3 class Oauth2AuthorizationsControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/oauth2/authorize", :method => :get },
9 { :controller => "oauth2_authorizations", :action => "new" }
12 { :path => "/oauth2/authorize", :method => :post },
13 { :controller => "oauth2_authorizations", :action => "create" }
16 { :path => "/oauth2/authorize", :method => :delete },
17 { :controller => "oauth2_authorizations", :action => "destroy" }
20 { :path => "/oauth2/authorize/native", :method => :get },
21 { :controller => "oauth2_authorizations", :action => "show" }
26 application = create(:oauth_application, :scopes => "write_api")
28 get oauth_authorization_path(:client_id => application.uid,
29 :redirect_uri => application.redirect_uri,
30 :response_type => "code",
31 :scope => "write_api")
32 assert_response :redirect
33 assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
34 :redirect_uri => application.redirect_uri,
35 :response_type => "code",
36 :scope => "write_api"))
38 session_for(create(:user))
40 get oauth_authorization_path(:client_id => application.uid,
41 :redirect_uri => application.redirect_uri,
42 :response_type => "code",
43 :scope => "write_api")
44 assert_response :success
45 assert_template "oauth2_authorizations/new"
49 application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
51 get oauth_authorization_path(:client_id => application.uid,
52 :redirect_uri => application.redirect_uri,
53 :response_type => "code",
54 :scope => "write_api")
55 assert_response :redirect
56 assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
57 :redirect_uri => application.redirect_uri,
58 :response_type => "code",
59 :scope => "write_api"))
61 session_for(create(:user))
63 get oauth_authorization_path(:client_id => application.uid,
64 :redirect_uri => application.redirect_uri,
65 :response_type => "code",
66 :scope => "write_api")
67 assert_response :success
68 assert_template "oauth2_authorizations/new"
72 application = create(:oauth_application, :scopes => "write_api")
74 session_for(create(:user))
76 get oauth_authorization_path(:client_id => application.uid,
77 :redirect_uri => "https://bad.example.com/",
78 :response_type => "code",
79 :scope => "write_api")
80 assert_response :bad_request
81 assert_template "oauth2_authorizations/error"
82 assert_select "p", "The requested redirect uri is malformed or doesn't match client redirect URI."
85 def test_new_bad_scope
86 application = create(:oauth_application, :scopes => "write_api")
88 session_for(create(:user))
90 get oauth_authorization_path(:client_id => application.uid,
91 :redirect_uri => application.redirect_uri,
92 :response_type => "code",
93 :scope => "bad_scope")
94 assert_response :bad_request
95 assert_template "oauth2_authorizations/error"
96 assert_select "p", "The requested scope is invalid, unknown, or malformed."
98 get oauth_authorization_path(:client_id => application.uid,
99 :redirect_uri => application.redirect_uri,
100 :response_type => "code",
101 :scope => "write_prefs")
102 assert_response :bad_request
103 assert_template "oauth2_authorizations/error"
104 assert_select "p", "The requested scope is invalid, unknown, or malformed."
108 application = create(:oauth_application, :scopes => "write_api")
110 post oauth_authorization_path(:client_id => application.uid,
111 :redirect_uri => application.redirect_uri,
112 :response_type => "code",
113 :scope => "write_api")
114 assert_response :forbidden
116 session_for(create(:user))
118 post oauth_authorization_path(:client_id => application.uid,
119 :redirect_uri => application.redirect_uri,
120 :response_type => "code",
121 :scope => "write_api")
122 assert_response :redirect
123 assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?code=/)
126 def test_create_native
127 application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
129 post oauth_authorization_path(:client_id => application.uid,
130 :redirect_uri => application.redirect_uri,
131 :response_type => "code",
132 :scope => "write_api")
133 assert_response :forbidden
135 session_for(create(:user))
137 post oauth_authorization_path(:client_id => application.uid,
138 :redirect_uri => application.redirect_uri,
139 :response_type => "code",
140 :scope => "write_api")
141 assert_response :redirect
142 assert_equal native_oauth_authorization_path, URI.parse(response.location).path
144 assert_response :success
145 assert_template "oauth2_authorizations/show"
149 application = create(:oauth_application)
151 delete oauth_authorization_path(:client_id => application.uid,
152 :redirect_uri => application.redirect_uri,
153 :response_type => "code",
154 :scope => "write_api")
155 assert_response :forbidden
157 session_for(create(:user))
159 delete oauth_authorization_path(:client_id => application.uid,
160 :redirect_uri => application.redirect_uri,
161 :response_type => "code",
162 :scope => "write_api")
163 assert_response :redirect
164 assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?error=access_denied/)
167 def test_destroy_native
168 application = create(:oauth_application, :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
170 delete oauth_authorization_path(:client_id => application.uid,
171 :redirect_uri => application.redirect_uri,
172 :response_type => "code",
173 :scope => "write_api")
174 assert_response :forbidden
176 session_for(create(:user))
178 delete oauth_authorization_path(:client_id => application.uid,
179 :redirect_uri => application.redirect_uri,
180 :response_type => "code",
181 :scope => "write_api")
182 assert_response :bad_request