]> git.openstreetmap.org Git - rails.git/blob - vendor/plugins/oauth-plugin/generators/oauth_provider/templates/controller_test.rb
Merge 16110:16487 from trunk.
[rails.git] / vendor / plugins / oauth-plugin / generators / oauth_provider / templates / controller_test.rb
1 require File.dirname(__FILE__) + '/../test_helper'
2 require File.dirname(__FILE__) + '/../oauth_controller_test_helper'
3 require 'oauth/client/action_controller_request'
4
5 class OauthController; def rescue_action(e) raise e end; end
6
7 class OauthControllerRequestTokenTest < ActionController::TestCase
8   include OAuthControllerTestHelper
9   tests OauthController
10   
11   def setup
12     @controller = OauthController.new
13     setup_oauth
14     sign_request_with_oauth
15     @client_application.stubs(:create_request_token).returns(@request_token)
16   end
17   
18   def do_get
19     get :request_token
20   end
21   
22   def test_should_be_successful
23     do_get
24     assert @response.success?
25   end
26   
27   def test_should_query_for_client_application
28     ClientApplication.expects(:find_by_key).with('key').returns(@client_application)
29     do_get
30   end
31   
32   def test_should_request_token_from_client_application
33     @client_application.expects(:create_request_token).returns(@request_token)
34     do_get
35   end
36   
37   def test_should_return_token_string
38     do_get
39     assert_equal @request_token_string, @response.body
40   end
41 end
42
43 class OauthControllerTokenAuthorizationTest < ActionController::TestCase
44    include OAuthControllerTestHelper
45    tests OauthController
46    
47   def setup
48     @controller = OauthController.new
49     login
50     setup_oauth
51     RequestToken.stubs(:find_by_token).returns(@request_token)
52   end
53   
54   def do_get
55     get :authorize, :oauth_token => @request_token.token
56   end
57
58   def do_post
59     @request_token.expects(:authorize!).with(@user)
60     post :authorize,:oauth_token=>@request_token.token,:authorize=>"1"
61   end
62
63   def do_post_without_user_authorization
64     @request_token.expects(:invalidate!)
65     post :authorize,:oauth_token=>@request_token.token,:authorize=>"0"
66   end
67
68   def do_post_with_callback
69     @request_token.expects(:authorize!).with(@user)
70     post :authorize,:oauth_token=>@request_token.token,:oauth_callback=>"http://application/alternative",:authorize=>"1"
71   end
72
73   def do_post_with_no_application_callback
74     @request_token.expects(:authorize!).with(@user)
75     @client_application.stubs(:callback_url).returns(nil)
76     post :authorize, :oauth_token => @request_token.token, :authorize=>"1"
77   end
78   
79   def test_should_be_successful
80     do_get
81     assert @response.success?
82   end
83   
84   def test_should_query_for_client_application
85     RequestToken.expects(:find_by_token).returns(@request_token)
86     do_get
87   end
88   
89   def test_should_assign_token
90     do_get
91     assert_equal @request_token, assigns(:token)
92   end
93   
94   def test_should_render_authorize_template
95     do_get
96     assert_template('authorize')
97   end
98   
99   def test_should_redirect_to_default_callback
100     do_post
101     assert_response :redirect
102     assert_redirected_to("http://application/callback?oauth_token=#{@request_token.token}")
103   end
104
105   def test_should_redirect_to_callback_in_query
106     do_post_with_callback
107     assert_response :redirect
108     assert_redirected_to("http://application/alternative?oauth_token=#{@request_token.token}")
109   end
110
111   def test_should_be_successful_on_authorize_without_any_application_callback
112     do_post_with_no_application_callback
113     assert @response.success?
114     assert_template('authorize_success')
115   end
116   
117   def test_should_render_failure_screen_on_user_invalidation
118     do_post_without_user_authorization
119     assert_template('authorize_failure')
120   end
121
122   def test_should_render_failure_screen_if_token_is_invalidated
123     @request_token.expects(:invalidated?).returns(true)
124     do_get
125     assert_template('authorize_failure')
126   end
127   
128
129 end
130
131 class OauthControllerGetAccessTokenTest < ActionController::TestCase
132   include OAuthControllerTestHelper
133   tests OauthController
134   
135   def setup
136     @controller = OauthController.new
137     setup_oauth
138     sign_request_with_oauth @request_token
139     @request_token.stubs(:exchange!).returns(@access_token)
140   end
141   
142   def do_get
143     get :access_token
144   end
145   
146   def test_should_be_successful
147     do_get
148     assert @response.success?
149   end
150   
151   def test_should_query_for_client_application
152     ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
153     do_get
154   end
155   
156   def test_should_request_token_from_client_application
157     @request_token.expects(:exchange!).returns(@access_token)
158     do_get
159   end
160   
161   def test_should__return_token_string
162     do_get
163     assert_equal @access_token_string, @response.body
164   end
165 end
166
167 class OauthorizedController < ApplicationController
168   before_filter :login_or_oauth_required,:only=>:both
169   before_filter :login_required,:only=>:interactive
170   before_filter :oauth_required,:only=>:token_only
171     
172   def interactive
173     render :text => "interactive"
174   end
175   
176   def token_only
177     render :text => "token"
178   end
179   
180   def both
181     render :text => "both"
182   end
183 end
184  
185
186 class OauthControllerAccessControlTest < ActionController::TestCase
187   include OAuthControllerTestHelper
188   tests OauthorizedController
189   
190   def setup
191     @controller = OauthorizedController.new
192   end
193   
194   def test_should__have_access_token_set_up_correctly
195     setup_to_authorize_request
196     assert @access_token.is_a?(AccessToken)
197     assert @access_token.authorized?
198     assert !@access_token.invalidated?
199     assert_equal @user, @access_token.user
200     assert_equal @client_application, @access_token.client_application
201   end
202   
203   def test_should_return_false_for_oauth_by_default
204     assert_equal false, @controller.send(:oauth?)
205   end
206
207   def test_should_return_nil_for_current_token_by_default
208     assert_nil @controller.send(:current_token)
209   end
210   
211   def test_should_allow_oauth_when_using_login_or_oauth_required
212     setup_to_authorize_request
213     sign_request_with_oauth(@access_token)
214     ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
215     get :both
216     assert_equal @access_token, @controller.send(:current_token)
217     assert @controller.send(:current_token).is_a?(AccessToken)
218     assert_equal @user, @controller.send(:current_user)
219     assert_equal @client_application, @controller.send(:current_client_application)
220     assert_equal '200', @response.code
221     assert @response.success?
222   end
223
224   def test_should_allow_interactive_when_using_login_or_oauth_required
225     login
226     get :both
227     assert @response.success?
228     assert_equal @user, @controller.send(:current_user)
229     assert_nil @controller.send(:current_token)
230   end
231   
232   def test_should_allow_oauth_when_using_oauth_required
233     setup_to_authorize_request
234     sign_request_with_oauth(@access_token)
235     ClientApplication.expects(:find_token).with(@access_token.token).returns(@access_token)
236     get :token_only
237     assert_equal @access_token, @controller.send(:current_token)
238     assert_equal @client_application, @controller.send(:current_client_application)
239     assert_equal @user, @controller.send(:current_user)
240     assert_equal '200', @response.code
241     assert @response.success? 
242   end
243
244   def test_should_disallow_oauth_using_request_token_when_using_oauth_required
245     setup_to_authorize_request
246     ClientApplication.expects(:find_token).with(@request_token.token).returns(@request_token)
247     sign_request_with_oauth(@request_token)
248     get :token_only
249     assert_equal '401', @response.code
250   end
251
252   def test_should_disallow_interactive_when_using_oauth_required
253     login
254     get :token_only
255     assert_equal '401', @response.code
256     
257     assert_equal @user, @controller.send(:current_user)
258     assert_nil @controller.send(:current_token)
259   end
260
261   def test_should_disallow_oauth_when_using_login_required
262     setup_to_authorize_request
263     sign_request_with_oauth(@access_token)
264     get :interactive
265     assert_equal "302",@response.code
266     assert_nil @controller.send(:current_user)
267     assert_nil @controller.send(:current_token)
268   end
269
270   def test_should_allow_interactive_when_using_login_required
271     login
272     get :interactive
273     assert @response.success?
274     assert_equal @user, @controller.send(:current_user)
275     assert_nil @controller.send(:current_token)
276   end
277
278 end
279
280 class OauthControllerRevokeTest < ActionController::TestCase
281   include OAuthControllerTestHelper
282   tests OauthController
283   
284   def setup
285     @controller = OauthController.new
286     setup_oauth_for_user
287     @request_token.stubs(:invalidate!)
288   end
289   
290   def do_post
291     post :revoke, :token => "TOKEN STRING"
292   end
293   
294   def test_should_redirect_to_index
295     do_post
296     assert_response :redirect
297     assert_redirected_to('http://test.host/oauth_clients')
298   end
299   
300   def test_should_query_current_users_tokens
301     @tokens.expects(:find_by_token).returns(@request_token)
302     do_post
303   end
304   
305   def test_should_call_invalidate_on_token
306     @request_token.expects(:invalidate!)
307     do_post
308   end
309   
310 end