]> git.openstreetmap.org Git - rails.git/blob - test/controllers/oauth2_authorizations_controller_test.rb
Merge remote-tracking branch 'upstream/pull/5419'
[rails.git] / test / controllers / oauth2_authorizations_controller_test.rb
1 require "test_helper"
2
3 class Oauth2AuthorizationsControllerTest < ActionDispatch::IntegrationTest
4   ##
5   # test all routes which lead to this controller
6   def test_routes
7     assert_routing(
8       { :path => "/oauth2/authorize", :method => :get },
9       { :controller => "oauth2_authorizations", :action => "new" }
10     )
11     assert_routing(
12       { :path => "/oauth2/authorize", :method => :post },
13       { :controller => "oauth2_authorizations", :action => "create" }
14     )
15     assert_routing(
16       { :path => "/oauth2/authorize", :method => :delete },
17       { :controller => "oauth2_authorizations", :action => "destroy" }
18     )
19     assert_routing(
20       { :path => "/oauth2/authorize/native", :method => :get },
21       { :controller => "oauth2_authorizations", :action => "show" }
22     )
23   end
24
25   def test_new
26     application = create(:oauth_application, :scopes => "write_api")
27
28     get oauth_authorization_path(:client_id => application.uid,
29                                  :redirect_uri => application.redirect_uri,
30                                  :response_type => "code",
31                                  :scope => "write_api")
32     assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
33                                                                          :redirect_uri => application.redirect_uri,
34                                                                          :response_type => "code",
35                                                                          :scope => "write_api"))
36
37     session_for(create(:user))
38
39     get oauth_authorization_path(:client_id => application.uid,
40                                  :redirect_uri => application.redirect_uri,
41                                  :response_type => "code",
42                                  :scope => "write_api")
43     assert_response :success
44     assert_template "oauth2_authorizations/new"
45   end
46
47   def test_new_native
48     application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
49
50     get oauth_authorization_path(:client_id => application.uid,
51                                  :redirect_uri => application.redirect_uri,
52                                  :response_type => "code",
53                                  :scope => "write_api")
54     assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
55                                                                          :redirect_uri => application.redirect_uri,
56                                                                          :response_type => "code",
57                                                                          :scope => "write_api"))
58
59     session_for(create(:user))
60
61     get oauth_authorization_path(:client_id => application.uid,
62                                  :redirect_uri => application.redirect_uri,
63                                  :response_type => "code",
64                                  :scope => "write_api")
65     assert_response :success
66     assert_template "oauth2_authorizations/new"
67   end
68
69   def test_new_bad_uri
70     application = create(:oauth_application, :scopes => "write_api")
71
72     session_for(create(:user))
73
74     get oauth_authorization_path(:client_id => application.uid,
75                                  :redirect_uri => "https://bad.example.com/",
76                                  :response_type => "code",
77                                  :scope => "write_api")
78     assert_response :bad_request
79     assert_template "oauth2_authorizations/error"
80     assert_select "p", "The requested redirect uri is malformed or doesn't match client redirect URI."
81   end
82
83   def test_new_bad_scope
84     application = create(:oauth_application, :scopes => "write_api")
85
86     session_for(create(:user))
87
88     get oauth_authorization_path(:client_id => application.uid,
89                                  :redirect_uri => application.redirect_uri,
90                                  :response_type => "code",
91                                  :scope => "bad_scope")
92     assert_response :bad_request
93     assert_template "oauth2_authorizations/error"
94     assert_select "p", "The requested scope is invalid, unknown, or malformed."
95
96     get oauth_authorization_path(:client_id => application.uid,
97                                  :redirect_uri => application.redirect_uri,
98                                  :response_type => "code",
99                                  :scope => "write_prefs")
100     assert_response :bad_request
101     assert_template "oauth2_authorizations/error"
102     assert_select "p", "The requested scope is invalid, unknown, or malformed."
103   end
104
105   def test_new_db_readonly
106     application = create(:oauth_application, :scopes => "write_api")
107
108     session_for(create(:user))
109
110     with_settings(:status => "database_readonly") do
111       get oauth_authorization_path(:client_id => application.uid,
112                                    :redirect_uri => application.redirect_uri,
113                                    :response_type => "code",
114                                    :scope => "write_api")
115       assert_redirected_to offline_path
116     end
117   end
118
119   def test_create
120     application = create(:oauth_application, :scopes => "write_api")
121
122     post oauth_authorization_path(:client_id => application.uid,
123                                   :redirect_uri => application.redirect_uri,
124                                   :response_type => "code",
125                                   :scope => "write_api")
126     assert_response :forbidden
127
128     session_for(create(:user))
129
130     post oauth_authorization_path(:client_id => application.uid,
131                                   :redirect_uri => application.redirect_uri,
132                                   :response_type => "code",
133                                   :scope => "write_api")
134     assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?code=/)
135   end
136
137   def test_create_native
138     application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
139
140     post oauth_authorization_path(:client_id => application.uid,
141                                   :redirect_uri => application.redirect_uri,
142                                   :response_type => "code",
143                                   :scope => "write_api")
144     assert_response :forbidden
145
146     session_for(create(:user))
147
148     post oauth_authorization_path(:client_id => application.uid,
149                                   :redirect_uri => application.redirect_uri,
150                                   :response_type => "code",
151                                   :scope => "write_api")
152     assert_response :redirect
153     assert_equal native_oauth_authorization_path, URI.parse(response.location).path
154     follow_redirect!
155     assert_response :success
156     assert_template "oauth2_authorizations/show"
157   end
158
159   def test_destroy
160     application = create(:oauth_application)
161
162     delete oauth_authorization_path(:client_id => application.uid,
163                                     :redirect_uri => application.redirect_uri,
164                                     :response_type => "code",
165                                     :scope => "write_api")
166     assert_response :forbidden
167
168     session_for(create(:user))
169
170     delete oauth_authorization_path(:client_id => application.uid,
171                                     :redirect_uri => application.redirect_uri,
172                                     :response_type => "code",
173                                     :scope => "write_api")
174     assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?error=access_denied/)
175   end
176
177   def test_destroy_native
178     application = create(:oauth_application, :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
179
180     delete oauth_authorization_path(:client_id => application.uid,
181                                     :redirect_uri => application.redirect_uri,
182                                     :response_type => "code",
183                                     :scope => "write_api")
184     assert_response :forbidden
185
186     session_for(create(:user))
187
188     delete oauth_authorization_path(:client_id => application.uid,
189                                     :redirect_uri => application.redirect_uri,
190                                     :response_type => "code",
191                                     :scope => "write_api")
192     assert_response :bad_request
193   end
194 end