Commit c46dc161 authored by Gabriel Mazetto's avatar Gabriel Mazetto

Codestyle changes and LogoutTokenValidationService behaves consistently

parent 28afd265
...@@ -34,10 +34,7 @@ class Oauth::GeoAuthController < ActionController::Base ...@@ -34,10 +34,7 @@ class Oauth::GeoAuthController < ActionController::Base
end end
def logout def logout
oauth = Gitlab::Geo::OauthSession.new(state: params[:state]) logout = Oauth2::LogoutTokenValidationService.new(current_user, params)
token_string = oauth.extract_logout_token
logout = Oauth2::LogoutTokenValidationService.new(current_user, token_string)
result = logout.validate result = logout.validate
if result[:status] == :success if result[:status] == :success
sign_out current_user sign_out current_user
......
...@@ -2,14 +2,16 @@ module Oauth2 ...@@ -2,14 +2,16 @@ module Oauth2
class LogoutTokenValidationService < ::BaseService class LogoutTokenValidationService < ::BaseService
attr_reader :status, :current_user attr_reader :status, :current_user
def initialize(user, access_token_string) def initialize(user, params={})
@access_token_string = access_token_string if params && params[:state] && !params[:state].empty?
oauth = Gitlab::Geo::OauthSession.new(state: params[:state])
@access_token_string = oauth.extract_logout_token
end
@current_user = user @current_user = user
end end
def validate def execute
return false unless access_token return error('access token not found') unless access_token
status = Oauth2::AccessTokenValidationService.validate(access_token) status = Oauth2::AccessTokenValidationService.validate(access_token)
if status == Oauth2::AccessTokenValidationService::VALID if status == Oauth2::AccessTokenValidationService::VALID
......
...@@ -103,7 +103,7 @@ describe Oauth::GeoAuthController do ...@@ -103,7 +103,7 @@ describe Oauth::GeoAuthController do
end end
it 'handles access token problems' do it 'handles access token problems' do
allow_any_instance_of(Oauth2::LogoutTokenValidationService).to receive(:validate) { { :status => :error, :message => :expired } } allow_any_instance_of(Oauth2::LogoutTokenValidationService).to receive(:validate) { { status: :error, message: :expired } }
get :logout, state: logout_state get :logout, state: logout_state
expect(response.body).to include("There is a problem with the OAuth access_token: #{:expired}") expect(response.body).to include("There is a problem with the OAuth access_token: #{:expired}")
......
...@@ -3,19 +3,38 @@ require 'spec_helper' ...@@ -3,19 +3,38 @@ require 'spec_helper'
describe Oauth2::LogoutTokenValidationService, services: true do describe Oauth2::LogoutTokenValidationService, services: true do
let(:user) { FactoryGirl.create(:user) } let(:user) { FactoryGirl.create(:user) }
let(:access_token) { FactoryGirl.create(:doorkeeper_access_token, resource_owner_id: user.id).token } let(:access_token) { FactoryGirl.create(:doorkeeper_access_token, resource_owner_id: user.id).token }
let(:logout_state) { Gitlab::Geo::OauthSession.new(access_token: access_token).generate_logout_state }
context '#validate' do context '#execute' do
it 'returns false when empty' do it 'returns error when params are nil' do
expect(described_class.new(user, nil).validate).to be_falsey result = described_class.new(user, nil).execute
expect(result[:status]).to eq(:error)
end end
it 'returns false when incorrect encoding' do it 'return error when params are empty' do
result = described_class.new(user, {}).execute
expect(result[:status]).to eq(:error)
end
it 'returns error when state param is empty' do
result = described_class.new(user, { state: nil }).execute
expect(result[:status]).to eq(:error)
result = described_class.new(user, { state: '' }).execute
expect(result[:status]).to eq(:error)
end
it 'returns error when incorrect encoding' do
invalid_token = "\xD800\xD801\xD802" invalid_token = "\xD800\xD801\xD802"
expect(described_class.new(user, invalid_token).validate).to be_falsey allow_any_instance_of(Gitlab::Geo::OauthSession).to receive(:extract_logout_token) { invalid_token }
result = described_class.new(user, { state: logout_state }).execute
expect(result[:status]).to eq(:error)
end end
it 'returns true when token is valid' do it 'returns true when token is valid' do
expect(described_class.new(user, access_token).validate).to be_truthy result = described_class.new(user, { state: logout_state }).execute
expect(result[:status]).to eq(:success)
end end
end end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment