vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller_test.rb

   1 require File.dirname(__FILE__) + '/../test_helper'
   2 require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
   3 require 'oauth/client/action_controller_request'
   4
   5 class OauthController; def rescue_action(e) raise e end; end
   6
   7 class OauthControllerRequestTokenTest < ActionController::TestCase
   8   include OAuthControllerTestHelper
   9   tests OauthController
  10
  11   def setup
  12     @controller = OauthController.new
  13     setup_oauth
  14     sign_request_with_oauth
  15     @client_application.stubs(:create_request_token).returns(@request_token)
  16   end
  17
  18   def do_get
  19     get :request_token
  20   end
  21
  22   def test_should_be_successful
  23     do_get
  24     assert @response.success?
  25   end
  26
  27   def test_should_query_for_client_application
  28     ClientApplication.expects(:find_by_key).with('key').returns(@client_application)
  29     do_get
  30   end
  31
  32   def test_should_request_token_from_client_application
  33     @client_application.expects(:create_request_token).returns(@request_token)
  34     do_get
  35   end
  36
  37   def test_should_return_token_string
  38     do_get
  39     assert_equal @request_token_string, @response.body
  40   end
  41 end
  42
  43 class OauthControllerTokenAuthorizationTest < ActionController::TestCase
  44    include OAuthControllerTestHelper
  45    tests OauthController
  46
  47   def setup
  48     @controller = OauthController.new
  49     login
  50     setup_oauth
  51     RequestToken.stubs(:find_by_token).returns(@request_token)
  52   end
  53
  54   def do_get
  55     get :authorize, :oauth_token => @request_token.token
  56   end
  57
  58   def do_post
  59     @request_token.expects(:authorize!).with(@user)
  60     post :authorize,:oauth_token=>@request_token.token,:authorize=>"1"
  61   end
  62
  63   def do_post_without_user_authorization
  64     @request_token.expects(:invalidate!)
  65     post :authorize,:oauth_token=>@request_token.token,:authorize=>"0"
  66   end
  67
  68   def do_post_with_callback
  69     @request_token.expects(:authorize!).with(@user)
  70     post :authorize,:oauth_token=>@request_token.token,:oauth_callback=>"http://application/alternative",:authorize=>"1"
  71   end
  72
  73   def do_post_with_no_application_callback
  74     @request_token.expects(:authorize!).with(@user)
  75     @client_application.stubs(:callback_url).returns(nil)
  76     post :authorize, :oauth_token => @request_token.token, :authorize=>"1"
  77   end
  78
  79   def test_should_be_successful
  80     do_get
  81     assert @response.success?
  82   end
  83
  84   def test_should_query_for_client_application
  85     RequestToken.expects(:find_by_token).returns(@request_token)
  86     do_get
  87   end
  88
  89   def test_should_assign_token
  90     do_get
  91     assert_equal @request_token, assigns(:token)
  92   end
  93
  94   def test_should_render_authorize_template
  95     do_get
  96     assert_template('authorize')
  97   end
  98
  99   def test_should_redirect_to_default_callback
 100     do_post
 101     assert_response :redirect
 102     assert_redirected_to("http://application/callback?oauth_token=#{@request_token.token}")
 103   end
 104
 105   def test_should_redirect_to_callback_in_query
 106     do_post_with_callback
 107     assert_response :redirect
 108     assert_redirected_to("http://application/alternative?oauth_token=#{@request_token.token}")
 109   end
 110
 111   def test_should_be_successful_on_authorize_without_any_application_callback
 112     do_post_with_no_application_callback
 113     assert @response.success?
 114     assert_template('authorize_success')
 115   end
 116
 117   def test_should_render_failure_screen_on_user_invalidation
 118     do_post_without_user_authorization
 119     assert_template('authorize_failure')
 120   end
 121
 122   def test_should_render_failure_screen_if_token_is_invalidated
 123     @request_token.expects(:invalidated?).returns(true)
 124     do_get
 125     assert_template('authorize_failure')
 126   end
 127
 128
 129 end
 130
 131 class OauthControllerGetAccessTokenTest < ActionController::TestCase
 132   include OAuthControllerTestHelper
 133   tests OauthController
 134
 135   def setup
 136     @controller = OauthController.new
 137     setup_oauth
 138     sign_request_with_oauth @request_token
 139     @request_token.stubs(:exchange!).returns(@access_token)
 140   end
 141
 142   def do_get
 143     get :access_token
 144   end
 145
 146   def test_should_be_successful
 147     do_get
 148     assert @response.success?
 149   end
 150
 151   def test_should_query_for_client_application
 152     ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
 153     do_get
 154   end
 155
 156   def test_should_request_token_from_client_application
 157     @request_token.expects(:exchange!).returns(@access_token)
 158     do_get
 159   end
 160
 161   def test_should__return_token_string
 162     do_get
 163     assert_equal @access_token_string, @response.body
 164   end
 165 end
 166
 167 class OauthorizedController < ApplicationController
 168   before_filter :login_or_oauth_required,:only=>:both
 169   before_filter :login_required,:only=>:interactive
 170   before_filter :oauth_required,:only=>:token_only
 171
 172   def interactive
 173     render :text => "interactive"
 174   end
 175
 176   def token_only
 177     render :text => "token"
 178   end
 179
 180   def both
 181     render :text => "both"
 182   end
 183 end
 184
 185
 186 class OauthControllerAccessControlTest < ActionController::TestCase
 187   include OAuthControllerTestHelper
 188   tests OauthorizedController
 189
 190   def setup
 191     @controller = OauthorizedController.new
 192   end
 193
 194   def test_should__have_access_token_set_up_correctly
 195     setup_to_authorize_request
 196     assert @access_token.is_a?(AccessToken)
 197     assert @access_token.authorized?
 198     assert !@access_token.invalidated?
 199     assert_equal @user, @access_token.user
 200     assert_equal @client_application, @access_token.client_application
 201   end
 202
 203   def test_should_return_false_for_oauth_by_default
 204     assert_equal false, @controller.send(:oauth?)
 205   end
 206
 207   def test_should_return_nil_for_current_token_by_default
 208     assert_nil @controller.send(:current_token)
 209   end
 210
 211   def test_should_allow_oauth_when_using_login_or_oauth_required
 212     setup_to_authorize_request
 213     sign_request_with_oauth(@access_token)
 214     ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
 215     get :both
 216     assert_equal @access_token, @controller.send(:current_token)
 217     assert @controller.send(:current_token).is_a?(AccessToken)
 218     assert_equal @user, @controller.send(:current_user)
 219     assert_equal @client_application, @controller.send(:current_client_application)
 220     assert_equal '200', @response.code
 221     assert @response.success?
 222   end
 223
 224   def test_should_allow_interactive_when_using_login_or_oauth_required
 225     login
 226     get :both
 227     assert @response.success?
 228     assert_equal @user, @controller.send(:current_user)
 229     assert_nil @controller.send(:current_token)
 230   end
 231
 232   def test_should_allow_oauth_when_using_oauth_required
 233     setup_to_authorize_request
 234     sign_request_with_oauth(@access_token)
 235     ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
 236     get :token_only
 237     assert_equal @access_token, @controller.send(:current_token)
 238     assert_equal @client_application, @controller.send(:current_client_application)
 239     assert_equal @user, @controller.send(:current_user)
 240     assert_equal '200', @response.code
 241     assert @response.success?
 242   end
 243
 244   def test_should_disallow_oauth_using_request_token_when_using_oauth_required
 245     setup_to_authorize_request
 246     ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
 247     sign_request_with_oauth(@request_token)
 248     get :token_only
 249     assert_equal '401', @response.code
 250   end
 251
 252   def test_should_disallow_interactive_when_using_oauth_required
 253     login
 254     get :token_only
 255     assert_equal '401', @response.code
 256
 257     assert_equal @user, @controller.send(:current_user)
 258     assert_nil @controller.send(:current_token)
 259   end
 260
 261   def test_should_disallow_oauth_when_using_login_required
 262     setup_to_authorize_request
 263     sign_request_with_oauth(@access_token)
 264     get :interactive
 265     assert_equal "302",@response.code
 266     assert_nil @controller.send(:current_user)
 267     assert_nil @controller.send(:current_token)
 268   end
 269
 270   def test_should_allow_interactive_when_using_login_required
 271     login
 272     get :interactive
 273     assert @response.success?
 274     assert_equal @user, @controller.send(:current_user)
 275     assert_nil @controller.send(:current_token)
 276   end
 277
 278 end
 279
 280 class OauthControllerRevokeTest < ActionController::TestCase
 281   include OAuthControllerTestHelper
 282   tests OauthController
 283
 284   def setup
 285     @controller = OauthController.new
 286     setup_oauth_for_user
 287     @request_token.stubs(:invalidate!)
 288   end
 289
 290   def do_post
 291     post :revoke, :token => "TOKEN STRING"
 292   end
 293
 294   def test_should_redirect_to_index
 295     do_post
 296     assert_response :redirect
 297     assert_redirected_to('http://test.host/oauth_clients')
 298   end
 299
 300   def test_should_query_current_users_tokens
 301     @tokens.expects(:find_by_token).returns(@request_token)
 302     do_post
 303   end
 304
 305   def test_should_call_invalidate_on_token
 306     @request_token.expects(:invalidate!)
 307     do_post
 308   end
 309
 310 end