Merge branch...

Merge branch '347319-api-call-to-retrieve-information-of-wrong-token-returns-error-400-instead-of-401' into 'master' Resolve "API call to retrieve information of wrong token returns error "400" instead of "401"" See merge request gitlab-org/gitlab!77644

Merge branch...
Merge branch '347319-api-call-to-retrieve-information-of-wrong-token-returns-error-400-instead-of-401' into 'master' Resolve "API call to retrieve information of wrong token returns error "400" instead of "401"" See merge request gitlab-org/gitlab!77644
62403975 · Douglas Barbosa Alexandre · df5cb1b1 · 3e0738ce · 62403975 · 62403975
Commit 62403975 authored Jan 11, 2022 by Douglas Barbosa Alexandre
Showing with 13 additions and 13 deletions

app/controllers/oauth/token_info_controller.rb app/controllers/oauth/token_info_controller.rb +1 -1

spec/controllers/oauth/token_info_controller_spec.rb spec/controllers/oauth/token_info_controller_spec.rb +12 -12

No files found.
--- a/app/controllers/oauth/token_info_controller.rb
+++ b/app/controllers/oauth/token_info_controller.rb
@@ -13,7 +13,7 @@ class Oauth::TokenInfoController < Doorkeeper::TokenInfoController
        'expires_in_seconds' => token_json[:expires_in]
      ), status: :ok
    else
-      error = Doorkeeper::OAuth::ErrorResponse.new(name: :invalid_request)
+      error = Doorkeeper::OAuth::InvalidTokenResponse.new
      response.headers.merge!(error.headers)
      render json: error.body, status: error.status
    end

--- a/spec/controllers/oauth/token_info_controller_spec.rb
+++ b/spec/controllers/oauth/token_info_controller_spec.rb
@@ -5,11 +5,11 @@ require 'spec_helper'
 RSpec.describe Oauth::TokenInfoController do
  describe '#show' do
    context 'when the user is not authenticated' do
-      it 'responds with a 400' do
+      it 'responds with a 401' do
        get :show

-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
+        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
      end
    end

@@ -36,11 +36,11 @@ RSpec.describe Oauth::TokenInfoController do
    end

    context 'when the doorkeeper_token is not recognised' do
-      it 'responds with a 400' do
+      it 'responds with a 401' do
        get :show, params: { access_token: 'unknown_token' }

-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
+        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
      end
    end

@@ -49,22 +49,22 @@ RSpec.describe Oauth::TokenInfoController do
        create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes)
      end

-      it 'responds with a 400' do
+      it 'responds with a 401' do
        get :show, params: { access_token: access_token.token }

-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
+        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
      end
    end

    context 'when the token is revoked' do
      let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) }

-      it 'responds with a 400' do
+      it 'responds with a 401' do
        get :show, params: { access_token: access_token.token }

-        expect(response).to have_gitlab_http_status(:bad_request)
-        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
+        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_token')
      end
    end
  end