2020-09-01 08:11:01 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
|
|
|
RSpec.describe 'Jira authorization requests' do
|
|
|
|
let(:user) { create :user }
|
|
|
|
let(:application) { create :oauth_application, scopes: 'api' }
|
2022-03-20 23:08:23 -04:00
|
|
|
let(:redirect_uri) { oauth_jira_dvcs_callback_url(host: "http://www.example.com") }
|
2020-09-01 08:11:01 -04:00
|
|
|
|
|
|
|
def generate_access_grant
|
|
|
|
create :oauth_access_grant, application: application, resource_owner_id: user.id, redirect_uri: redirect_uri
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST access_token' do
|
|
|
|
let(:client_id) { application.uid }
|
|
|
|
let(:client_secret) { application.secret }
|
|
|
|
|
|
|
|
it 'returns values similar to a POST to /oauth/token' do
|
|
|
|
post_data = {
|
|
|
|
client_id: client_id,
|
|
|
|
client_secret: client_secret
|
|
|
|
}
|
|
|
|
|
|
|
|
post '/oauth/token', params: post_data.merge({
|
|
|
|
code: generate_access_grant.token,
|
|
|
|
grant_type: 'authorization_code',
|
|
|
|
redirect_uri: redirect_uri
|
|
|
|
})
|
|
|
|
oauth_response = json_response
|
2022-07-08 02:09:41 -04:00
|
|
|
oauth_response_access_token, scope, token_type = oauth_response.values_at('access_token', 'scope', 'token_type')
|
2020-09-01 08:11:01 -04:00
|
|
|
|
|
|
|
post '/login/oauth/access_token', params: post_data.merge({
|
|
|
|
code: generate_access_grant.token
|
|
|
|
})
|
|
|
|
jira_response = response.body
|
2022-07-08 02:09:41 -04:00
|
|
|
jira_response_access_token = Rack::Utils.parse_nested_query(jira_response)['access_token']
|
2020-09-01 08:11:01 -04:00
|
|
|
|
2022-07-08 02:09:41 -04:00
|
|
|
expect(jira_response).to include("scope=#{scope}&token_type=#{token_type}")
|
|
|
|
expect(oauth_response_access_token).not_to eql(jira_response_access_token)
|
2020-09-01 08:11:01 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
context 'when authorization fails' do
|
|
|
|
before do
|
|
|
|
post '/login/oauth/access_token', params: {
|
|
|
|
client_id: client_id,
|
|
|
|
client_secret: client_secret,
|
|
|
|
code: try(:code) || generate_access_grant.token
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
shared_examples 'an unauthorized request' do
|
|
|
|
it 'returns 401' do
|
|
|
|
expect(response).to have_gitlab_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when client_id is invalid' do
|
|
|
|
let(:client_id) { "invalid_id" }
|
|
|
|
|
|
|
|
it_behaves_like 'an unauthorized request'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when client_secret is invalid' do
|
|
|
|
let(:client_secret) { "invalid_secret" }
|
|
|
|
|
|
|
|
it_behaves_like 'an unauthorized request'
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when code is invalid' do
|
|
|
|
let(:code) { "invalid_code" }
|
|
|
|
|
|
|
|
it 'returns bad request' do
|
|
|
|
expect(response).to have_gitlab_http_status(:bad_request)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|