13 15:44:24 +05:30
subject { post :create, params: oauth_params }
2018-12-05 23:21:45 +05:30
it 'creates an application' do
2020-03-13 15:44:24 +05:30
subject
2018-12-05 23:21:45 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
2018-12-05 23:21:45 +05:30
expect(response).to redirect_to(oauth_application_path(Doorkeeper::Application.last))
end
it 'redirects back to profile page if OAuth applications are disabled' do
disable_user_oauth
2020-03-13 15:44:24 +05:30
subject
2018-12-05 23:21:45 +05:30
2020-03-13 15:44:24 +05:30
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(profile_path)
end
2018-11-29 20:51:05 +05:30
context 'redirect_uri' do
render_views
it 'shows an error for a forbidden URI' do
invalid_uri_params = {
doorkeeper_application: {
name: 'foo',
redirect_uri: 'javascript://alert()'
}
}
2019-02-15 15:39:39 +05:30
post :create, params: invalid_uri_params
2018-11-29 20:51:05 +05:30
expect(response.body).to include 'Redirect URI is forbidden by the server'
end
end
2020-03-13 15:44:24 +05:30
it_behaves_like 'redirects to login page when the user is not signed in'
end
end
2018-12-05 23:21:45 +05:30
2020-01-01 13:55:28 +05:30
context 'Helpers' do
it 'current_user_mode available' do
expect(subject.current_user_mode).not_to be_nil
end
end
2018-12-05 23:21:45 +05:30
def disable_user_oauth
allow(Gitlab::CurrentSettings.current_application_settings).to receive(:user_oauth_applications?).and_return(false)
end
def oauth_params
{
doorkeeper_application: {
name: 'foo',
redirect_uri: 'http://example.org'
}
}
end
end