X-Git-Url: https://git.openstreetmap.org./rails.git/blobdiff_plain/477f700cfada25a472b13bdba3882cdb5c047e47..2315885586efd5c0b43311bf49e801302750e77b:/test/integration/oauth_test.rb?ds=sidebyside diff --git a/test/integration/oauth_test.rb b/test/integration/oauth_test.rb index 4f56067a4..dfe2552bb 100644 --- a/test/integration/oauth_test.rb +++ b/test/integration/oauth_test.rb @@ -58,7 +58,6 @@ class OAuthTest < ActionDispatch::IntegrationTest :params => { :oauth_token => token.token, :allow_read_prefs => "1", :allow_write_prefs => "1" } if client.callback_url - assert_response :redirect assert_redirected_to "#{client.callback_url}?oauth_token=#{token.token}" else assert_response :success @@ -91,6 +90,18 @@ class OAuthTest < ActionDispatch::IntegrationTest signed_get "/api/0.6/gpx/2", :oauth => { :token => token } assert_response :forbidden + token.user.suspend! + signed_get "/api/0.6/user/preferences", :oauth => { :token => token } + assert_response :forbidden + + token.user.hide! + signed_get "/api/0.6/user/preferences", :oauth => { :token => token } + assert_response :forbidden + + token.user.unhide! + signed_get "/api/0.6/user/preferences", :oauth => { :token => token } + assert_response :success + session_for(token.user) post "/oauth/revoke", :params => { :token => token.token } @@ -144,7 +155,6 @@ class OAuthTest < ActionDispatch::IntegrationTest post "/oauth/authorize", :params => { :oauth_token => token.token, :oauth_callback => callback_url, :allow_write_api => "1", :allow_read_gpx => "1" } - assert_response :redirect assert_redirected_to "#{callback_url}?oauth_token=#{token.token}" token.reload assert_not_nil token.created_at @@ -174,6 +184,18 @@ class OAuthTest < ActionDispatch::IntegrationTest signed_get "/api/0.6/user/details", :oauth => { :token => token } assert_response :forbidden + token.user.suspend! + signed_get "/api/0.6/gpx/#{trace.id}", :oauth => { :token => token } + assert_response :forbidden + + token.user.hide! + signed_get "/api/0.6/gpx/#{trace.id}", :oauth => { :token => token } + assert_response :forbidden + + token.user.unhide! + signed_get "/api/0.6/gpx/#{trace.id}", :oauth => { :token => token } + assert_response :success + session_for(token.user) post "/oauth/revoke", :params => { :token => token.token } @@ -237,6 +259,18 @@ class OAuthTest < ActionDispatch::IntegrationTest signed_get "/api/0.6/gpx/#{trace.id}", :oauth => { :token => token } assert_response :forbidden + token.user.suspend! + signed_get "/api/0.6/user/preferences", :oauth => { :token => token } + assert_response :forbidden + + token.user.hide! + signed_get "/api/0.6/user/preferences", :oauth => { :token => token } + assert_response :forbidden + + token.user.unhide! + signed_get "/api/0.6/user/preferences", :oauth => { :token => token } + assert_response :success + session_for(token.user) post "/oauth/revoke", :params => { :token => token.token } @@ -292,6 +326,18 @@ class OAuthTest < ActionDispatch::IntegrationTest signed_get "/api/0.6/user/details", :oauth => { :token => token } assert_response :forbidden + token.user.suspend! + signed_get "/api/0.6/gpx/#{trace.id}", :oauth => { :token => token } + assert_response :forbidden + + token.user.hide! + signed_get "/api/0.6/gpx/#{trace.id}", :oauth => { :token => token } + assert_response :forbidden + + token.user.unhide! + signed_get "/api/0.6/gpx/#{trace.id}", :oauth => { :token => token } + assert_response :success + session_for(token.user) post "/oauth/revoke", :params => { :token => token.token }