Merge branch 'security-no-trusted-app-for-group' into 'master'

Removed trusted parameter in Group OAuth parameter See merge request gitlab-org/security/gitlab!1328

Merge branch 'security-no-trusted-app-for-group' into 'master'
Removed trusted parameter in Group OAuth parameter See merge request gitlab-org/security/gitlab!1328
0242bc56 · Robert Speicher · 251a396f · edffc54b · 0242bc56 · 0242bc56
Commit 0242bc56 authored Apr 06, 2021 by Robert Speicher
2 changed files
--- a/app/controllers/groups/settings/applications_controller.rb
+++ b/app/controllers/groups/settings/applications_controller.rb
@@ -65,7 +65,7 @@ module Groups
      def application_params
        params
          .require(:doorkeeper_application)
-          .permit(:name, :redirect_uri, :trusted, :scopes, :confidential)
+          .permit(:name, :redirect_uri, :scopes, :confidential)
          .tap do |params|
            params[:owner] = @group
          end

--- a/spec/controllers/groups/settings/applications_controller_spec.rb
+++ b/spec/controllers/groups/settings/applications_controller_spec.rb
@@ -72,7 +72,7 @@ RSpec.describe Groups::Settings::ApplicationsController do
      end

      it 'creates the application' do
-        create_params = attributes_for(:application, trusted: true, confidential: false, scopes: ['api'])
+        create_params = attributes_for(:application, trusted: false, confidential: false, scopes: ['api'])

        expect do
          post :create, params: { group_id: group, doorkeeper_application: create_params }
@@ -151,7 +151,7 @@ RSpec.describe Groups::Settings::ApplicationsController do

        expect(response).to redirect_to(group_settings_application_path(group, application))
        expect(application)
-          .to have_attributes(redirect_uri: 'http://example.com/', trusted: true, confidential: false)
+          .to have_attributes(redirect_uri: 'http://example.com/', trusted: false, confidential: false)
      end

      it 'renders the application form on errors' do