]> git.openstreetmap.org Git - rails.git/blob - test/controllers/oauth2_applications_controller_test.rb
Merge remote-tracking branch 'upstream/pull/4530'
[rails.git] / test / controllers / oauth2_applications_controller_test.rb
1 require "test_helper"
2
3 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
4   ##
5   # test all routes which lead to this controller
6   def test_routes
7     assert_routing(
8       { :path => "/oauth2/applications", :method => :get },
9       { :controller => "oauth2_applications", :action => "index" }
10     )
11     assert_routing(
12       { :path => "/oauth2/applications", :method => :post },
13       { :controller => "oauth2_applications", :action => "create" }
14     )
15     assert_routing(
16       { :path => "/oauth2/applications/new", :method => :get },
17       { :controller => "oauth2_applications", :action => "new" }
18     )
19     assert_routing(
20       { :path => "/oauth2/applications/1/edit", :method => :get },
21       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
22     )
23     assert_routing(
24       { :path => "/oauth2/applications/1", :method => :get },
25       { :controller => "oauth2_applications", :action => "show", :id => "1" }
26     )
27     assert_routing(
28       { :path => "/oauth2/applications/1", :method => :patch },
29       { :controller => "oauth2_applications", :action => "update", :id => "1" }
30     )
31     assert_routing(
32       { :path => "/oauth2/applications/1", :method => :put },
33       { :controller => "oauth2_applications", :action => "update", :id => "1" }
34     )
35     assert_routing(
36       { :path => "/oauth2/applications/1", :method => :delete },
37       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
38     )
39   end
40
41   def test_index
42     user = create(:user)
43     create_list(:oauth_application, 2, :owner => user)
44
45     get oauth_applications_path
46     assert_response :redirect
47     assert_redirected_to login_path(:referer => oauth_applications_path)
48
49     session_for(user)
50
51     get oauth_applications_path
52     assert_response :success
53     assert_template "oauth2_applications/index"
54     assert_select "tbody tr", 2
55   end
56
57   def test_new
58     user = create(:user)
59
60     get new_oauth_application_path
61     assert_response :redirect
62     assert_redirected_to login_path(:referer => new_oauth_application_path)
63
64     session_for(user)
65
66     get new_oauth_application_path
67     assert_response :success
68     assert_template "oauth2_applications/new"
69     assert_select "form", 1 do
70       assert_select "input#oauth2_application_name", 1
71       assert_select "textarea#oauth2_application_redirect_uri", 1
72       assert_select "input#oauth2_application_confidential", 1
73       Oauth.scopes.each do |scope|
74         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
75       end
76     end
77   end
78
79   def test_create
80     user = create(:user)
81
82     assert_difference "Doorkeeper::Application.count", 0 do
83       post oauth_applications_path
84     end
85     assert_response :forbidden
86
87     session_for(user)
88
89     assert_difference "Doorkeeper::Application.count", 0 do
90       post oauth_applications_path(:oauth2_application => {
91                                      :name => "Test Application"
92                                    })
93     end
94     assert_response :success
95     assert_template "oauth2_applications/new"
96
97     assert_difference "Doorkeeper::Application.count", 0 do
98       post oauth_applications_path(:oauth2_application => {
99                                      :name => "Test Application",
100                                      :redirect_uri => "https://test.example.com/",
101                                      :scopes => ["bad_scope"]
102                                    })
103     end
104     assert_response :success
105     assert_template "oauth2_applications/new"
106
107     assert_difference "Doorkeeper::Application.count", 1 do
108       post oauth_applications_path(:oauth2_application => {
109                                      :name => "Test Application",
110                                      :redirect_uri => "https://test.example.com/",
111                                      :scopes => ["read_prefs"]
112                                    })
113     end
114     assert_response :redirect
115     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
116   end
117
118   def test_create_privileged
119     session_for(create(:user))
120
121     assert_difference "Doorkeeper::Application.count", 0 do
122       post oauth_applications_path(:oauth2_application => {
123                                      :name => "Test Application",
124                                      :redirect_uri => "https://test.example.com/",
125                                      :scopes => ["read_email"]
126                                    })
127     end
128     assert_response :success
129     assert_template "oauth2_applications/new"
130
131     session_for(create(:administrator_user))
132
133     assert_difference "Doorkeeper::Application.count", 1 do
134       post oauth_applications_path(:oauth2_application => {
135                                      :name => "Test Application",
136                                      :redirect_uri => "https://test.example.com/",
137                                      :scopes => ["read_email"]
138                                    })
139     end
140     assert_response :redirect
141     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
142   end
143
144   def test_show
145     user = create(:user)
146     client = create(:oauth_application, :owner => user)
147     other_client = create(:oauth_application)
148
149     get oauth_application_path(:id => client)
150     assert_response :redirect
151     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
152
153     session_for(user)
154
155     get oauth_application_path(:id => other_client)
156     assert_response :not_found
157     assert_template "oauth2_applications/not_found"
158
159     get oauth_application_path(:id => client)
160     assert_response :success
161     assert_template "oauth2_applications/show"
162   end
163
164   def test_edit
165     user = create(:user)
166     client = create(:oauth_application, :owner => user)
167     other_client = create(:oauth_application)
168
169     get edit_oauth_application_path(:id => client)
170     assert_response :redirect
171     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
172
173     session_for(user)
174
175     get edit_oauth_application_path(:id => other_client)
176     assert_response :not_found
177     assert_template "oauth2_applications/not_found"
178
179     get edit_oauth_application_path(:id => client)
180     assert_response :success
181     assert_template "oauth2_applications/edit"
182     assert_select "form", 1 do
183       assert_select "input#oauth2_application_name", 1
184       assert_select "textarea#oauth2_application_redirect_uri", 1
185       assert_select "input#oauth2_application_confidential", 1
186       Oauth.scopes.each do |scope|
187         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
188       end
189     end
190   end
191
192   def test_update
193     user = create(:user)
194     client = create(:oauth_application, :owner => user)
195     other_client = create(:oauth_application)
196
197     put oauth_application_path(:id => client)
198     assert_response :forbidden
199
200     session_for(user)
201
202     put oauth_application_path(:id => other_client)
203     assert_response :not_found
204     assert_template "oauth2_applications/not_found"
205
206     put oauth_application_path(:id => client,
207                                :oauth2_application => {
208                                  :name => "New Name",
209                                  :redirect_uri => nil
210                                })
211     assert_response :success
212     assert_template "oauth2_applications/edit"
213
214     put oauth_application_path(:id => client,
215                                :oauth2_application => {
216                                  :name => "New Name",
217                                  :redirect_uri => "https://new.example.com/url"
218                                })
219     assert_response :redirect
220     assert_redirected_to oauth_application_path(:id => client.id)
221   end
222
223   def test_destroy
224     user = create(:user)
225     client = create(:oauth_application, :owner => user)
226     other_client = create(:oauth_application)
227
228     assert_difference "Doorkeeper::Application.count", 0 do
229       delete oauth_application_path(:id => client)
230     end
231     assert_response :forbidden
232
233     session_for(user)
234
235     assert_difference "Doorkeeper::Application.count", 0 do
236       delete oauth_application_path(:id => other_client)
237     end
238     assert_response :not_found
239     assert_template "oauth2_applications/not_found"
240
241     assert_difference "Doorkeeper::Application.count", -1 do
242       delete oauth_application_path(:id => client)
243     end
244     assert_response :redirect
245     assert_redirected_to oauth_applications_path
246   end
247 end