test/controllers/oauth2_applications_controller_test.rb

   1 require "test_helper"
   2
   3 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
   4   ##
   5   # test all routes which lead to this controller
   6   def test_routes
   7     assert_routing(
   8       { :path => "/oauth2/applications", :method => :get },
   9       { :controller => "oauth2_applications", :action => "index" }
  10     )
  11     assert_routing(
  12       { :path => "/oauth2/applications", :method => :post },
  13       { :controller => "oauth2_applications", :action => "create" }
  14     )
  15     assert_routing(
  16       { :path => "/oauth2/applications/new", :method => :get },
  17       { :controller => "oauth2_applications", :action => "new" }
  18     )
  19     assert_routing(
  20       { :path => "/oauth2/applications/1/edit", :method => :get },
  21       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
  22     )
  23     assert_routing(
  24       { :path => "/oauth2/applications/1", :method => :get },
  25       { :controller => "oauth2_applications", :action => "show", :id => "1" }
  26     )
  27     assert_routing(
  28       { :path => "/oauth2/applications/1", :method => :patch },
  29       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  30     )
  31     assert_routing(
  32       { :path => "/oauth2/applications/1", :method => :put },
  33       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  34     )
  35     assert_routing(
  36       { :path => "/oauth2/applications/1", :method => :delete },
  37       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
  38     )
  39   end
  40
  41   def test_index
  42     user = create(:user)
  43     create_list(:oauth_application, 2, :owner => user)
  44
  45     get oauth_applications_path
  46     assert_redirected_to login_path(:referer => oauth_applications_path)
  47
  48     session_for(user)
  49
  50     get oauth_applications_path
  51     assert_response :success
  52     assert_template "oauth2_applications/index"
  53     assert_select "tbody tr", 2
  54   end
  55
  56   def test_new
  57     user = create(:user)
  58
  59     get new_oauth_application_path
  60     assert_redirected_to login_path(:referer => new_oauth_application_path)
  61
  62     session_for(user)
  63
  64     get new_oauth_application_path
  65     assert_response :success
  66     assert_template "oauth2_applications/new"
  67     assert_select "form", 1 do
  68       assert_select "input#oauth2_application_name", 1
  69       assert_select "textarea#oauth2_application_redirect_uri", 1
  70       assert_select "input#oauth2_application_confidential", 1
  71       Oauth.scopes.each do |scope|
  72         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
  73       end
  74     end
  75   end
  76
  77   def test_create
  78     user = create(:user)
  79
  80     assert_difference "Doorkeeper::Application.count", 0 do
  81       post oauth_applications_path
  82     end
  83     assert_response :forbidden
  84
  85     session_for(user)
  86
  87     assert_difference "Doorkeeper::Application.count", 0 do
  88       post oauth_applications_path(:oauth2_application => {
  89                                      :name => "Test Application"
  90                                    })
  91     end
  92     assert_response :success
  93     assert_template "oauth2_applications/new"
  94
  95     assert_difference "Doorkeeper::Application.count", 0 do
  96       post oauth_applications_path(:oauth2_application => {
  97                                      :name => "Test Application",
  98                                      :redirect_uri => "https://test.example.com/",
  99                                      :scopes => ["bad_scope"]
 100                                    })
 101     end
 102     assert_response :success
 103     assert_template "oauth2_applications/new"
 104
 105     assert_difference "Doorkeeper::Application.count", 1 do
 106       post oauth_applications_path(:oauth2_application => {
 107                                      :name => "Test Application",
 108                                      :redirect_uri => "https://test.example.com/",
 109                                      :scopes => ["read_prefs"]
 110                                    })
 111     end
 112     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 113   end
 114
 115   def test_create_privileged
 116     session_for(create(:user))
 117
 118     assert_difference "Doorkeeper::Application.count", 0 do
 119       post oauth_applications_path(:oauth2_application => {
 120                                      :name => "Test Application",
 121                                      :redirect_uri => "https://test.example.com/",
 122                                      :scopes => ["read_email"]
 123                                    })
 124     end
 125     assert_response :success
 126     assert_template "oauth2_applications/new"
 127
 128     session_for(create(:administrator_user))
 129
 130     assert_difference "Doorkeeper::Application.count", 1 do
 131       post oauth_applications_path(:oauth2_application => {
 132                                      :name => "Test Application",
 133                                      :redirect_uri => "https://test.example.com/",
 134                                      :scopes => ["read_email"]
 135                                    })
 136     end
 137     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 138   end
 139
 140   def test_show
 141     user = create(:user)
 142     client = create(:oauth_application, :owner => user)
 143     other_client = create(:oauth_application)
 144
 145     get oauth_application_path(:id => client)
 146     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
 147
 148     session_for(user)
 149
 150     get oauth_application_path(:id => other_client)
 151     assert_response :not_found
 152     assert_template "oauth2_applications/not_found"
 153
 154     get oauth_application_path(:id => client)
 155     assert_response :success
 156     assert_template "oauth2_applications/show"
 157   end
 158
 159   def test_edit
 160     user = create(:user)
 161     client = create(:oauth_application, :owner => user)
 162     other_client = create(:oauth_application)
 163
 164     get edit_oauth_application_path(:id => client)
 165     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
 166
 167     session_for(user)
 168
 169     get edit_oauth_application_path(:id => other_client)
 170     assert_response :not_found
 171     assert_template "oauth2_applications/not_found"
 172
 173     get edit_oauth_application_path(:id => client)
 174     assert_response :success
 175     assert_template "oauth2_applications/edit"
 176     assert_select "form", 1 do
 177       assert_select "input#oauth2_application_name", 1
 178       assert_select "textarea#oauth2_application_redirect_uri", 1
 179       assert_select "input#oauth2_application_confidential", 1
 180       Oauth.scopes.each do |scope|
 181         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
 182       end
 183     end
 184   end
 185
 186   def test_update
 187     user = create(:user)
 188     client = create(:oauth_application, :owner => user)
 189     other_client = create(:oauth_application)
 190
 191     put oauth_application_path(:id => client)
 192     assert_response :forbidden
 193
 194     session_for(user)
 195
 196     put oauth_application_path(:id => other_client)
 197     assert_response :not_found
 198     assert_template "oauth2_applications/not_found"
 199
 200     put oauth_application_path(:id => client,
 201                                :oauth2_application => {
 202                                  :name => "New Name",
 203                                  :redirect_uri => nil
 204                                })
 205     assert_response :success
 206     assert_template "oauth2_applications/edit"
 207
 208     put oauth_application_path(:id => client,
 209                                :oauth2_application => {
 210                                  :name => "New Name",
 211                                  :redirect_uri => "https://new.example.com/url"
 212                                })
 213     assert_redirected_to oauth_application_path(:id => client.id)
 214   end
 215
 216   def test_destroy
 217     user = create(:user)
 218     client = create(:oauth_application, :owner => user)
 219     other_client = create(:oauth_application)
 220
 221     assert_difference "Doorkeeper::Application.count", 0 do
 222       delete oauth_application_path(:id => client)
 223     end
 224     assert_response :forbidden
 225
 226     session_for(user)
 227
 228     assert_difference "Doorkeeper::Application.count", 0 do
 229       delete oauth_application_path(:id => other_client)
 230     end
 231     assert_response :not_found
 232     assert_template "oauth2_applications/not_found"
 233
 234     assert_difference "Doorkeeper::Application.count", -1 do
 235       delete oauth_application_path(:id => client)
 236     end
 237     assert_redirected_to oauth_applications_path
 238   end
 239 end