]> git.openstreetmap.org Git - rails.git/blob - test/controllers/oauth2_applications_controller_test.rb
Allow revokers to edit revoked blocks
[rails.git] / test / controllers / oauth2_applications_controller_test.rb
1 require "test_helper"
2
3 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
4   ##
5   # test all routes which lead to this controller
6   def test_routes
7     assert_routing(
8       { :path => "/oauth2/applications", :method => :get },
9       { :controller => "oauth2_applications", :action => "index" }
10     )
11     assert_routing(
12       { :path => "/oauth2/applications", :method => :post },
13       { :controller => "oauth2_applications", :action => "create" }
14     )
15     assert_routing(
16       { :path => "/oauth2/applications/new", :method => :get },
17       { :controller => "oauth2_applications", :action => "new" }
18     )
19     assert_routing(
20       { :path => "/oauth2/applications/1/edit", :method => :get },
21       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
22     )
23     assert_routing(
24       { :path => "/oauth2/applications/1", :method => :get },
25       { :controller => "oauth2_applications", :action => "show", :id => "1" }
26     )
27     assert_routing(
28       { :path => "/oauth2/applications/1", :method => :patch },
29       { :controller => "oauth2_applications", :action => "update", :id => "1" }
30     )
31     assert_routing(
32       { :path => "/oauth2/applications/1", :method => :put },
33       { :controller => "oauth2_applications", :action => "update", :id => "1" }
34     )
35     assert_routing(
36       { :path => "/oauth2/applications/1", :method => :delete },
37       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
38     )
39   end
40
41   def test_index
42     user = create(:user)
43     create_list(:oauth_application, 2, :owner => user)
44
45     get oauth_applications_path
46     assert_redirected_to login_path(:referer => oauth_applications_path)
47
48     session_for(user)
49
50     get oauth_applications_path
51     assert_response :success
52     assert_template "oauth2_applications/index"
53     assert_select "tbody tr", 2
54   end
55
56   def test_new
57     user = create(:user)
58
59     get new_oauth_application_path
60     assert_redirected_to login_path(:referer => new_oauth_application_path)
61
62     session_for(user)
63
64     get new_oauth_application_path
65     assert_response :success
66     assert_template "oauth2_applications/new"
67     assert_select "form", 1 do
68       assert_select "input#oauth2_application_name", 1
69       assert_select "textarea#oauth2_application_redirect_uri", 1
70       assert_select "input#oauth2_application_confidential", 1
71       Oauth.scopes.each do |scope|
72         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
73       end
74     end
75   end
76
77   def test_create
78     user = create(:user)
79
80     assert_difference "Doorkeeper::Application.count", 0 do
81       post oauth_applications_path
82     end
83     assert_response :forbidden
84
85     session_for(user)
86
87     assert_difference "Doorkeeper::Application.count", 0 do
88       post oauth_applications_path(:oauth2_application => {
89                                      :name => "Test Application"
90                                    })
91     end
92     assert_response :success
93     assert_template "oauth2_applications/new"
94
95     assert_difference "Doorkeeper::Application.count", 0 do
96       post oauth_applications_path(:oauth2_application => {
97                                      :name => "Test Application",
98                                      :redirect_uri => "https://test.example.com/",
99                                      :scopes => ["bad_scope"]
100                                    })
101     end
102     assert_response :success
103     assert_template "oauth2_applications/new"
104
105     assert_difference "Doorkeeper::Application.count", 1 do
106       post oauth_applications_path(:oauth2_application => {
107                                      :name => "Test Application",
108                                      :redirect_uri => "https://test.example.com/",
109                                      :scopes => ["read_prefs"]
110                                    })
111     end
112     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
113   end
114
115   def test_create_privileged
116     session_for(create(:user))
117
118     assert_difference "Doorkeeper::Application.count", 0 do
119       post oauth_applications_path(:oauth2_application => {
120                                      :name => "Test Application",
121                                      :redirect_uri => "https://test.example.com/",
122                                      :scopes => ["read_email"]
123                                    })
124     end
125     assert_response :success
126     assert_template "oauth2_applications/new"
127
128     session_for(create(:administrator_user))
129
130     assert_difference "Doorkeeper::Application.count", 1 do
131       post oauth_applications_path(:oauth2_application => {
132                                      :name => "Test Application",
133                                      :redirect_uri => "https://test.example.com/",
134                                      :scopes => ["read_email"]
135                                    })
136     end
137     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
138   end
139
140   def test_show
141     user = create(:user)
142     client = create(:oauth_application, :owner => user)
143     other_client = create(:oauth_application)
144
145     get oauth_application_path(:id => client)
146     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
147
148     session_for(user)
149
150     get oauth_application_path(:id => other_client)
151     assert_response :not_found
152     assert_template "oauth2_applications/not_found"
153
154     get oauth_application_path(:id => client)
155     assert_response :success
156     assert_template "oauth2_applications/show"
157   end
158
159   def test_edit
160     user = create(:user)
161     client = create(:oauth_application, :owner => user)
162     other_client = create(:oauth_application)
163
164     get edit_oauth_application_path(:id => client)
165     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
166
167     session_for(user)
168
169     get edit_oauth_application_path(:id => other_client)
170     assert_response :not_found
171     assert_template "oauth2_applications/not_found"
172
173     get edit_oauth_application_path(:id => client)
174     assert_response :success
175     assert_template "oauth2_applications/edit"
176     assert_select "form", 1 do
177       assert_select "input#oauth2_application_name", 1
178       assert_select "textarea#oauth2_application_redirect_uri", 1
179       assert_select "input#oauth2_application_confidential", 1
180       Oauth.scopes.each do |scope|
181         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
182       end
183     end
184   end
185
186   def test_update
187     user = create(:user)
188     client = create(:oauth_application, :owner => user)
189     other_client = create(:oauth_application)
190
191     put oauth_application_path(:id => client)
192     assert_response :forbidden
193
194     session_for(user)
195
196     put oauth_application_path(:id => other_client)
197     assert_response :not_found
198     assert_template "oauth2_applications/not_found"
199
200     put oauth_application_path(:id => client,
201                                :oauth2_application => {
202                                  :name => "New Name",
203                                  :redirect_uri => nil
204                                })
205     assert_response :success
206     assert_template "oauth2_applications/edit"
207
208     put oauth_application_path(:id => client,
209                                :oauth2_application => {
210                                  :name => "New Name",
211                                  :redirect_uri => "https://new.example.com/url"
212                                })
213     assert_redirected_to oauth_application_path(:id => client.id)
214   end
215
216   def test_destroy
217     user = create(:user)
218     client = create(:oauth_application, :owner => user)
219     other_client = create(:oauth_application)
220
221     assert_difference "Doorkeeper::Application.count", 0 do
222       delete oauth_application_path(:id => client)
223     end
224     assert_response :forbidden
225
226     session_for(user)
227
228     assert_difference "Doorkeeper::Application.count", 0 do
229       delete oauth_application_path(:id => other_client)
230     end
231     assert_response :not_found
232     assert_template "oauth2_applications/not_found"
233
234     assert_difference "Doorkeeper::Application.count", -1 do
235       delete oauth_application_path(:id => client)
236     end
237     assert_redirected_to oauth_applications_path
238   end
239 end