]> git.openstreetmap.org Git - rails.git/blob - test/controllers/oauth2_applications_controller_test.rb
Allow OAuth 2 authorizations to redirect to anywhere
[rails.git] / test / controllers / oauth2_applications_controller_test.rb
1 require "test_helper"
2
3 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
4   ##
5   # test all routes which lead to this controller
6   def test_routes
7     assert_routing(
8       { :path => "/oauth2/applications", :method => :get },
9       { :controller => "oauth2_applications", :action => "index" }
10     )
11     assert_routing(
12       { :path => "/oauth2/applications", :method => :post },
13       { :controller => "oauth2_applications", :action => "create" }
14     )
15     assert_routing(
16       { :path => "/oauth2/applications/new", :method => :get },
17       { :controller => "oauth2_applications", :action => "new" }
18     )
19     assert_routing(
20       { :path => "/oauth2/applications/1/edit", :method => :get },
21       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
22     )
23     assert_routing(
24       { :path => "/oauth2/applications/1", :method => :get },
25       { :controller => "oauth2_applications", :action => "show", :id => "1" }
26     )
27     assert_routing(
28       { :path => "/oauth2/applications/1", :method => :patch },
29       { :controller => "oauth2_applications", :action => "update", :id => "1" }
30     )
31     assert_routing(
32       { :path => "/oauth2/applications/1", :method => :put },
33       { :controller => "oauth2_applications", :action => "update", :id => "1" }
34     )
35     assert_routing(
36       { :path => "/oauth2/applications/1", :method => :delete },
37       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
38     )
39   end
40
41   def test_index
42     user = create(:user)
43     create_list(:oauth_application, 2, :owner => user)
44
45     get oauth_applications_path
46     assert_response :redirect
47     assert_redirected_to login_path(:referer => oauth_applications_path)
48
49     session_for(user)
50
51     get oauth_applications_path
52     assert_response :success
53     assert_template "oauth2_applications/index"
54     assert_select "tr", 2
55   end
56
57   def test_new
58     user = create(:user)
59
60     get new_oauth_application_path
61     assert_response :redirect
62     assert_redirected_to login_path(:referer => new_oauth_application_path)
63
64     session_for(user)
65
66     get new_oauth_application_path
67     assert_response :success
68     assert_template "oauth2_applications/new"
69     assert_select "form", 1 do
70       assert_select "input#doorkeeper_application_name", 1
71       assert_select "textarea#doorkeeper_application_redirect_uri", 1
72       assert_select "input#doorkeeper_application_confidential", 1
73       Oauth.scopes.each do |scope|
74         assert_select "input#doorkeeper_application_scopes_#{scope.name}", 1
75       end
76     end
77   end
78
79   def test_create
80     user = create(:user)
81
82     assert_difference "Doorkeeper::Application.count", 0 do
83       post oauth_applications_path
84     end
85     assert_response :forbidden
86
87     session_for(user)
88
89     assert_difference "Doorkeeper::Application.count", 0 do
90       post oauth_applications_path(:doorkeeper_application => {
91                                      :name => "Test Application"
92                                    })
93     end
94     assert_response :success
95     assert_template "oauth2_applications/new"
96
97     assert_difference "Doorkeeper::Application.count", 0 do
98       post oauth_applications_path(:doorkeeper_application => {
99                                      :name => "Test Application",
100                                      :redirect_uri => "https://test.example.com/",
101                                      :scopes => ["bad_scope"]
102                                    })
103     end
104     assert_response :success
105     assert_template "oauth2_applications/new"
106
107     assert_difference "Doorkeeper::Application.count", 1 do
108       post oauth_applications_path(:doorkeeper_application => {
109                                      :name => "Test Application",
110                                      :redirect_uri => "https://test.example.com/",
111                                      :scopes => ["read_prefs"]
112                                    })
113     end
114     assert_response :redirect
115     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
116   end
117
118   def test_show
119     user = create(:user)
120     client = create(:oauth_application, :owner => user)
121     other_client = create(:oauth_application)
122
123     get oauth_application_path(:id => client)
124     assert_response :redirect
125     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
126
127     session_for(user)
128
129     get oauth_application_path(:id => other_client)
130     assert_response :not_found
131     assert_template "oauth2_applications/not_found"
132
133     get oauth_application_path(:id => client)
134     assert_response :success
135     assert_template "oauth2_applications/show"
136   end
137
138   def test_edit
139     user = create(:user)
140     client = create(:oauth_application, :owner => user)
141     other_client = create(:oauth_application)
142
143     get edit_oauth_application_path(:id => client)
144     assert_response :redirect
145     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
146
147     session_for(user)
148
149     get edit_oauth_application_path(:id => other_client)
150     assert_response :not_found
151     assert_template "oauth2_applications/not_found"
152
153     get edit_oauth_application_path(:id => client)
154     assert_response :success
155     assert_template "oauth2_applications/edit"
156     assert_select "form", 1 do
157       assert_select "input#doorkeeper_application_name", 1
158       assert_select "textarea#doorkeeper_application_redirect_uri", 1
159       assert_select "input#doorkeeper_application_confidential", 1
160       Oauth.scopes.each do |scope|
161         assert_select "input#doorkeeper_application_scopes_#{scope.name}", 1
162       end
163     end
164   end
165
166   def test_update
167     user = create(:user)
168     client = create(:oauth_application, :owner => user)
169     other_client = create(:oauth_application)
170
171     put oauth_application_path(:id => client)
172     assert_response :forbidden
173
174     session_for(user)
175
176     put oauth_application_path(:id => other_client)
177     assert_response :not_found
178     assert_template "oauth2_applications/not_found"
179
180     put oauth_application_path(:id => client,
181                                :doorkeeper_application => {
182                                  :name => "New Name",
183                                  :redirect_uri => nil
184                                })
185     assert_response :success
186     assert_template "oauth2_applications/edit"
187
188     put oauth_application_path(:id => client,
189                                :doorkeeper_application => {
190                                  :name => "New Name",
191                                  :redirect_uri => "https://new.example.com/url"
192                                })
193     assert_response :redirect
194     assert_redirected_to oauth_application_path(:id => client.id)
195   end
196
197   def test_destroy
198     user = create(:user)
199     client = create(:oauth_application, :owner => user)
200     other_client = create(:oauth_application)
201
202     assert_difference "Doorkeeper::Application.count", 0 do
203       delete oauth_application_path(:id => client)
204     end
205     assert_response :forbidden
206
207     session_for(user)
208
209     assert_difference "Doorkeeper::Application.count", 0 do
210       delete oauth_application_path(:id => other_client)
211     end
212     assert_response :not_found
213     assert_template "oauth2_applications/not_found"
214
215     assert_difference "Doorkeeper::Application.count", -1 do
216       delete oauth_application_path(:id => client)
217     end
218     assert_response :redirect
219     assert_redirected_to oauth_applications_path
220   end
221 end