- token = parse_token(response)
- assert_instance_of RequestToken, token
- assert_not_nil token.created_at
- assert_nil token.authorized_at
- assert_nil token.invalidated_at
- assert_allowed token, client.permissions
+
+ oauth10_without_callback(client)
+ oauth10_refused(client)
+ end
+
+ def test_oauth10a_web_app
+ client = create(:client_application, :callback_url => "http://some.web.app.example.org/callback", :allow_read_prefs => true, :allow_write_api => true, :allow_read_gpx => true)
+
+ get "/login"
+ follow_redirect!
+ post "/login", :params => { :username => client.user.email, :password => "test" }
+ follow_redirect!
+ assert_response :success
+
+ oauth10a_without_callback(client)
+ oauth10a_with_callback(client, "http://another.web.app.example.org/callback")
+ oauth10a_refused(client)
+ end
+
+ def test_oauth10a_desktop_app
+ client = create(:client_application, :allow_read_prefs => true, :allow_write_api => true, :allow_read_gpx => true)
+
+ get "/login"
+ follow_redirect!
+ post "/login", :params => { :username => client.user.email, :password => "test" }
+ follow_redirect!
+ assert_response :success
+
+ oauth10a_without_callback(client)
+ oauth10a_refused(client)
+ end
+
+ private
+
+ def oauth10_without_callback(client)
+ token = get_request_token(client)
+
+ get "/oauth/authorize", :params => { :oauth_token => token.token }
+ assert_response :success
+ assert_template :authorize