Commit 6bcd83fe authored by manojmj's avatar manojmj

Fix 500 while accessing Oauth::ApplicationsController without a session

This change makes a valid session mandatory before
accessing any action in Oauth::ApplicationsController
parent 54462d48
......@@ -8,8 +8,8 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
include Gitlab::Experimentation::ControllerConcern
include InitializesCurrentUserMode
before_action :verify_user_oauth_applications_enabled, except: :index
before_action :authenticate_user!
prepend_before_action :verify_user_oauth_applications_enabled, except: :index
prepend_before_action :authenticate_user!
before_action :add_gon_variables
before_action :load_scopes, only: [:index, :create, :edit, :update]
......
---
title: Fix 500 error while accessing Oauth::ApplicationsController without a valid session
merge_request: 24775
author:
type: fixed
......@@ -4,31 +4,82 @@ require 'spec_helper'
describe Oauth::ApplicationsController do
let(:user) { create(:user) }
let(:application) { create(:oauth_application, owner: user) }
context 'project members' do
before do
sign_in(user)
end
describe 'GET #index' do
it 'shows list of applications' do
get :index
expect(response).to have_gitlab_http_status(:ok)
shared_examples 'redirects to login page when the user is not signed in' do
before do
sign_out(user)
end
it 'redirects back to profile page if OAuth applications are disabled' do
disable_user_oauth
it { is_expected.to redirect_to(new_user_session_path) }
end
describe 'GET #new' do
subject { get :new }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'DELETE #destroy' do
subject { delete :destroy, params: { id: application.id } }
it { is_expected.to redirect_to(oauth_applications_url) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #edit' do
subject { get :edit, params: { id: application.id } }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'PUT #update' do
subject { put :update, params: { id: application.id, doorkeeper_application: { name: 'application' } } }
it { is_expected.to redirect_to(oauth_application_url(application)) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #show' do
subject { get :show, params: { id: application.id } }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #index' do
subject { get :index }
it { is_expected.to have_gitlab_http_status(:ok) }
get :index
context 'when OAuth applications are disabled' do
before do
disable_user_oauth
end
expect(response).to have_gitlab_http_status(:ok)
it { is_expected.to have_gitlab_http_status(:ok) }
end
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'POST #create' do
subject { post :create, params: oauth_params }
it 'creates an application' do
post :create, params: oauth_params
subject
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(oauth_application_path(Doorkeeper::Application.last))
......@@ -37,7 +88,7 @@ describe Oauth::ApplicationsController do
it 'redirects back to profile page if OAuth applications are disabled' do
disable_user_oauth
post :create, params: oauth_params
subject
expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(profile_path)
......@@ -59,6 +110,8 @@ describe Oauth::ApplicationsController do
expect(response.body).to include 'Redirect URI is forbidden by the server'
end
end
it_behaves_like 'redirects to login page when the user is not signed in'
end
end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment