test/controllers/oauth2_applications_controller_test.rb

   1 require "test_helper"
   2
   3 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
   4   ##
   5   # test all routes which lead to this controller
   6   def test_routes
   7     assert_routing(
   8       { :path => "/oauth2/applications", :method => :get },
   9       { :controller => "oauth2_applications", :action => "index" }
  10     )
  11     assert_routing(
  12       { :path => "/oauth2/applications", :method => :post },
  13       { :controller => "oauth2_applications", :action => "create" }
  14     )
  15     assert_routing(
  16       { :path => "/oauth2/applications/new", :method => :get },
  17       { :controller => "oauth2_applications", :action => "new" }
  18     )
  19     assert_routing(
  20       { :path => "/oauth2/applications/1/edit", :method => :get },
  21       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
  22     )
  23     assert_routing(
  24       { :path => "/oauth2/applications/1", :method => :get },
  25       { :controller => "oauth2_applications", :action => "show", :id => "1" }
  26     )
  27     assert_routing(
  28       { :path => "/oauth2/applications/1", :method => :patch },
  29       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  30     )
  31     assert_routing(
  32       { :path => "/oauth2/applications/1", :method => :put },
  33       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  34     )
  35     assert_routing(
  36       { :path => "/oauth2/applications/1", :method => :delete },
  37       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
  38     )
  39   end
  40
  41   def test_index
  42     user = create(:user)
  43     create_list(:oauth_application, 2, :owner => user)
  44
  45     get oauth_applications_path
  46     assert_response :redirect
  47     assert_redirected_to login_path(:referer => oauth_applications_path)
  48
  49     session_for(user)
  50
  51     get oauth_applications_path
  52     assert_response :success
  53     assert_template "oauth2_applications/index"
  54     assert_select "tr", 2
  55   end
  56
  57   def test_new
  58     user = create(:user)
  59
  60     get new_oauth_application_path
  61     assert_response :redirect
  62     assert_redirected_to login_path(:referer => new_oauth_application_path)
  63
  64     session_for(user)
  65
  66     get new_oauth_application_path
  67     assert_response :success
  68     assert_template "oauth2_applications/new"
  69     assert_select "form", 1 do
  70       assert_select "input#oauth2_application_name", 1
  71       assert_select "textarea#oauth2_application_redirect_uri", 1
  72       assert_select "input#oauth2_application_confidential", 1
  73       Oauth.scopes.each do |scope|
  74         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
  75       end
  76     end
  77   end
  78
  79   def test_create
  80     user = create(:user)
  81
  82     assert_difference "Doorkeeper::Application.count", 0 do
  83       post oauth_applications_path
  84     end
  85     assert_response :forbidden
  86
  87     session_for(user)
  88
  89     assert_difference "Doorkeeper::Application.count", 0 do
  90       post oauth_applications_path(:oauth2_application => {
  91                                      :name => "Test Application"
  92                                    })
  93     end
  94     assert_response :success
  95     assert_template "oauth2_applications/new"
  96
  97     assert_difference "Doorkeeper::Application.count", 0 do
  98       post oauth_applications_path(:oauth2_application => {
  99                                      :name => "Test Application",
 100                                      :redirect_uri => "https://test.example.com/",
 101                                      :scopes => ["bad_scope"]
 102                                    })
 103     end
 104     assert_response :success
 105     assert_template "oauth2_applications/new"
 106
 107     assert_difference "Doorkeeper::Application.count", 1 do
 108       post oauth_applications_path(:oauth2_application => {
 109                                      :name => "Test Application",
 110                                      :redirect_uri => "https://test.example.com/",
 111                                      :scopes => ["read_prefs"]
 112                                    })
 113     end
 114     assert_response :redirect
 115     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 116   end
 117
 118   def test_create_privileged
 119     session_for(create(:user))
 120
 121     assert_difference "Doorkeeper::Application.count", 0 do
 122       post oauth_applications_path(:oauth2_application => {
 123                                      :name => "Test Application",
 124                                      :redirect_uri => "https://test.example.com/",
 125                                      :scopes => ["read_email"]
 126                                    })
 127     end
 128     assert_response :success
 129     assert_template "oauth2_applications/new"
 130
 131     session_for(create(:administrator_user))
 132
 133     assert_difference "Doorkeeper::Application.count", 1 do
 134       post oauth_applications_path(:oauth2_application => {
 135                                      :name => "Test Application",
 136                                      :redirect_uri => "https://test.example.com/",
 137                                      :scopes => ["read_email"]
 138                                    })
 139     end
 140     assert_response :redirect
 141     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 142   end
 143
 144   def test_show
 145     user = create(:user)
 146     client = create(:oauth_application, :owner => user)
 147     other_client = create(:oauth_application)
 148
 149     get oauth_application_path(:id => client)
 150     assert_response :redirect
 151     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
 152
 153     session_for(user)
 154
 155     get oauth_application_path(:id => other_client)
 156     assert_response :not_found
 157     assert_template "oauth2_applications/not_found"
 158
 159     get oauth_application_path(:id => client)
 160     assert_response :success
 161     assert_template "oauth2_applications/show"
 162   end
 163
 164   def test_edit
 165     user = create(:user)
 166     client = create(:oauth_application, :owner => user)
 167     other_client = create(:oauth_application)
 168
 169     get edit_oauth_application_path(:id => client)
 170     assert_response :redirect
 171     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
 172
 173     session_for(user)
 174
 175     get edit_oauth_application_path(:id => other_client)
 176     assert_response :not_found
 177     assert_template "oauth2_applications/not_found"
 178
 179     get edit_oauth_application_path(:id => client)
 180     assert_response :success
 181     assert_template "oauth2_applications/edit"
 182     assert_select "form", 1 do
 183       assert_select "input#oauth2_application_name", 1
 184       assert_select "textarea#oauth2_application_redirect_uri", 1
 185       assert_select "input#oauth2_application_confidential", 1
 186       Oauth.scopes.each do |scope|
 187         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
 188       end
 189     end
 190   end
 191
 192   def test_update
 193     user = create(:user)
 194     client = create(:oauth_application, :owner => user)
 195     other_client = create(:oauth_application)
 196
 197     put oauth_application_path(:id => client)
 198     assert_response :forbidden
 199
 200     session_for(user)
 201
 202     put oauth_application_path(:id => other_client)
 203     assert_response :not_found
 204     assert_template "oauth2_applications/not_found"
 205
 206     put oauth_application_path(:id => client,
 207                                :oauth2_application => {
 208                                  :name => "New Name",
 209                                  :redirect_uri => nil
 210                                })
 211     assert_response :success
 212     assert_template "oauth2_applications/edit"
 213
 214     put oauth_application_path(:id => client,
 215                                :oauth2_application => {
 216                                  :name => "New Name",
 217                                  :redirect_uri => "https://new.example.com/url"
 218                                })
 219     assert_response :redirect
 220     assert_redirected_to oauth_application_path(:id => client.id)
 221   end
 222
 223   def test_destroy
 224     user = create(:user)
 225     client = create(:oauth_application, :owner => user)
 226     other_client = create(:oauth_application)
 227
 228     assert_difference "Doorkeeper::Application.count", 0 do
 229       delete oauth_application_path(:id => client)
 230     end
 231     assert_response :forbidden
 232
 233     session_for(user)
 234
 235     assert_difference "Doorkeeper::Application.count", 0 do
 236       delete oauth_application_path(:id => other_client)
 237     end
 238     assert_response :not_found
 239     assert_template "oauth2_applications/not_found"
 240
 241     assert_difference "Doorkeeper::Application.count", -1 do
 242       delete oauth_application_path(:id => client)
 243     end
 244     assert_response :redirect
 245     assert_redirected_to oauth_applications_path
 246   end
 247 end