Commit f086b5e9 authored by Igor Drozdov's avatar Igor Drozdov
parent a0efb830
...@@ -26,7 +26,7 @@ gem 'marginalia', '~> 1.9.0' ...@@ -26,7 +26,7 @@ gem 'marginalia', '~> 1.9.0'
# Authentication libraries # Authentication libraries
gem 'devise', '~> 4.6' gem 'devise', '~> 4.6'
gem 'doorkeeper', '~> 5.0.3' gem 'doorkeeper', '~> 5.1.1'
gem 'doorkeeper-openid_connect', '~> 1.6.3' gem 'doorkeeper-openid_connect', '~> 1.6.3'
gem 'omniauth', '~> 1.8' gem 'omniauth', '~> 1.8'
gem 'omniauth-auth0', '~> 2.0.0' gem 'omniauth-auth0', '~> 2.0.0'
......
...@@ -254,8 +254,8 @@ GEM ...@@ -254,8 +254,8 @@ GEM
docile (1.3.2) docile (1.3.2)
domain_name (0.5.20180417) domain_name (0.5.20180417)
unf (>= 0.0.5, < 1.0.0) unf (>= 0.0.5, < 1.0.0)
doorkeeper (5.0.3) doorkeeper (5.1.1)
railties (>= 4.2) railties (>= 5)
doorkeeper-openid_connect (1.6.3) doorkeeper-openid_connect (1.6.3)
doorkeeper (>= 5.0, < 5.2) doorkeeper (>= 5.0, < 5.2)
json-jwt (~> 1.6) json-jwt (~> 1.6)
...@@ -1267,7 +1267,7 @@ DEPENDENCIES ...@@ -1267,7 +1267,7 @@ DEPENDENCIES
diff_match_patch (~> 0.1.0) diff_match_patch (~> 0.1.0)
diffy (~> 3.3) diffy (~> 3.3)
discordrb-webhooks-blackst0ne (~> 3.3) discordrb-webhooks-blackst0ne (~> 3.3)
doorkeeper (~> 5.0.3) doorkeeper (~> 5.1.1)
doorkeeper-openid_connect (~> 1.6.3) doorkeeper-openid_connect (~> 1.6.3)
ed25519 (~> 1.2) ed25519 (~> 1.2)
elasticsearch-api (~> 6.8) elasticsearch-api (~> 6.8)
......
---
title: Bump doorkeeper to 5.1.1
merge_request: 40546
author:
type: changed
...@@ -67,7 +67,9 @@ RSpec.describe 'Jira authorization requests' do ...@@ -67,7 +67,9 @@ RSpec.describe 'Jira authorization requests' do
context 'when code is invalid' do context 'when code is invalid' do
let(:code) { "invalid_code" } let(:code) { "invalid_code" }
it_behaves_like 'an unauthorized request' it 'returns bad request' do
expect(response).to have_gitlab_http_status(:bad_request)
end
end end
end end
end end
......
...@@ -5,10 +5,10 @@ require 'spec_helper' ...@@ -5,10 +5,10 @@ require 'spec_helper'
RSpec.describe Oauth::TokenInfoController do RSpec.describe Oauth::TokenInfoController do
describe '#show' do describe '#show' do
context 'when the user is not authenticated' do context 'when the user is not authenticated' do
it 'responds with a 401' do it 'responds with a 400' do
get :show get :show
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:bad_request)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
end end
end end
...@@ -36,10 +36,10 @@ RSpec.describe Oauth::TokenInfoController do ...@@ -36,10 +36,10 @@ RSpec.describe Oauth::TokenInfoController do
end end
context 'when the doorkeeper_token is not recognised' do context 'when the doorkeeper_token is not recognised' do
it 'responds with a 401' do it 'responds with a 400' do
get :show, params: { access_token: 'unknown_token' } get :show, params: { access_token: 'unknown_token' }
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:bad_request)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
end end
end end
...@@ -49,10 +49,10 @@ RSpec.describe Oauth::TokenInfoController do ...@@ -49,10 +49,10 @@ RSpec.describe Oauth::TokenInfoController do
create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes) create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes)
end end
it 'responds with a 401' do it 'responds with a 400' do
get :show, params: { access_token: access_token.token } get :show, params: { access_token: access_token.token }
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:bad_request)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
end end
end end
...@@ -60,10 +60,10 @@ RSpec.describe Oauth::TokenInfoController do ...@@ -60,10 +60,10 @@ RSpec.describe Oauth::TokenInfoController do
context 'when the token is revoked' do context 'when the token is revoked' do
let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) } let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) }
it 'responds with a 401' do it 'responds with a 400' do
get :show, params: { access_token: access_token.token } get :show, params: { access_token: access_token.token }
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:bad_request)
expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request') expect(Gitlab::Json.parse(response.body)).to include('error' => 'invalid_request')
end end
end end
......
...@@ -20,7 +20,7 @@ RSpec.describe 'OAuth tokens' do ...@@ -20,7 +20,7 @@ RSpec.describe 'OAuth tokens' do
request_oauth_token(user, client_basic_auth_header(client)) request_oauth_token(user, client_basic_auth_header(client))
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['error']).to eq('invalid_grant') expect(json_response['error']).to eq('invalid_grant')
end end
end end
...@@ -62,7 +62,7 @@ RSpec.describe 'OAuth tokens' do ...@@ -62,7 +62,7 @@ RSpec.describe 'OAuth tokens' do
request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret')) request_oauth_token(user, basic_auth_header(client.uid, 'invalid secret'))
expect(response).to have_gitlab_http_status(:unauthorized) expect(response).to have_gitlab_http_status(:bad_request)
expect(json_response['error']).to eq('invalid_client') expect(json_response['error']).to eq('invalid_client')
end end
end end
...@@ -72,7 +72,7 @@ RSpec.describe 'OAuth tokens' do ...@@ -72,7 +72,7 @@ RSpec.describe 'OAuth tokens' do
shared_examples 'does not create an access token' do shared_examples 'does not create an access token' do
let(:user) { create(:user) } let(:user) { create(:user) }
it { expect(response).to have_gitlab_http_status(:unauthorized) } it { expect(response).to have_gitlab_http_status(:bad_request) }
end end
context 'when user is blocked' do context 'when user is blocked' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment