]> git.openstreetmap.org Git - rails.git/blob - test/controllers/oauth2_applications_controller_test.rb
Merge remote-tracking branch 'upstream/pull/5316'
[rails.git] / test / controllers / oauth2_applications_controller_test.rb
1 require "test_helper"
2
3 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
4   ##
5   # test all routes which lead to this controller
6   def test_routes
7     assert_routing(
8       { :path => "/oauth2/applications", :method => :get },
9       { :controller => "oauth2_applications", :action => "index" }
10     )
11     assert_routing(
12       { :path => "/oauth2/applications", :method => :post },
13       { :controller => "oauth2_applications", :action => "create" }
14     )
15     assert_routing(
16       { :path => "/oauth2/applications/new", :method => :get },
17       { :controller => "oauth2_applications", :action => "new" }
18     )
19     assert_routing(
20       { :path => "/oauth2/applications/1/edit", :method => :get },
21       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
22     )
23     assert_routing(
24       { :path => "/oauth2/applications/1", :method => :get },
25       { :controller => "oauth2_applications", :action => "show", :id => "1" }
26     )
27     assert_routing(
28       { :path => "/oauth2/applications/1", :method => :patch },
29       { :controller => "oauth2_applications", :action => "update", :id => "1" }
30     )
31     assert_routing(
32       { :path => "/oauth2/applications/1", :method => :put },
33       { :controller => "oauth2_applications", :action => "update", :id => "1" }
34     )
35     assert_routing(
36       { :path => "/oauth2/applications/1", :method => :delete },
37       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
38     )
39   end
40
41   def test_index
42     user = create(:user)
43     create_list(:oauth_application, 2, :owner => user)
44
45     get oauth_applications_path
46     assert_redirected_to login_path(:referer => oauth_applications_path)
47
48     session_for(user)
49
50     get oauth_applications_path
51     assert_response :success
52     assert_template "oauth2_applications/index"
53     assert_select "tbody tr", 2
54   end
55
56   def test_index_with_moderator_app
57     user = create(:user)
58     create(:oauth_application, :owner => user, :scopes => "write_redactions")
59
60     session_for(user)
61
62     get oauth_applications_path
63     assert_response :success
64   end
65
66   def test_new
67     user = create(:user)
68
69     get new_oauth_application_path
70     assert_redirected_to login_path(:referer => new_oauth_application_path)
71
72     session_for(user)
73
74     get new_oauth_application_path
75     assert_response :success
76     assert_template "oauth2_applications/new"
77     assert_select "form", 1 do
78       assert_select "input#oauth2_application_name", 1
79       assert_select "textarea#oauth2_application_redirect_uri", 1
80       assert_select "input#oauth2_application_confidential", 1
81       Oauth.scopes.each do |scope|
82         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
83       end
84     end
85   end
86
87   def test_create
88     user = create(:user)
89
90     assert_difference "Doorkeeper::Application.count", 0 do
91       post oauth_applications_path
92     end
93     assert_response :forbidden
94
95     session_for(user)
96
97     assert_difference "Doorkeeper::Application.count", 0 do
98       post oauth_applications_path(:oauth2_application => {
99                                      :name => "Test Application"
100                                    })
101     end
102     assert_response :success
103     assert_template "oauth2_applications/new"
104
105     assert_difference "Doorkeeper::Application.count", 0 do
106       post oauth_applications_path(:oauth2_application => {
107                                      :name => "Test Application",
108                                      :redirect_uri => "https://test.example.com/",
109                                      :scopes => ["bad_scope"]
110                                    })
111     end
112     assert_response :success
113     assert_template "oauth2_applications/new"
114
115     assert_difference "Doorkeeper::Application.count", 1 do
116       post oauth_applications_path(:oauth2_application => {
117                                      :name => "Test Application",
118                                      :redirect_uri => "https://test.example.com/",
119                                      :scopes => ["read_prefs"]
120                                    })
121     end
122     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
123   end
124
125   def test_create_privileged
126     session_for(create(:user))
127
128     assert_difference "Doorkeeper::Application.count", 0 do
129       post oauth_applications_path(:oauth2_application => {
130                                      :name => "Test Application",
131                                      :redirect_uri => "https://test.example.com/",
132                                      :scopes => ["read_email"]
133                                    })
134     end
135     assert_response :success
136     assert_template "oauth2_applications/new"
137
138     session_for(create(:administrator_user))
139
140     assert_difference "Doorkeeper::Application.count", 1 do
141       post oauth_applications_path(:oauth2_application => {
142                                      :name => "Test Application",
143                                      :redirect_uri => "https://test.example.com/",
144                                      :scopes => ["read_email"]
145                                    })
146     end
147     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
148   end
149
150   def test_show
151     user = create(:user)
152     client = create(:oauth_application, :owner => user)
153     other_client = create(:oauth_application)
154
155     get oauth_application_path(:id => client)
156     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
157
158     session_for(user)
159
160     get oauth_application_path(:id => other_client)
161     assert_response :not_found
162     assert_template "oauth2_applications/not_found"
163
164     get oauth_application_path(:id => client)
165     assert_response :success
166     assert_template "oauth2_applications/show"
167   end
168
169   def test_edit
170     user = create(:user)
171     client = create(:oauth_application, :owner => user)
172     other_client = create(:oauth_application)
173
174     get edit_oauth_application_path(:id => client)
175     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
176
177     session_for(user)
178
179     get edit_oauth_application_path(:id => other_client)
180     assert_response :not_found
181     assert_template "oauth2_applications/not_found"
182
183     get edit_oauth_application_path(:id => client)
184     assert_response :success
185     assert_template "oauth2_applications/edit"
186     assert_select "form", 1 do
187       assert_select "input#oauth2_application_name", 1
188       assert_select "textarea#oauth2_application_redirect_uri", 1
189       assert_select "input#oauth2_application_confidential", 1
190       Oauth.scopes.each do |scope|
191         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
192       end
193     end
194   end
195
196   def test_update
197     user = create(:user)
198     client = create(:oauth_application, :owner => user)
199     other_client = create(:oauth_application)
200
201     put oauth_application_path(:id => client)
202     assert_response :forbidden
203
204     session_for(user)
205
206     put oauth_application_path(:id => other_client)
207     assert_response :not_found
208     assert_template "oauth2_applications/not_found"
209
210     put oauth_application_path(:id => client,
211                                :oauth2_application => {
212                                  :name => "New Name",
213                                  :redirect_uri => nil
214                                })
215     assert_response :success
216     assert_template "oauth2_applications/edit"
217
218     put oauth_application_path(:id => client,
219                                :oauth2_application => {
220                                  :name => "New Name",
221                                  :redirect_uri => "https://new.example.com/url"
222                                })
223     assert_redirected_to oauth_application_path(:id => client.id)
224   end
225
226   def test_destroy
227     user = create(:user)
228     client = create(:oauth_application, :owner => user)
229     other_client = create(:oauth_application)
230
231     assert_difference "Doorkeeper::Application.count", 0 do
232       delete oauth_application_path(:id => client)
233     end
234     assert_response :forbidden
235
236     session_for(user)
237
238     assert_difference "Doorkeeper::Application.count", 0 do
239       delete oauth_application_path(:id => other_client)
240     end
241     assert_response :not_found
242     assert_template "oauth2_applications/not_found"
243
244     assert_difference "Doorkeeper::Application.count", -1 do
245       delete oauth_application_path(:id => client)
246     end
247     assert_redirected_to oauth_applications_path
248   end
249 end