vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller_spec.rb

   1 require File.dirname(__FILE__) + '/../spec_helper'
   2 require File.dirname(__FILE__) + '/oauth_controller_spec_helper'
   3 require 'oauth/client/action_controller_request'
   4
   5 describe OauthController, "getting a request token" do
   6   include OAuthControllerSpecHelper
   7   before(:each) do
   8     setup_oauth
   9     sign_request_with_oauth
  10     @client_application.stub!(:create_request_token).and_return(@request_token)
  11   end
  12
  13   def do_get
  14     get :request_token
  15   end
  16
  17   it "should be successful" do
  18     do_get
  19     response.should be_success
  20   end
  21
  22   it "should query for client_application" do
  23     ClientApplication.should_receive(:find_by_key).with('key').and_return(@client_application)
  24     do_get
  25   end
  26
  27   it "should request token from client_application" do
  28     @client_application.should_receive(:create_request_token).and_return(@request_token)
  29     do_get
  30   end
  31
  32   it "should return token string" do
  33     do_get
  34     response.body.should == @request_token_string
  35   end
  36 end
  37
  38 describe OauthController, "token authorization" do
  39   include OAuthControllerSpecHelper
  40   before(:each) do
  41     login
  42     setup_oauth
  43     RequestToken.stub!(:find_by_token).and_return(@request_token)
  44   end
  45
  46   def do_get
  47     get :authorize, :oauth_token => @request_token.token
  48   end
  49
  50   def do_post
  51     @request_token.should_receive(:authorize!).with(@user)
  52     post :authorize, :oauth_token => @request_token.token, :authorize => "1"
  53   end
  54
  55   def do_post_without_user_authorization
  56     @request_token.should_receive(:invalidate!)
  57     post :authorize, :oauth_token => @request_token.token, :authorize => "0"
  58   end
  59
  60   def do_post_with_callback
  61     @request_token.should_receive(:authorize!).with(@user)
  62     post :authorize, :oauth_token => @request_token.token, :oauth_callback => "http://application/alternative", :authorize => "1"
  63   end
  64
  65   def do_post_with_no_application_callback
  66     @request_token.should_receive(:authorize!).with(@user)
  67     @client_application.stub!(:callback_url).and_return(nil)
  68     post :authorize, :oauth_token => @request_token.token, :authorize => "1"
  69   end
  70
  71   it "should be successful" do
  72     do_get
  73     response.should be_success
  74   end
  75
  76   it "should query for client_application" do
  77     RequestToken.should_receive(:find_by_token).and_return(@request_token)
  78     do_get
  79   end
  80
  81   it "should assign token" do
  82     do_get
  83     assigns[:token].should equal(@request_token)
  84   end
  85
  86   it "should render authorize template" do
  87     do_get
  88     response.should render_template('authorize')
  89   end
  90
  91   it "should redirect to default callback" do
  92     do_post
  93     response.should be_redirect
  94     response.should redirect_to("http://application/callback?oauth_token=#{@request_token.token}")
  95   end
  96
  97   it "should redirect to callback in query" do
  98     do_post_with_callback
  99     response.should be_redirect
 100     response.should redirect_to("http://application/alternative?oauth_token=#{@request_token.token}")
 101   end
 102
 103   it "should be successful on authorize without any application callback" do
 104     do_post_with_no_application_callback
 105     response.should be_success
 106   end
 107
 108   it "should be successful on authorize without any application callback" do
 109     do_post_with_no_application_callback
 110     response.should render_template('authorize_success')
 111   end
 112
 113   it "should render failure screen on user invalidation" do
 114     do_post_without_user_authorization
 115     response.should render_template('authorize_failure')
 116   end
 117
 118   it "should render failure screen if token is invalidated" do
 119     @request_token.should_receive(:invalidated?).and_return(true)
 120     do_get
 121     response.should render_template('authorize_failure')
 122   end
 123
 124
 125 end
 126
 127
 128 describe OauthController, "getting an access token" do
 129   include OAuthControllerSpecHelper
 130   before(:each) do
 131     setup_oauth
 132     sign_request_with_oauth @request_token
 133     @request_token.stub!(:exchange!).and_return(@access_token)
 134   end
 135
 136   def do_get
 137     get :access_token
 138   end
 139
 140   it "should be successful" do
 141     do_get
 142     response.should be_success
 143   end
 144
 145   it "should query for client_application" do
 146     ClientApplication.should_receive(:find_token).with(@request_token.token).and_return(@request_token)
 147     do_get
 148   end
 149
 150   it "should request token from client_application" do
 151     @request_token.should_receive(:exchange!).and_return(@access_token)
 152     do_get
 153   end
 154
 155   it "should return token string" do
 156     do_get
 157     response.body.should == @access_token_string
 158   end
 159 end
 160
 161 class OauthorizedController<ApplicationController
 162   before_filter :login_or_oauth_required, :only => :both
 163   before_filter :login_required, :only => :interactive
 164   before_filter :oauth_required, :only => :token_only
 165
 166   def interactive
 167   end
 168
 169   def token_only
 170   end
 171
 172   def both
 173   end
 174 end
 175
 176 describe OauthorizedController, " access control" do
 177   include OAuthControllerSpecHelper
 178
 179   before(:each) do
 180   end
 181
 182   it "should have access_token set up correctly" do
 183     setup_to_authorize_request
 184     @access_token.is_a?(AccessToken).should == true
 185     @access_token.should be_authorized
 186     @access_token.should_not be_invalidated
 187     @access_token.user.should == @user
 188     @access_token.client_application.should == @client_application
 189   end
 190
 191   it "should return false for oauth? by default" do
 192     controller.send(:oauth?).should == false
 193   end
 194
 195   it "should return nil for current_token  by default" do
 196     controller.send(:current_token).should be_nil
 197   end
 198
 199   it "should allow oauth when using login_or_oauth_required" do
 200     setup_to_authorize_request
 201     sign_request_with_oauth(@access_token)
 202     ClientApplication.should_receive(:find_token).with(@access_token.token).and_return(@access_token)
 203     get :both
 204     controller.send(:current_token).should == @access_token
 205     controller.send(:current_token).is_a?(AccessToken).should == true
 206     controller.send(:current_user).should == @user
 207     controller.send(:current_client_application).should == @client_application
 208     response.code.should == '200'
 209     response.should be_success
 210   end
 211
 212   it "should allow interactive when using login_or_oauth_required" do
 213     login
 214     get :both
 215     response.should be_success
 216     controller.send(:current_user).should == @user
 217     controller.send(:current_token).should be_nil
 218   end
 219
 220
 221   it "should allow oauth when using oauth_required" do
 222     setup_to_authorize_request
 223     sign_request_with_oauth(@access_token)
 224     ClientApplication.should_receive(:find_token).with(@access_token.token).and_return(@access_token)
 225     get :token_only
 226     controller.send(:current_token).should == @access_token
 227     controller.send(:current_client_application).should == @client_application
 228     controller.send(:current_user).should == @user
 229     response.code.should == '200'
 230     response.should be_success
 231   end
 232
 233   it "should disallow oauth using RequestToken when using oauth_required" do
 234     setup_to_authorize_request
 235     ClientApplication.should_receive(:find_token).with(@request_token.token).and_return(@request_token)
 236     sign_request_with_oauth(@request_token)
 237     get :token_only
 238     response.code.should == '401'
 239   end
 240
 241   it "should disallow interactive when using oauth_required" do
 242     login
 243     get :token_only
 244     response.code.should == '401'
 245
 246     controller.send(:current_user).should == @user
 247     controller.send(:current_token).should be_nil
 248   end
 249
 250   it "should disallow oauth when using login_required" do
 251     setup_to_authorize_request
 252     sign_request_with_oauth(@access_token)
 253     get :interactive
 254     response.code.should == "302"
 255     controller.send(:current_user).should be_nil
 256     controller.send(:current_token).should be_nil
 257   end
 258
 259   it "should allow interactive when using login_required" do
 260     login
 261     get :interactive
 262     response.should be_success
 263     controller.send(:current_user).should == @user
 264     controller.send(:current_token).should be_nil
 265   end
 266
 267 end
 268
 269 describe OauthController, "revoke" do
 270   include OAuthControllerSpecHelper
 271   before(:each) do
 272     setup_oauth_for_user
 273     @request_token.stub!(:invalidate!)
 274   end
 275
 276   def do_post
 277     post :revoke, :token => "TOKEN STRING"
 278   end
 279
 280   it "should redirect to index" do
 281     do_post
 282     response.should be_redirect
 283     response.should redirect_to('http://test.host/oauth_clients')
 284   end
 285
 286   it "should query current_users tokens" do
 287     @tokens.should_receive(:find_by_token).and_return(@request_token)
 288     do_post
 289   end
 290
 291   it "should call invalidate on token" do
 292     @request_token.should_receive(:invalidate!)
 293     do_post
 294   end
 295
 296 end