Commit f1645bf7 authored by JB Vasseur's avatar JB Vasseur

Fix unauthorized user tests and add non-authenticated user tests

parent 33c88f5e
...@@ -95,6 +95,14 @@ describe API::Applications, :api do ...@@ -95,6 +95,14 @@ describe API::Applications, :api do
end end
end end
context 'authorized user without authorization' do
it 'cannot list application' do
get api('/applications', user)
expect(response).to have_http_status 403
end
end
context 'non-authenticated user' do context 'non-authenticated user' do
it 'cannot list application' do it 'cannot list application' do
get api('/applications', user) get api('/applications', user)
...@@ -109,16 +117,24 @@ describe API::Applications, :api do ...@@ -109,16 +117,24 @@ describe API::Applications, :api do
it 'can delete an application' do it 'can delete an application' do
expect do expect do
delete api("/applications/#{application.id}", admin_user) delete api("/applications/#{application.id}", admin_user)
end.to change { Doorkeeper::Application.count }.by -1 end.to change { Doorkeeper::Application.count }.by(-1)
expect(response).to have_gitlab_http_status(204) expect(response).to have_gitlab_http_status(204)
end end
end end
context 'non-authenticated user' do context 'authorized user without authorization' do
it 'cannot delete an application' do it 'cannot delete an application' do
delete api("/applications/#{application.id}", user) delete api("/applications/#{application.id}", user)
expect(response).to have_http_status 403
end
end
context 'non-authenticated user' do
it 'cannot delete an application' do
delete api("/applications/#{application.id}")
expect(response).to have_http_status 401 expect(response).to have_http_status 401
end end
end end
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment