Commit 0242bc56 authored by Robert Speicher's avatar Robert Speicher

Merge branch 'security-no-trusted-app-for-group' into 'master'

Removed trusted parameter in Group OAuth parameter

See merge request gitlab-org/security/gitlab!1328
parents 251a396f edffc54b
......@@ -65,7 +65,7 @@ module Groups
def application_params
params
.require(:doorkeeper_application)
.permit(:name, :redirect_uri, :trusted, :scopes, :confidential)
.permit(:name, :redirect_uri, :scopes, :confidential)
.tap do |params|
params[:owner] = @group
end
......
......@@ -72,7 +72,7 @@ RSpec.describe Groups::Settings::ApplicationsController do
end
it 'creates the application' do
create_params = attributes_for(:application, trusted: true, confidential: false, scopes: ['api'])
create_params = attributes_for(:application, trusted: false, confidential: false, scopes: ['api'])
expect do
post :create, params: { group_id: group, doorkeeper_application: create_params }
......@@ -151,7 +151,7 @@ RSpec.describe Groups::Settings::ApplicationsController do
expect(response).to redirect_to(group_settings_application_path(group, application))
expect(application)
.to have_attributes(redirect_uri: 'http://example.com/', trusted: true, confidential: false)
.to have_attributes(redirect_uri: 'http://example.com/', trusted: false, confidential: false)
end
it 'renders the application form on errors' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment