Merge branch 'id-bump-doorkeeper-5-1' into 'master'

Bump doorkeeper to 5.1.1 See merge request gitlab-org/gitlab!40546

Merge branch 'id-bump-doorkeeper-5-1' into 'master'
Bump doorkeeper to 5.1.1 See merge request gitlab-org/gitlab!40546
c28b1355 · Mark Chao · 9a97f1f1 · f086b5e9 · c28b1355 · c28b1355
Commit c28b1355 authored Sep 01, 2020 by Mark Chao
6 changed files
--- a/Gemfile
+++ b/Gemfile
@@ -26,7 +26,7 @@ gem 'marginalia', '~> 1.9.0'

 # Authentication libraries
 gem 'devise', '~> 4.6'
-gem 'doorkeeper', '~> 5.0.3'
+gem 'doorkeeper', '~> 5.1.1'
 gem 'doorkeeper-openid_connect', '~> 1.6.3'
 gem 'omniauth', '~> 1.8'
 gem 'omniauth-auth0', '~> 2.0.0'

--- a/Gemfile.lock
+++ b/Gemfile.lock
@@ -254,8 +254,8 @@ GEM
    docile (1.3.2)
    domain_name (0.5.20180417)
      unf (>= 0.0.5, < 1.0.0)
-    doorkeeper (5.0.3)
-      railties (>= 4.2)
+    doorkeeper (5.1.1)
+      railties (>= 5)
    doorkeeper-openid_connect (1.6.3)
      doorkeeper (>= 5.0, < 5.2)
      json-jwt (~> 1.6)
@@ -1265,7 +1265,7 @@ DEPENDENCIES
  diff_match_patch (~> 0.1.0)
  diffy (~> 3.3)
  discordrb-webhooks-blackst0ne (~> 3.3)
-  doorkeeper (~> 5.0.3)
+  doorkeeper (~> 5.1.1)
  doorkeeper-openid_connect (~> 1.6.3)
  ed25519 (~> 1.2)
  elasticsearch-api (~> 6.8)

--- a/changelogs/unreleased/id-bump-doorkeeper-5-1.yml
+++ b/changelogs/unreleased/id-bump-doorkeeper-5-1.yml
+---
+title: Bump doorkeeper to 5.1.1
+merge_request: 40546
+author:
+type: changed
--- a/ee/spec/requests/jira_authorizations_spec.rb
+++ b/ee/spec/requests/jira_authorizations_spec.rb
@@ -67,7 +67,9 @@ RSpec.describe 'Jira authorization requests' do
      context 'when code is invalid' do
        let(:code) { "invalid_code" }

-        it_behaves_like 'an unauthorized request'
+        it 'returns bad request' do
+          expect(response).to have_gitlab_http_status(:bad_request)
+        end
      end
    end
  end

--- a/spec/controllers/oauth/token_info_controller_spec.rb
+++ b/spec/controllers/oauth/token_info_controller_spec.rb
@@ -5,10 +5,10 @@ require 'spec_helper'
 RSpec.describe Oauth::TokenInfoController do
  describe '#show' do
    context 'when the user is not authenticated' do
-      it 'responds with a 401' do
+      it 'responds with a 400' do
        get :show

-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:bad_request)
        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
      end
    end
@@ -36,10 +36,10 @@ RSpec.describe Oauth::TokenInfoController do
    end

    context 'when the doorkeeper_token is not recognised' do
-      it 'responds with a 401' do
+      it 'responds with a 400' do
        get :show, params: { access_token: 'unknown_token' }

-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:bad_request)
        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
      end
    end
@@ -49,10 +49,10 @@ RSpec.describe Oauth::TokenInfoController do
        create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes)
      end

-      it 'responds with a 401' do
+      it 'responds with a 400' do
        get :show, params: { access_token: access_token.token }

-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:bad_request)
        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
      end
    end
@@ -60,10 +60,10 @@ RSpec.describe Oauth::TokenInfoController do
    context 'when the token is revoked' do
      let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) }

-      it 'responds with a 401' do
+      it 'responds with a 400' do
        get :show, params: { access_token: access_token.token }

-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:bad_request)
        expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
      end
    end

--- a/spec/requests/api/oauth_tokens_spec.rb
+++ b/spec/requests/api/oauth_tokens_spec.rb
@@ -20,7 +20,7 @@ RSpec.describe 'OAuth tokens' do

        request_oauth_token(user, client_basic_auth_header(client))

-        expect(response).to have_gitlab_http_status(:unauthorized)
+        expect(response).to have_gitlab_http_status(:bad_request)
        expect(json_response['error']).to eq('invalid_grant')
      end
    end
@@ -62,7 +62,7 @@ RSpec.describe 'OAuth tokens' do

            request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret'))

-            expect(response).to have_gitlab_http_status(:unauthorized)
+            expect(response).to have_gitlab_http_status(:bad_request)
            expect(json_response['error']).to eq('invalid_client')
          end
        end
@@ -72,7 +72,7 @@ RSpec.describe 'OAuth tokens' do
    shared_examples 'does not create an access token' do
      let(:user) { create(:user) }

-      it { expect(response).to have_gitlab_http_status(:unauthorized) }
+      it { expect(response).to have_gitlab_http_status(:bad_request) }
    end

    context 'when user is blocked' do