3 class Oauth2AuthorizationsControllerTest < ActionDispatch::IntegrationTest
5 # test all routes which lead to this controller
8 { :path => "/oauth2/authorize", :method => :get },
9 { :controller => "oauth2_authorizations", :action => "new" }
12 { :path => "/oauth2/authorize", :method => :post },
13 { :controller => "oauth2_authorizations", :action => "create" }
16 { :path => "/oauth2/authorize", :method => :delete },
17 { :controller => "oauth2_authorizations", :action => "destroy" }
20 { :path => "/oauth2/authorize/native", :method => :get },
21 { :controller => "oauth2_authorizations", :action => "show" }
26 application = create(:oauth_application, :scopes => "write_api")
28 get oauth_authorization_path(:client_id => application.uid,
29 :redirect_uri => application.redirect_uri,
30 :response_type => "code",
31 :scope => "write_api")
32 assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
33 :redirect_uri => application.redirect_uri,
34 :response_type => "code",
35 :scope => "write_api"))
37 session_for(create(:user))
39 get oauth_authorization_path(:client_id => application.uid,
40 :redirect_uri => application.redirect_uri,
41 :response_type => "code",
42 :scope => "write_api")
43 assert_response :success
44 assert_template "oauth2_authorizations/new"
48 application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
50 get oauth_authorization_path(:client_id => application.uid,
51 :redirect_uri => application.redirect_uri,
52 :response_type => "code",
53 :scope => "write_api")
54 assert_redirected_to login_path(:referer => oauth_authorization_path(:client_id => application.uid,
55 :redirect_uri => application.redirect_uri,
56 :response_type => "code",
57 :scope => "write_api"))
59 session_for(create(:user))
61 get oauth_authorization_path(:client_id => application.uid,
62 :redirect_uri => application.redirect_uri,
63 :response_type => "code",
64 :scope => "write_api")
65 assert_response :success
66 assert_template "oauth2_authorizations/new"
70 application = create(:oauth_application, :scopes => "write_api")
72 session_for(create(:user))
74 get oauth_authorization_path(:client_id => application.uid,
75 :redirect_uri => "https://bad.example.com/",
76 :response_type => "code",
77 :scope => "write_api")
78 assert_response :bad_request
79 assert_template "oauth2_authorizations/error"
80 assert_select "p", "The requested redirect uri is malformed or doesn't match client redirect URI."
83 def test_new_bad_scope
84 application = create(:oauth_application, :scopes => "write_api")
86 session_for(create(:user))
88 get oauth_authorization_path(:client_id => application.uid,
89 :redirect_uri => application.redirect_uri,
90 :response_type => "code",
91 :scope => "bad_scope")
92 assert_response :bad_request
93 assert_template "oauth2_authorizations/error"
94 assert_select "p", "The requested scope is invalid, unknown, or malformed."
96 get oauth_authorization_path(:client_id => application.uid,
97 :redirect_uri => application.redirect_uri,
98 :response_type => "code",
99 :scope => "write_prefs")
100 assert_response :bad_request
101 assert_template "oauth2_authorizations/error"
102 assert_select "p", "The requested scope is invalid, unknown, or malformed."
106 application = create(:oauth_application, :scopes => "write_api")
108 post oauth_authorization_path(:client_id => application.uid,
109 :redirect_uri => application.redirect_uri,
110 :response_type => "code",
111 :scope => "write_api")
112 assert_response :forbidden
114 session_for(create(:user))
116 post oauth_authorization_path(:client_id => application.uid,
117 :redirect_uri => application.redirect_uri,
118 :response_type => "code",
119 :scope => "write_api")
120 assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?code=/)
123 def test_create_native
124 application = create(:oauth_application, :scopes => "write_api", :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
126 post oauth_authorization_path(:client_id => application.uid,
127 :redirect_uri => application.redirect_uri,
128 :response_type => "code",
129 :scope => "write_api")
130 assert_response :forbidden
132 session_for(create(:user))
134 post oauth_authorization_path(:client_id => application.uid,
135 :redirect_uri => application.redirect_uri,
136 :response_type => "code",
137 :scope => "write_api")
138 assert_response :redirect
139 assert_equal native_oauth_authorization_path, URI.parse(response.location).path
141 assert_response :success
142 assert_template "oauth2_authorizations/show"
146 application = create(:oauth_application)
148 delete oauth_authorization_path(:client_id => application.uid,
149 :redirect_uri => application.redirect_uri,
150 :response_type => "code",
151 :scope => "write_api")
152 assert_response :forbidden
154 session_for(create(:user))
156 delete oauth_authorization_path(:client_id => application.uid,
157 :redirect_uri => application.redirect_uri,
158 :response_type => "code",
159 :scope => "write_api")
160 assert_redirected_to(/^#{Regexp.escape(application.redirect_uri)}\?error=access_denied/)
163 def test_destroy_native
164 application = create(:oauth_application, :redirect_uri => "urn:ietf:wg:oauth:2.0:oob")
166 delete oauth_authorization_path(:client_id => application.uid,
167 :redirect_uri => application.redirect_uri,
168 :response_type => "code",
169 :scope => "write_api")
170 assert_response :forbidden
172 session_for(create(:user))
174 delete oauth_authorization_path(:client_id => application.uid,
175 :redirect_uri => application.redirect_uri,
176 :response_type => "code",
177 :scope => "write_api")
178 assert_response :bad_request
projects / rails.git / blob