test/controllers/oauth2_applications_controller_test.rb

   1 require "test_helper"
   2
   3 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
   4   ##
   5   # test all routes which lead to this controller
   6   def test_routes
   7     assert_routing(
   8       { :path => "/oauth2/applications", :method => :get },
   9       { :controller => "oauth2_applications", :action => "index" }
  10     )
  11     assert_routing(
  12       { :path => "/oauth2/applications", :method => :post },
  13       { :controller => "oauth2_applications", :action => "create" }
  14     )
  15     assert_routing(
  16       { :path => "/oauth2/applications/new", :method => :get },
  17       { :controller => "oauth2_applications", :action => "new" }
  18     )
  19     assert_routing(
  20       { :path => "/oauth2/applications/1/edit", :method => :get },
  21       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
  22     )
  23     assert_routing(
  24       { :path => "/oauth2/applications/1", :method => :get },
  25       { :controller => "oauth2_applications", :action => "show", :id => "1" }
  26     )
  27     assert_routing(
  28       { :path => "/oauth2/applications/1", :method => :patch },
  29       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  30     )
  31     assert_routing(
  32       { :path => "/oauth2/applications/1", :method => :put },
  33       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  34     )
  35     assert_routing(
  36       { :path => "/oauth2/applications/1", :method => :delete },
  37       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
  38     )
  39   end
  40
  41   def test_index
  42     user = create(:user)
  43     create_list(:oauth_application, 2, :owner => user)
  44
  45     get oauth_applications_path
  46     assert_redirected_to login_path(:referer => oauth_applications_path)
  47
  48     session_for(user)
  49
  50     get oauth_applications_path
  51     assert_response :success
  52     assert_template "oauth2_applications/index"
  53     assert_select "tbody tr", 2
  54   end
  55
  56   def test_index_with_moderator_app
  57     user = create(:user)
  58     create(:oauth_application, :owner => user, :scopes => "write_redactions")
  59
  60     session_for(user)
  61
  62     get oauth_applications_path
  63     assert_response :success
  64   end
  65
  66   def test_new
  67     user = create(:user)
  68
  69     get new_oauth_application_path
  70     assert_redirected_to login_path(:referer => new_oauth_application_path)
  71
  72     session_for(user)
  73
  74     get new_oauth_application_path
  75     assert_response :success
  76     assert_template "oauth2_applications/new"
  77     assert_select "form", 1 do
  78       assert_select "input#oauth2_application_name", 1
  79       assert_select "textarea#oauth2_application_redirect_uri", 1
  80       assert_select "input#oauth2_application_confidential", 1
  81       Oauth.scopes.each do |scope|
  82         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
  83       end
  84     end
  85   end
  86
  87   def test_create
  88     user = create(:user)
  89
  90     assert_difference "Doorkeeper::Application.count", 0 do
  91       post oauth_applications_path
  92     end
  93     assert_response :forbidden
  94
  95     session_for(user)
  96
  97     assert_difference "Doorkeeper::Application.count", 0 do
  98       post oauth_applications_path(:oauth2_application => {
  99                                      :name => "Test Application"
 100                                    })
 101     end
 102     assert_response :success
 103     assert_template "oauth2_applications/new"
 104
 105     assert_difference "Doorkeeper::Application.count", 0 do
 106       post oauth_applications_path(:oauth2_application => {
 107                                      :name => "Test Application",
 108                                      :redirect_uri => "https://test.example.com/",
 109                                      :scopes => ["bad_scope"]
 110                                    })
 111     end
 112     assert_response :success
 113     assert_template "oauth2_applications/new"
 114
 115     assert_difference "Doorkeeper::Application.count", 1 do
 116       post oauth_applications_path(:oauth2_application => {
 117                                      :name => "Test Application",
 118                                      :redirect_uri => "https://test.example.com/",
 119                                      :scopes => ["read_prefs"]
 120                                    })
 121     end
 122     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 123   end
 124
 125   def test_create_privileged
 126     session_for(create(:user))
 127
 128     assert_difference "Doorkeeper::Application.count", 0 do
 129       post oauth_applications_path(:oauth2_application => {
 130                                      :name => "Test Application",
 131                                      :redirect_uri => "https://test.example.com/",
 132                                      :scopes => ["read_email"]
 133                                    })
 134     end
 135     assert_response :success
 136     assert_template "oauth2_applications/new"
 137
 138     session_for(create(:administrator_user))
 139
 140     assert_difference "Doorkeeper::Application.count", 1 do
 141       post oauth_applications_path(:oauth2_application => {
 142                                      :name => "Test Application",
 143                                      :redirect_uri => "https://test.example.com/",
 144                                      :scopes => ["read_email"]
 145                                    })
 146     end
 147     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 148   end
 149
 150   def test_show
 151     user = create(:user)
 152     client = create(:oauth_application, :owner => user)
 153     other_client = create(:oauth_application)
 154
 155     get oauth_application_path(:id => client)
 156     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
 157
 158     session_for(user)
 159
 160     get oauth_application_path(:id => other_client)
 161     assert_response :not_found
 162     assert_template "oauth2_applications/not_found"
 163
 164     get oauth_application_path(:id => client)
 165     assert_response :success
 166     assert_template "oauth2_applications/show"
 167   end
 168
 169   def test_edit
 170     user = create(:user)
 171     client = create(:oauth_application, :owner => user)
 172     other_client = create(:oauth_application)
 173
 174     get edit_oauth_application_path(:id => client)
 175     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
 176
 177     session_for(user)
 178
 179     get edit_oauth_application_path(:id => other_client)
 180     assert_response :not_found
 181     assert_template "oauth2_applications/not_found"
 182
 183     get edit_oauth_application_path(:id => client)
 184     assert_response :success
 185     assert_template "oauth2_applications/edit"
 186     assert_select "form", 1 do
 187       assert_select "input#oauth2_application_name", 1
 188       assert_select "textarea#oauth2_application_redirect_uri", 1
 189       assert_select "input#oauth2_application_confidential", 1
 190       Oauth.scopes.each do |scope|
 191         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
 192       end
 193     end
 194   end
 195
 196   def test_update
 197     user = create(:user)
 198     client = create(:oauth_application, :owner => user)
 199     other_client = create(:oauth_application)
 200
 201     put oauth_application_path(:id => client)
 202     assert_response :forbidden
 203
 204     session_for(user)
 205
 206     put oauth_application_path(:id => other_client)
 207     assert_response :not_found
 208     assert_template "oauth2_applications/not_found"
 209
 210     put oauth_application_path(:id => client,
 211                                :oauth2_application => {
 212                                  :name => "New Name",
 213                                  :redirect_uri => nil
 214                                })
 215     assert_response :success
 216     assert_template "oauth2_applications/edit"
 217
 218     put oauth_application_path(:id => client,
 219                                :oauth2_application => {
 220                                  :name => "New Name",
 221                                  :redirect_uri => "https://new.example.com/url"
 222                                })
 223     assert_redirected_to oauth_application_path(:id => client.id)
 224   end
 225
 226   def test_destroy
 227     user = create(:user)
 228     client = create(:oauth_application, :owner => user)
 229     other_client = create(:oauth_application)
 230
 231     assert_difference "Doorkeeper::Application.count", 0 do
 232       delete oauth_application_path(:id => client)
 233     end
 234     assert_response :forbidden
 235
 236     session_for(user)
 237
 238     assert_difference "Doorkeeper::Application.count", 0 do
 239       delete oauth_application_path(:id => other_client)
 240     end
 241     assert_response :not_found
 242     assert_template "oauth2_applications/not_found"
 243
 244     assert_difference "Doorkeeper::Application.count", -1 do
 245       delete oauth_application_path(:id => client)
 246     end
 247     assert_redirected_to oauth_applications_path
 248   end
 249 end