debian-mirror-gitlab/spec/controllers/oauth/authorizations_controller_spec.rb

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe Oauth::AuthorizationsController do
  let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') }
  let(:params) do
    {
      response_type: "code",
      client_id: application.uid,
      redirect_uri: application.redirect_uri,
      state: 'state'
    }
  end

  before do
    sign_in(user)
  end

  describe 'GET #new' do
    context 'when the user is confirmed' do
      let(:user) { create(:user) }

      context 'without valid params' do
        it 'returns 200 code and renders error view' do
          get :new

          expect(response).to have_gitlab_http_status(:ok)
          expect(response).to render_template('doorkeeper/authorizations/error')
        end
      end

      context 'with valid params' do
        render_views

        it 'returns 200 code and renders view' do
          get :new, params: params

          expect(response).to have_gitlab_http_status(:ok)
          expect(response).to render_template('doorkeeper/authorizations/new')
        end

        it 'deletes session.user_return_to and redirects when skip authorization' do
          application.update(trusted: true)
          request.session['user_return_to'] = 'http://example.com'

          get :new, params: params

          expect(request.session['user_return_to']).to be_nil
          expect(response).to have_gitlab_http_status(:found)
        end

        context 'when there is already an access token for the application' do
          context 'when the request scope matches any of the created token scopes' do
            before do
              scopes = Doorkeeper::OAuth::Scopes.from_string('api')

              allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)

              create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes
            end

            it 'authorizes the request and redirects' do
              get :new, params: params

              expect(request.session['user_return_to']).to be_nil
              expect(response).to have_gitlab_http_status(:found)
            end
          end
        end
      end
    end

    context 'when the user is unconfirmed' do
      let(:user) { create(:user, confirmed_at: nil) }

      it 'returns 200 and renders error view' do
        get :new, params: params

        expect(response).to have_gitlab_http_status(:ok)
        expect(response).to render_template('doorkeeper/authorizations/error')
      end
    end
  end
end
New upstream version 11.11.7+dfsg 2019-07-31 22:56:46 +05:30			`# frozen_string_literal: true`

New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`require 'spec_helper'`

New upstream version 13.1.0 2020-06-23 00:09:42 +05:30			`RSpec.describe Oauth::AuthorizationsController do`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`let(:params) do`
			`{`
			`response_type: "code",`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`client_id: application.uid,`
			`redirect_uri: application.redirect_uri,`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`state: 'state'`
			`}`
			`end`

			`before do`
			`sign_in(user)`
			`end`

			`describe 'GET #new' do`
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`context 'when the user is confirmed' do`
			`let(:user) { create(:user) }`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`context 'without valid params' do`
			`it 'returns 200 code and renders error view' do`
			`get :new`

			`expect(response).to have_gitlab_http_status(:ok)`
			`expect(response).to render_template('doorkeeper/authorizations/error')`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`

New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`context 'with valid params' do`
			`render_views`
New upstream version 10.6.0+dfsg 2018-03-27 19:54:05 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`it 'returns 200 code and renders view' do`
			`get :new, params: params`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`expect(response).to have_gitlab_http_status(:ok)`
			`expect(response).to render_template('doorkeeper/authorizations/new')`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`it 'deletes session.user_return_to and redirects when skip authorization' do`
			`application.update(trusted: true)`
			`request.session['user_return_to'] = 'http://example.com'`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`get :new, params: params`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`expect(request.session['user_return_to']).to be_nil`
			`expect(response).to have_gitlab_http_status(:found)`
			`end`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`context 'when there is already an access token for the application' do`
			`context 'when the request scope matches any of the created token scopes' do`
			`before do`
			`scopes = Doorkeeper::OAuth::Scopes.from_string('api')`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes`
			`end`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`it 'authorizes the request and redirects' do`
			`get :new, params: params`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30			`expect(request.session['user_return_to']).to be_nil`
			`expect(response).to have_gitlab_http_status(:found)`
			`end`
New upstream version 11.1.8+dfsg 2018-11-08 19:23:39 +05:30			`end`
			`end`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
New upstream version 13.0.3 2020-05-30 21:06:31 +05:30
			`context 'when the user is unconfirmed' do`
			`let(:user) { create(:user, confirmed_at: nil) }`

			`it 'returns 200 and renders error view' do`
			`get :new, params: params`

			`expect(response).to have_gitlab_http_status(:ok)`
			`expect(response).to render_template('doorkeeper/authorizations/error')`
			`end`
			`end`
New upstream version 9.2.10+dfsg 2017-08-17 22:00:37 +05:30			`end`
			`end`