]> git.openstreetmap.org Git - rails.git/blob - test/controllers/oauth2_authorizations_controller_test.rb
Merge remote-tracking branch 'upstream/pull/4889'
[rails.git] / test / controllers / oauth2_authorizations_controller_test.rb
1 require "test_helper"
2
3 class Oauth2AuthorizationsControllerTest < ActionDispatch::IntegrationTest
4   ##
5   # test all routes which lead to this controller
6   def test_routes
7     assert_routing(
8       { :path => "/oauth2/authorize", :method => :get },
9       { :controller => "oauth2_authorizations", :action => "new" }
10     )
11     assert_routing(
12       { :path => "/oauth2/authorize", :method => :post },
13       { :controller => "oauth2_authorizations", :action => "create" }
14     )
15     assert_routing(
16       { :path => "/oauth2/authorize", :method => :delete },
17       { :controller => "oauth2_authorizations", :action => "destroy" }
18     )
19     assert_routing(
20       { :path => "/oauth2/authorize/native", :method => :get },
21       { :controller => "oauth2_authorizations", :action => "show" }
22     )
23   end
24
25   def test_new
26     application = create(:oauth_application, :scopes => "write_api")
27
28     get oauth_authorization_path(:client_id => application.uid,
29                                  :redirect_uri => application.redirect_uri,
30                                  :response_type => "code",
31                                  :scope => "write_api")
32     assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
33                                                                          :redirect_uri => application.redirect_uri,
34                                                                          :response_type => "code",
35                                                                          :scope => "write_api"))
36
37     session_for(create(:user))
38
39     get oauth_authorization_path(:client_id => application.uid,
40                                  :redirect_uri => application.redirect_uri,
41                                  :response_type => "code",
42                                  :scope => "write_api")
43     assert_response :success
44     assert_template "oauth2_authorizations/new"
45   end
46
47   def test_new_native
48     application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
49
50     get oauth_authorization_path(:client_id => application.uid,
51                                  :redirect_uri => application.redirect_uri,
52                                  :response_type => "code",
53                                  :scope => "write_api")
54     assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
55                                                                          :redirect_uri => application.redirect_uri,
56                                                                          :response_type => "code",
57                                                                          :scope => "write_api"))
58
59     session_for(create(:user))
60
61     get oauth_authorization_path(:client_id => application.uid,
62                                  :redirect_uri => application.redirect_uri,
63                                  :response_type => "code",
64                                  :scope => "write_api")
65     assert_response :success
66     assert_template "oauth2_authorizations/new"
67   end
68
69   def test_new_bad_uri
70     application = create(:oauth_application, :scopes => "write_api")
71
72     session_for(create(:user))
73
74     get oauth_authorization_path(:client_id => application.uid,
75                                  :redirect_uri => "https://bad.example.com/",
76                                  :response_type => "code",
77                                  :scope => "write_api")
78     assert_response :bad_request
79     assert_template "oauth2_authorizations/error"
80     assert_select "p", "The requested redirect uri is malformed or doesn't match client redirect URI."
81   end
82
83   def test_new_bad_scope
84     application = create(:oauth_application, :scopes => "write_api")
85
86     session_for(create(:user))
87
88     get oauth_authorization_path(:client_id => application.uid,
89                                  :redirect_uri => application.redirect_uri,
90                                  :response_type => "code",
91                                  :scope => "bad_scope")
92     assert_response :bad_request
93     assert_template "oauth2_authorizations/error"
94     assert_select "p", "The requested scope is invalid, unknown, or malformed."
95
96     get oauth_authorization_path(:client_id => application.uid,
97                                  :redirect_uri => application.redirect_uri,
98                                  :response_type => "code",
99                                  :scope => "write_prefs")
100     assert_response :bad_request
101     assert_template "oauth2_authorizations/error"
102     assert_select "p", "The requested scope is invalid, unknown, or malformed."
103   end
104
105   def test_create
106     application = create(:oauth_application, :scopes => "write_api")
107
108     post oauth_authorization_path(:client_id => application.uid,
109                                   :redirect_uri => application.redirect_uri,
110                                   :response_type => "code",
111                                   :scope => "write_api")
112     assert_response :forbidden
113
114     session_for(create(:user))
115
116     post oauth_authorization_path(:client_id => application.uid,
117                                   :redirect_uri => application.redirect_uri,
118                                   :response_type => "code",
119                                   :scope => "write_api")
120     assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?code=/)
121   end
122
123   def test_create_native
124     application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
125
126     post oauth_authorization_path(:client_id => application.uid,
127                                   :redirect_uri => application.redirect_uri,
128                                   :response_type => "code",
129                                   :scope => "write_api")
130     assert_response :forbidden
131
132     session_for(create(:user))
133
134     post oauth_authorization_path(:client_id => application.uid,
135                                   :redirect_uri => application.redirect_uri,
136                                   :response_type => "code",
137                                   :scope => "write_api")
138     assert_response :redirect
139     assert_equal native_oauth_authorization_path, URI.parse(response.location).path
140     follow_redirect!
141     assert_response :success
142     assert_template "oauth2_authorizations/show"
143   end
144
145   def test_destroy
146     application = create(:oauth_application)
147
148     delete oauth_authorization_path(:client_id => application.uid,
149                                     :redirect_uri => application.redirect_uri,
150                                     :response_type => "code",
151                                     :scope => "write_api")
152     assert_response :forbidden
153
154     session_for(create(:user))
155
156     delete oauth_authorization_path(:client_id => application.uid,
157                                     :redirect_uri => application.redirect_uri,
158                                     :response_type => "code",
159                                     :scope => "write_api")
160     assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?error=access_denied/)
161   end
162
163   def test_destroy_native
164     application = create(:oauth_application, :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
165
166     delete oauth_authorization_path(:client_id => application.uid,
167                                     :redirect_uri => application.redirect_uri,
168                                     :response_type => "code",
169                                     :scope => "write_api")
170     assert_response :forbidden
171
172     session_for(create(:user))
173
174     delete oauth_authorization_path(:client_id => application.uid,
175                                     :redirect_uri => application.redirect_uri,
176                                     :response_type => "code",
177                                     :scope => "write_api")
178     assert_response :bad_request
179   end
180 end