3 class Oauth2AuthorizationsControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/oauth2/authorize", :method => :get },
9 { :controller => "oauth2_authorizations", :action => "new" }
12 { :path => "/oauth2/authorize", :method => :post },
13 { :controller => "oauth2_authorizations", :action => "create" }
16 { :path => "/oauth2/authorize", :method => :delete },
17 { :controller => "oauth2_authorizations", :action => "destroy" }
20 { :path => "/oauth2/authorize/native", :method => :get },
21 { :controller => "oauth2_authorizations", :action => "show" }
26 application = create(:oauth_application, :scopes => "write_api")
28 get oauth_authorization_path(:client_id => application.uid,
29 :redirect_uri => application.redirect_uri,
30 :response_type => "code",
31 :scope => "write_api")
32 assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
33 :redirect_uri => application.redirect_uri,
34 :response_type => "code",
35 :scope => "write_api"))
37 session_for(create(:user))
39 get oauth_authorization_path(:client_id => application.uid,
40 :redirect_uri => application.redirect_uri,
41 :response_type => "code",
42 :scope => "write_api")
43 assert_response :success
44 assert_template "oauth2_authorizations/new"
48 application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
50 get oauth_authorization_path(:client_id => application.uid,
51 :redirect_uri => application.redirect_uri,
52 :response_type => "code",
53 :scope => "write_api")
54 assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
55 :redirect_uri => application.redirect_uri,
56 :response_type => "code",
57 :scope => "write_api"))
59 session_for(create(:user))
61 get oauth_authorization_path(:client_id => application.uid,
62 :redirect_uri => application.redirect_uri,
63 :response_type => "code",
64 :scope => "write_api")
65 assert_response :success
66 assert_template "oauth2_authorizations/new"
70 application = create(:oauth_application, :scopes => "write_api")
72 session_for(create(:user))
74 get oauth_authorization_path(:client_id => application.uid,
75 :redirect_uri => "https://bad.example.com/",
76 :response_type => "code",
77 :scope => "write_api")
78 assert_response :bad_request
79 assert_template "oauth2_authorizations/error"
80 assert_select "p", "The requested redirect uri is malformed or doesn't match client redirect URI."
83 def test_new_bad_scope
84 application = create(:oauth_application, :scopes => "write_api")
86 session_for(create(:user))
88 get oauth_authorization_path(:client_id => application.uid,
89 :redirect_uri => application.redirect_uri,
90 :response_type => "code",
91 :scope => "bad_scope")
92 assert_response :bad_request
93 assert_template "oauth2_authorizations/error"
94 assert_select "p", "The requested scope is invalid, unknown, or malformed."
96 get oauth_authorization_path(:client_id => application.uid,
97 :redirect_uri => application.redirect_uri,
98 :response_type => "code",
99 :scope => "write_prefs")
100 assert_response :bad_request
101 assert_template "oauth2_authorizations/error"
102 assert_select "p", "The requested scope is invalid, unknown, or malformed."
105 def test_new_db_readonly
106 application = create(:oauth_application, :scopes => "write_api")
108 session_for(create(:user))
110 with_settings(:status => "database_readonly") do
111 get oauth_authorization_path(:client_id => application.uid,
112 :redirect_uri => application.redirect_uri,
113 :response_type => "code",
114 :scope => "write_api")
115 assert_redirected_to offline_path
120 application = create(:oauth_application, :scopes => "write_api")
122 post oauth_authorization_path(:client_id => application.uid,
123 :redirect_uri => application.redirect_uri,
124 :response_type => "code",
125 :scope => "write_api")
126 assert_response :forbidden
128 session_for(create(:user))
130 post oauth_authorization_path(:client_id => application.uid,
131 :redirect_uri => application.redirect_uri,
132 :response_type => "code",
133 :scope => "write_api")
134 assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?code=/)
137 def test_create_native
138 application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
140 post oauth_authorization_path(:client_id => application.uid,
141 :redirect_uri => application.redirect_uri,
142 :response_type => "code",
143 :scope => "write_api")
144 assert_response :forbidden
146 session_for(create(:user))
148 post oauth_authorization_path(:client_id => application.uid,
149 :redirect_uri => application.redirect_uri,
150 :response_type => "code",
151 :scope => "write_api")
152 assert_response :redirect
153 assert_equal native_oauth_authorization_path, URI.parse(response.location).path
155 assert_response :success
156 assert_template "oauth2_authorizations/show"
160 application = create(:oauth_application)
162 delete oauth_authorization_path(:client_id => application.uid,
163 :redirect_uri => application.redirect_uri,
164 :response_type => "code",
165 :scope => "write_api")
166 assert_response :forbidden
168 session_for(create(:user))
170 delete oauth_authorization_path(:client_id => application.uid,
171 :redirect_uri => application.redirect_uri,
172 :response_type => "code",
173 :scope => "write_api")
174 assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?error=access_denied/)
177 def test_destroy_native
178 application = create(:oauth_application, :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
180 delete oauth_authorization_path(:client_id => application.uid,
181 :redirect_uri => application.redirect_uri,
182 :response_type => "code",
183 :scope => "write_api")
184 assert_response :forbidden
186 session_for(create(:user))
188 delete oauth_authorization_path(:client_id => application.uid,
189 :redirect_uri => application.redirect_uri,
190 :response_type => "code",
191 :scope => "write_api")
192 assert_response :bad_request
projects / rails.git / blob