Commit 6bcd83fe authored by manojmj's avatar manojmj

Fix 500 while accessing Oauth::ApplicationsController without a session

This change makes a valid session mandatory before
accessing any action in Oauth::ApplicationsController
parent 54462d48
...@@ -8,8 +8,8 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController ...@@ -8,8 +8,8 @@ class Oauth::ApplicationsController < Doorkeeper::ApplicationsController
include Gitlab::Experimentation::ControllerConcern include Gitlab::Experimentation::ControllerConcern
include InitializesCurrentUserMode include InitializesCurrentUserMode
before_action :verify_user_oauth_applications_enabled, except: :index prepend_before_action :verify_user_oauth_applications_enabled, except: :index
before_action :authenticate_user! prepend_before_action :authenticate_user!
before_action :add_gon_variables before_action :add_gon_variables
before_action :load_scopes, only: [:index, :create, :edit, :update] before_action :load_scopes, only: [:index, :create, :edit, :update]
......
---
title: Fix 500 error while accessing Oauth::ApplicationsController without a valid session
merge_request: 24775
author:
type: fixed
...@@ -4,31 +4,82 @@ require 'spec_helper' ...@@ -4,31 +4,82 @@ require 'spec_helper'
describe Oauth::ApplicationsController do describe Oauth::ApplicationsController do
let(:user) { create(:user) } let(:user) { create(:user) }
let(:application) { create(:oauth_application, owner: user) }
context 'project members' do context 'project members' do
before do before do
sign_in(user) sign_in(user)
end end
describe 'GET #index' do shared_examples 'redirects to login page when the user is not signed in' do
it 'shows list of applications' do before do
get :index sign_out(user)
end
expect(response).to have_gitlab_http_status(:ok) it { is_expected.to redirect_to(new_user_session_path) }
end end
it 'redirects back to profile page if OAuth applications are disabled' do describe 'GET #new' do
disable_user_oauth subject { get :new }
get :index it { is_expected.to have_gitlab_http_status(:ok) }
expect(response).to have_gitlab_http_status(:ok) it_behaves_like 'redirects to login page when the user is not signed in'
end end
describe 'DELETE #destroy' do
subject { delete :destroy, params: { id: application.id } }
it { is_expected.to redirect_to(oauth_applications_url) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #edit' do
subject { get :edit, params: { id: application.id } }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'PUT #update' do
subject { put :update, params: { id: application.id, doorkeeper_application: { name: 'application' } } }
it { is_expected.to redirect_to(oauth_application_url(application)) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #show' do
subject { get :show, params: { id: application.id } }
it { is_expected.to have_gitlab_http_status(:ok) }
it_behaves_like 'redirects to login page when the user is not signed in'
end
describe 'GET #index' do
subject { get :index }
it { is_expected.to have_gitlab_http_status(:ok) }
context 'when OAuth applications are disabled' do
before do
disable_user_oauth
end
it { is_expected.to have_gitlab_http_status(:ok) }
end
it_behaves_like 'redirects to login page when the user is not signed in'
end end
describe 'POST #create' do describe 'POST #create' do
subject { post :create, params: oauth_params }
it 'creates an application' do it 'creates an application' do
post :create, params: oauth_params subject
expect(response).to have_gitlab_http_status(:found) expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(oauth_application_path(Doorkeeper::Application.last)) expect(response).to redirect_to(oauth_application_path(Doorkeeper::Application.last))
...@@ -37,7 +88,7 @@ describe Oauth::ApplicationsController do ...@@ -37,7 +88,7 @@ describe Oauth::ApplicationsController do
it 'redirects back to profile page if OAuth applications are disabled' do it 'redirects back to profile page if OAuth applications are disabled' do
disable_user_oauth disable_user_oauth
post :create, params: oauth_params subject
expect(response).to have_gitlab_http_status(:found) expect(response).to have_gitlab_http_status(:found)
expect(response).to redirect_to(profile_path) expect(response).to redirect_to(profile_path)
...@@ -59,6 +110,8 @@ describe Oauth::ApplicationsController do ...@@ -59,6 +110,8 @@ describe Oauth::ApplicationsController do
expect(response.body).to include 'Redirect URI is forbidden by the server' expect(response.body).to include 'Redirect URI is forbidden by the server'
end end
end end
it_behaves_like 'redirects to login page when the user is not signed in'
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment