gitlab-org--gitlab-foss/spec/controllers/google_api/authorizations_controller_spec.rb

require 'spec_helper'

describe GoogleApi::AuthorizationsController do
  describe 'GET|POST #callback' do
    let(:user) { create(:user) }
    let(:token) { 'token' }
    let(:expires_at) { 1.hour.since.strftime('%s') }

    subject { get :callback, params: { code: 'xxx', state: state } }

    before do
      sign_in(user)

      allow_any_instance_of(GoogleApi::CloudPlatform::Client)
        .to receive(:get_token).and_return([token, expires_at])
    end

    shared_examples_for 'access denied' do
      it 'returns a 404' do
        subject

        expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token]).to be_nil
        expect(response).to have_http_status(:not_found)
      end
    end

    context 'session key is present' do
      let(:session_key) { 'session-key' }
      let(:redirect_uri) { 'example.com' }

      before do
        session[GoogleApi::CloudPlatform::Client.session_key_for_redirect_uri(session_key)] = redirect_uri
      end

      context 'session key matches state param' do
        let(:state) { session_key }

        it 'sets token and expires_at in session' do
          subject

          expect(session[GoogleApi::CloudPlatform::Client.session_key_for_token])
            .to eq(token)
          expect(session[GoogleApi::CloudPlatform::Client.session_key_for_expires_at])
            .to eq(expires_at)
        end

        it 'redirects to the URL stored in state param' do
          expect(subject).to redirect_to(redirect_uri)
        end
      end

      context 'session key does not match state param' do
        let(:state) { 'bad-key' }

        it_behaves_like 'access denied'
      end

      context 'state param is blank' do
        let(:state) { '' }

        it_behaves_like 'access denied'
      end
    end

    context 'state param is present, but session key is blank' do
      let(:state) { 'session-key' }

      it_behaves_like 'access denied'
    end
  end
end