Home Explore Help
Register Sign In
bida
/
bastodon
7
0
Fork 0
Files Issues 9 Pull Requests 0 Wiki
Tree: 1416745a2b
Branches Tags
bastodon
/
spec
/
controllers
/
oauth
/
authorizations_controller_spec.rb

authorizations_controller_spec.rb 2.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778 
  1. # frozen_string_literal: true
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe Oauth::AuthorizationsController do
    6. 

  6.   render_views
    7. 

  7. 

  8.   let(:app) { Doorkeeper::Application.create!(name: 'test', redirect_uri: 'http://localhost/', scopes: 'read') }
    9. 

  9. 

  10.   describe 'GET #new' do
    11. 

  11.     subject do
    12. 

  12.       get :new, params: { client_id: app.uid, response_type: 'code', redirect_uri: 'http://localhost/', scope: 'read' }
    13. 

  13.     end
    14. 

  14. 

  15.     shared_examples 'stores location for user' do
    16. 

  16.       it 'stores location for user' do
    17. 

  17.         subject
    18. 

  18.         expect(controller.stored_location_for(:user)).to eq "/oauth/authorize?client_id=#{app.uid}&redirect_uri=http%3A%2F%2Flocalhost%2F&response_type=code&scope=read"
    19. 

  19.       end
    20. 

  20.     end
    21. 

  21. 

  22.     context 'when signed in' do
    23. 

  23.       let!(:user) { Fabricate(:user) }
    24. 

  24. 

  25.       before do
    26. 

  26.         sign_in user, scope: :user
    27. 

  27.       end
    28. 

  28. 

  29.       it 'returns http success' do
    30. 

  30.         subject
    31. 

  31.         expect(response).to have_http_status(200)
    32. 

  32.       end
    33. 

  33. 

  34.       it 'returns private cache control headers' do
    35. 

  35.         subject
    36. 

  36.         expect(response.headers['Cache-Control']).to include('private, no-store')
    37. 

  37.       end
    38. 

  38. 

  39.       it 'gives options to authorize and deny' do
    40. 

  40.         subject
    41. 

  41.         expect(response.body).to match(/Authorize/)
    42. 

  42.       end
    43. 

  43. 

  44.       include_examples 'stores location for user'
    45. 

  45. 

  46.       context 'when app is already authorized' do
    47. 

  47.         before do
    48. 

  48.           Doorkeeper::AccessToken.find_or_create_for(
    49. 

  49.             application: app,
    50. 

  50.             resource_owner: user.id,
    51. 

  51.             scopes: app.scopes,
    52. 

  52.             expires_in: Doorkeeper.configuration.access_token_expires_in,
    53. 

  53.             use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?
    54. 

  54.           )
    55. 

  55.         end
    56. 

  56. 

  57.         it 'redirects to callback' do
    58. 

  58.           subject
    59. 

  59.           expect(response).to redirect_to(/\A#{app.redirect_uri}/)
    60. 

  60.         end
    61. 

  61. 

  62.         it 'does not redirect to callback with force_login=true' do
    63. 

  63.           get :new, params: { client_id: app.uid, response_type: 'code', redirect_uri: 'http://localhost/', scope: 'read', force_login: 'true' }
    64. 

  64.           expect(response.body).to match(/Authorize/)
    65. 

  65.         end
    66. 

  66.       end
    67. 

  67.     end
    68. 

  68. 

  69.     context 'when not signed in' do
    70. 

  70.       it 'redirects' do
    71. 

  71.         subject
    72. 

  72.         expect(response).to redirect_to '/auth/sign_in'
    73. 

  73.       end
    74. 

  74. 

  75.       include_examples 'stores location for user'
    76. 

  76.     end
    77. 

  77.   end
    78. 

  78. end
    79.