- token = parse_token(response)
- assert_instance_of RequestToken, token
- assert_not_nil token.created_at
- assert_nil token.authorized_at
- assert_nil token.invalidated_at
- assert_allowed token, client.permissions
+
+ trace = create(:trace, :user => client.user)
+ signed_get "/api/0.6/gpx/#{trace.id}", :consumer => client, :token => token
+ assert_response :forbidden
+
+ post "/oauth/revoke", :params => { :token => token.token }
+ assert_redirected_to oauth_clients_url(token.user.display_name)
+ token = OauthToken.find_by(:token => token.token)
+ assert_not_nil token.invalidated_at
+
+ signed_get "/api/0.6/user/preferences", :consumer => client, :token => token
+ assert_response :unauthorized
+ end
+
+ def oauth10a_with_callback(client, callback_url)
+ token = get_request_token(client, :oauth_callback => callback_url)
+
+ get "/oauth/authorize", :params => { :oauth_token => token.token }
+ assert_response :success
+ assert_template :authorize