authorizations_controller_spec.rb 2.02 KB
Newer Older
1 2 3 4
require 'spec_helper'

describe Oauth::AuthorizationsController do
  let(:user) { create(:user) }
5
  let!(:application) { create(:oauth_application, scopes: 'api read_user', redirect_uri: 'http://example.com') }
6 7 8
  let(:params) do
    {
      response_type: "code",
9 10
      client_id: application.uid,
      redirect_uri: application.redirect_uri,
11 12 13 14 15 16 17 18 19 20 21 22 23
      state: 'state'
    }
  end

  before do
    sign_in(user)
  end

  describe 'GET #new' do
    context 'without valid params' do
      it 'returns 200 code and renders error view' do
        get :new

24
        expect(response).to have_gitlab_http_status(200)
25 26 27 28 29
        expect(response).to render_template('doorkeeper/authorizations/error')
      end
    end

    context 'with valid params' do
30 31
      render_views

32
      it 'returns 200 code and renders view' do
blackst0ne's avatar
blackst0ne committed
33
        get :new, params: params
34

35
        expect(response).to have_gitlab_http_status(200)
36 37 38 39
        expect(response).to render_template('doorkeeper/authorizations/new')
      end

      it 'deletes session.user_return_to and redirects when skip authorization' do
40
        application.update(trusted: true)
41 42
        request.session['user_return_to'] = 'http://example.com'

blackst0ne's avatar
blackst0ne committed
43
        get :new, params: params
44 45

        expect(request.session['user_return_to']).to be_nil
46
        expect(response).to have_gitlab_http_status(302)
47
      end
48 49 50 51 52 53 54 55 56 57 58 59

      context 'when there is already an access token for the application' do
        context 'when the request scope matches any of the created token scopes' do
          before do
            scopes = Doorkeeper::OAuth::Scopes.from_string('api')

            allow(Doorkeeper.configuration).to receive(:scopes).and_return(scopes)

            create :oauth_access_token, application: application, resource_owner_id: user.id, scopes: scopes
          end

          it 'authorizes the request and redirects' do
blackst0ne's avatar
blackst0ne committed
60
            get :new, params: params
61 62 63 64 65 66

            expect(request.session['user_return_to']).to be_nil
            expect(response).to have_gitlab_http_status(302)
          end
        end
      end
67 68 69
    end
  end
end