Fix 500 while accessing Oauth::ApplicationsController without a session

This change makes a valid session mandatory before accessing any action in Oauth::ApplicationsController

Fix 500 while accessing Oauth::ApplicationsController without a session
This change makes a valid session mandatory before accessing any action in Oauth::ApplicationsController
6bcd83fe · manojmj · 54462d48 · 6bcd83fe · 6bcd83fe · 6bcd83fe
Commit 6bcd83fe authored Feb 10, 2020 by manojmj
3 changed files
--- a/app/controllers/oauth/applications_controller.rb
+++ b/app/controllers/oauth/applications_controller.rb
@@ -8,8 +8,8 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
  include Gitlab::Experimentation::ControllerConcern
  include InitializesCurrentUserMode

-  before_action :verify_user_oauth_applications_enabled, except: :index
-  before_action :authenticate_user!
+  prepend_before_action :verify_user_oauth_applications_enabled, except: :index
+  prepend_before_action :authenticate_user!
  before_action :add_gon_variables
  before_action :load_scopes, only: [:index, :create, :edit, :update]


--- a/changelogs/unreleased/204729-nomethoderror-undefined-method-oauth_applications-for-nil-nilclass.yml
+++ b/changelogs/unreleased/204729-nomethoderror-undefined-method-oauth_applications-for-nil-nilclass.yml
+---
+title: Fix 500 error while accessing Oauth::ApplicationsController without a valid session
+merge_request: 24775
+author:
+type: fixed
--- a/spec/controllers/oauth/applications_controller_spec.rb
+++ b/spec/controllers/oauth/applications_controller_spec.rb
@@ -4,31 +4,82 @@ require 'spec_helper'

 describe Oauth::ApplicationsController do
  let(:user) { create(:user) }
+  let(:application) { create(:oauth_application, owner: user) }

  context 'project members' do
    before do
      sign_in(user)
    end

-    describe 'GET #index' do
-      it 'shows list of applications' do
-        get :index
-
-        expect(response).to have_gitlab_http_status(:ok)
+    shared_examples 'redirects to login page when the user is not signed in' do
+      before do
+        sign_out(user)
      end

-      it 'redirects back to profile page if OAuth applications are disabled' do
-        disable_user_oauth
+      it { is_expected.to redirect_to(new_user_session_path) }
+    end
+
+    describe 'GET #new' do
+      subject { get :new }
+
+      it { is_expected.to have_gitlab_http_status(:ok) }
+
+      it_behaves_like 'redirects to login page when the user is not signed in'
+    end
+
+    describe 'DELETE #destroy' do
+      subject { delete :destroy, params: { id: application.id } }
+
+      it { is_expected.to redirect_to(oauth_applications_url) }
+
+      it_behaves_like 'redirects to login page when the user is not signed in'
+    end
+
+    describe 'GET #edit' do
+      subject { get :edit, params: { id: application.id } }
+
+      it { is_expected.to have_gitlab_http_status(:ok) }
+
+      it_behaves_like 'redirects to login page when the user is not signed in'
+    end
+
+    describe 'PUT #update' do
+      subject { put :update, params: { id: application.id, doorkeeper_application: { name: 'application' } } }
+
+      it { is_expected.to redirect_to(oauth_application_url(application)) }
+
+      it_behaves_like 'redirects to login page when the user is not signed in'
+    end
+
+    describe 'GET #show' do
+      subject { get :show, params: { id: application.id } }
+
+      it { is_expected.to have_gitlab_http_status(:ok) }
+
+      it_behaves_like 'redirects to login page when the user is not signed in'
+    end
+
+    describe 'GET #index' do
+      subject { get :index }
+
+      it { is_expected.to have_gitlab_http_status(:ok) }

-        get :index
+      context 'when OAuth applications are disabled' do
+        before do
+          disable_user_oauth
+        end

-        expect(response).to have_gitlab_http_status(:ok)
+        it { is_expected.to have_gitlab_http_status(:ok) }
      end
+
+      it_behaves_like 'redirects to login page when the user is not signed in'
    end

    describe 'POST #create' do
+      subject { post :create, params: oauth_params }
+
      it 'creates an application' do
-        post :create, params: oauth_params
+        subject

        expect(response).to have_gitlab_http_status(:found)
        expect(response).to redirect_to(oauth_application_path(Doorkeeper::Application.last))
@@ -37,7 +88,7 @@ describe Oauth::ApplicationsController do
      it 'redirects back to profile page if OAuth applications are disabled' do
        disable_user_oauth

-        post :create, params: oauth_params
+        subject

        expect(response).to have_gitlab_http_status(:found)
        expect(response).to redirect_to(profile_path)
@@ -59,6 +110,8 @@ describe Oauth::ApplicationsController do
          expect(response.body).to include 'Redirect URI is forbidden by the server'
        end
      end
+
+      it_behaves_like 'redirects to login page when the user is not signed in'
    end
  end