3 class OAuthTest < ActionDispatch::IntegrationTest
4 fixtures :users, :client_applications, :gpx_files
5 set_fixture_class :gpx_files => Trace
9 def test_oauth10_web_app
10 client = client_applications(:oauth_web_app)
12 post_via_redirect "/login",
13 :username => client.user.email, :password => "test"
14 assert_response :success
16 signed_get "/oauth/request_token", :consumer => client
17 assert_response :success
18 token = parse_token(response)
19 assert_instance_of RequestToken, token
20 assert_not_nil token.created_at
21 assert_nil token.authorized_at
22 assert_nil token.invalidated_at
23 assert_allowed token, client.permissions
25 post "/oauth/authorize",
26 :oauth_token => token.token,
27 :allow_read_prefs => true, :allow_write_prefs => true
28 assert_response :redirect
29 assert_redirected_to "http://some.web.app.org/callback?oauth_token=#{token.token}"
31 assert_not_nil token.created_at
32 assert_not_nil token.authorized_at
33 assert_nil token.invalidated_at
34 assert_allowed token, [:allow_read_prefs]
36 signed_get "/oauth/access_token", :consumer => client, :token => token
37 assert_response :success
39 assert_not_nil token.created_at
40 assert_not_nil token.authorized_at
41 assert_not_nil token.invalidated_at
42 token = parse_token(response)
43 assert_instance_of AccessToken, token
44 assert_not_nil token.created_at
45 assert_not_nil token.authorized_at
46 assert_nil token.invalidated_at
47 assert_allowed token, [:allow_read_prefs]
49 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
50 assert_response :success
52 post "/oauth/revoke", :token => token.token
53 assert_redirected_to oauth_clients_url(token.user.display_name)
54 token = OauthToken.find_by_token(token.token)
55 assert_not_nil token.invalidated_at
57 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
58 assert_response :unauthorized
60 signed_get "/oauth/request_token", :consumer => client
61 assert_response :success
62 token = parse_token(response)
63 assert_instance_of RequestToken, token
64 assert_not_nil token.created_at
65 assert_nil token.authorized_at
66 assert_nil token.invalidated_at
67 assert_allowed token, client.permissions
69 post "/oauth/authorize",
70 :oauth_token => token.token,
71 :oauth_callback => "http://another.web.app.org/callback",
72 :allow_write_api => true, :allow_read_gpx => true
73 assert_response :redirect
74 assert_redirected_to "http://another.web.app.org/callback?oauth_token=#{token.token}"
76 assert_not_nil token.created_at
77 assert_not_nil token.authorized_at
78 assert_nil token.invalidated_at
79 assert_allowed token, [:allow_write_api, :allow_read_gpx]
81 signed_get "/oauth/access_token", :consumer => client, :token => token
82 assert_response :success
84 assert_not_nil token.created_at
85 assert_not_nil token.authorized_at
86 assert_not_nil token.invalidated_at
87 token = parse_token(response)
88 assert_instance_of AccessToken, token
89 assert_not_nil token.created_at
90 assert_not_nil token.authorized_at
91 assert_nil token.invalidated_at
92 assert_allowed token, [:allow_write_api, :allow_read_gpx]
94 signed_get "/api/0.6/gpx/2", :consumer => client, :token => token
95 assert_response :success
97 post "/oauth/revoke", :token => token.token
98 assert_redirected_to oauth_clients_url(token.user.display_name)
99 token = OauthToken.find_by_token(token.token)
100 assert_not_nil token.invalidated_at
102 signed_get "/api/0.6/gpx/2", :consumer => client, :token => token
103 assert_response :unauthorized
106 def test_oauth10_desktop_app
107 client = client_applications(:oauth_desktop_app)
109 post_via_redirect "/login",
110 :username => client.user.email, :password => "test"
111 assert_response :success
113 signed_get "/oauth/request_token", :consumer => client
114 assert_response :success
115 token = parse_token(response)
116 assert_instance_of RequestToken, token
117 assert_not_nil token.created_at
118 assert_nil token.authorized_at
119 assert_nil token.invalidated_at
120 assert_allowed token, client.permissions
122 post "/oauth/authorize",
123 :oauth_token => token.token,
124 :allow_read_prefs => true, :allow_write_prefs => true
125 assert_response :success
126 assert_template "authorize_success"
128 assert_not_nil token.created_at
129 assert_not_nil token.authorized_at
130 assert_nil token.invalidated_at
131 assert_allowed token, [:allow_read_prefs]
133 signed_get "/oauth/access_token", :consumer => client, :token => token
134 assert_response :success
136 assert_not_nil token.created_at
137 assert_not_nil token.authorized_at
138 assert_not_nil token.invalidated_at
139 token = parse_token(response)
140 assert_instance_of AccessToken, token
141 assert_not_nil token.created_at
142 assert_not_nil token.authorized_at
143 assert_nil token.invalidated_at
144 assert_allowed token, [:allow_read_prefs]
146 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
147 assert_response :success
149 post "/oauth/revoke", :token => token.token
150 assert_redirected_to oauth_clients_url(token.user.display_name)
151 token = OauthToken.find_by_token(token.token)
152 assert_not_nil token.invalidated_at
154 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
155 assert_response :unauthorized
158 def test_oauth10a_web_app
159 client = client_applications(:oauth_web_app)
161 post_via_redirect "/login",
162 :username => client.user.email, :password => "test"
163 assert_response :success
165 signed_get "/oauth/request_token",
166 :consumer => client, :oauth_callback => "oob"
167 assert_response :success
168 token = parse_token(response)
169 assert_instance_of RequestToken, token
170 assert_not_nil token.created_at
171 assert_nil token.authorized_at
172 assert_nil token.invalidated_at
173 assert_allowed token, client.permissions
175 post "/oauth/authorize",
176 :oauth_token => token.token,
177 :allow_read_prefs => true, :allow_write_prefs => true
178 assert_response :redirect
179 verifier = parse_verifier(response)
180 assert_redirected_to "http://some.web.app.org/callback?oauth_token=#{token.token}&oauth_verifier=#{verifier}"
182 assert_not_nil token.created_at
183 assert_not_nil token.authorized_at
184 assert_nil token.invalidated_at
185 assert_allowed token, [:allow_read_prefs]
187 signed_get "/oauth/access_token", :consumer => client, :token => token
188 assert_response :unauthorized
190 signed_get "/oauth/access_token",
191 :consumer => client, :token => token, :oauth_verifier => verifier
192 assert_response :success
194 assert_not_nil token.created_at
195 assert_not_nil token.authorized_at
196 assert_not_nil token.invalidated_at
197 token = parse_token(response)
198 assert_instance_of AccessToken, token
199 assert_not_nil token.created_at
200 assert_not_nil token.authorized_at
201 assert_nil token.invalidated_at
202 assert_allowed token, [:allow_read_prefs]
204 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
205 assert_response :success
207 post "/oauth/revoke", :token => token.token
208 assert_redirected_to oauth_clients_url(token.user.display_name)
209 token = OauthToken.find_by_token(token.token)
210 assert_not_nil token.invalidated_at
212 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
213 assert_response :unauthorized
215 signed_get "/oauth/request_token",
217 :oauth_callback => "http://another.web.app.org/callback"
218 assert_response :success
219 token = parse_token(response)
220 assert_instance_of RequestToken, token
221 assert_not_nil token.created_at
222 assert_nil token.authorized_at
223 assert_nil token.invalidated_at
224 assert_allowed token, client.permissions
226 post "/oauth/authorize",
227 :oauth_token => token.token,
228 :allow_write_api => true, :allow_read_gpx => true
229 assert_response :redirect
230 verifier = parse_verifier(response)
231 assert_redirected_to "http://another.web.app.org/callback?oauth_token=#{token.token}&oauth_verifier=#{verifier}"
233 assert_not_nil token.created_at
234 assert_not_nil token.authorized_at
235 assert_nil token.invalidated_at
236 assert_allowed token, [:allow_write_api, :allow_read_gpx]
238 signed_get "/oauth/access_token", :consumer => client, :token => token
239 assert_response :unauthorized
241 signed_get "/oauth/access_token",
242 :consumer => client, :token => token, :oauth_verifier => verifier
243 assert_response :success
245 assert_not_nil token.created_at
246 assert_not_nil token.authorized_at
247 assert_not_nil token.invalidated_at
248 token = parse_token(response)
249 assert_instance_of AccessToken, token
250 assert_not_nil token.created_at
251 assert_not_nil token.authorized_at
252 assert_nil token.invalidated_at
253 assert_allowed token, [:allow_write_api, :allow_read_gpx]
255 signed_get "/api/0.6/gpx/2", :consumer => client, :token => token
256 assert_response :success
258 post "/oauth/revoke", :token => token.token
259 assert_redirected_to oauth_clients_url(token.user.display_name)
260 token = OauthToken.find_by_token(token.token)
261 assert_not_nil token.invalidated_at
263 signed_get "/api/0.6/gpx/2", :consumer => client, :token => token
264 assert_response :unauthorized
267 def test_oauth10a_desktop_app
268 client = client_applications(:oauth_desktop_app)
270 post_via_redirect "/login",
271 :username => client.user.email, :password => "test"
272 assert_response :success
274 signed_get "/oauth/request_token",
275 :consumer => client, :oauth_callback => "oob"
276 assert_response :success
277 token = parse_token(response)
278 assert_instance_of RequestToken, token
279 assert_not_nil token.created_at
280 assert_nil token.authorized_at
281 assert_nil token.invalidated_at
282 assert_allowed token, client.permissions
284 post "/oauth/authorize",
285 :oauth_token => token.token,
286 :allow_read_prefs => true, :allow_write_prefs => true
287 assert_response :success
288 assert_template "authorize_success"
289 m = response.body.match("<p>The verification code is ([A-Za-z0-9]+).</p>")
293 assert_not_nil token.created_at
294 assert_not_nil token.authorized_at
295 assert_nil token.invalidated_at
296 assert_allowed token, [:allow_read_prefs]
298 signed_get "/oauth/access_token", :consumer => client, :token => token
299 assert_response :unauthorized
301 signed_get "/oauth/access_token",
302 :consumer => client, :token => token, :oauth_verifier => verifier
303 assert_response :success
305 assert_not_nil token.created_at
306 assert_not_nil token.authorized_at
307 assert_not_nil token.invalidated_at
308 token = parse_token(response)
309 assert_instance_of AccessToken, token
310 assert_not_nil token.created_at
311 assert_not_nil token.authorized_at
312 assert_nil token.invalidated_at
313 assert_allowed token, [:allow_read_prefs]
315 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
316 assert_response :success
318 post "/oauth/revoke", :token => token.token
319 assert_redirected_to oauth_clients_url(token.user.display_name)
320 token = OauthToken.find_by_token(token.token)
321 assert_not_nil token.invalidated_at
323 signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
324 assert_response :unauthorized
329 def signed_get(uri, options)
331 uri.scheme ||= "http"
332 uri.host ||= "www.example.com"
334 helper = OAuth::Client::Helper.new(nil, options)
336 request = OAuth::RequestProxy.proxy(
339 "parameters" => helper.oauth_parameters
342 request.sign!(options)
344 get request.signed_uri
347 def parse_token(response)
348 params = CGI.parse(response.body)
350 token = OauthToken.find_by_token(params["oauth_token"].first)
351 assert_equal token.secret, params["oauth_token_secret"].first
356 def parse_verifier(response)
357 params = CGI.parse(URI.parse(response.location).query)
359 assert_not_nil params["oauth_verifier"]
360 assert params["oauth_verifier"].first.present?
362 params["oauth_verifier"].first
365 def assert_allowed(token, allowed)
366 ClientApplication.all_permissions.each do |p|
367 assert_equal allowed.include?(p), token.attributes[p.to_s]
projects / rails.git / blob