- assert_allowed token, [:allow_read_prefs]
-
- signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
- assert_response :success
-
- signed_get "/api/0.6/gpx/2", :consumer => client, :token => token
- assert_response :forbidden
-
- post "/oauth/revoke", :token => token.token
- assert_redirected_to oauth_clients_url(token.user.display_name)
- token = OauthToken.find_by_token(token.token)
- assert_not_nil token.invalidated_at
-
- signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
- assert_response :unauthorized
- end
-
- private
-
- def signed_get(uri, options)
- uri = URI.parse(uri)
- uri.scheme ||= "http"
- uri.host ||= "www.example.com"
-
- helper = OAuth::Client::Helper.new(nil, options)
-
- request = OAuth::RequestProxy.proxy(
- "method" => "GET",
- "uri" => uri,
- "parameters" => helper.oauth_parameters
- )
-
- request.sign!(options)
+ assert_equal_allowing_nil options[:oauth_callback], token.callback_url
+ assert_allowed token, client.permissions