test/controllers/oauth2_applications_controller_test.rb

   1 # frozen_string_literal: true
   2
   3 require "test_helper"
   4
   5 class Oauth2ApplicationsControllerTest < ActionDispatch::IntegrationTest
   6   ##
   7   # test all routes which lead to this controller
   8   def test_routes
   9     assert_routing(
  10       { :path => "/oauth2/applications", :method => :get },
  11       { :controller => "oauth2_applications", :action => "index" }
  12     )
  13     assert_routing(
  14       { :path => "/oauth2/applications", :method => :post },
  15       { :controller => "oauth2_applications", :action => "create" }
  16     )
  17     assert_routing(
  18       { :path => "/oauth2/applications/new", :method => :get },
  19       { :controller => "oauth2_applications", :action => "new" }
  20     )
  21     assert_routing(
  22       { :path => "/oauth2/applications/1/edit", :method => :get },
  23       { :controller => "oauth2_applications", :action => "edit", :id => "1" }
  24     )
  25     assert_routing(
  26       { :path => "/oauth2/applications/1", :method => :get },
  27       { :controller => "oauth2_applications", :action => "show", :id => "1" }
  28     )
  29     assert_routing(
  30       { :path => "/oauth2/applications/1", :method => :patch },
  31       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  32     )
  33     assert_routing(
  34       { :path => "/oauth2/applications/1", :method => :put },
  35       { :controller => "oauth2_applications", :action => "update", :id => "1" }
  36     )
  37     assert_routing(
  38       { :path => "/oauth2/applications/1", :method => :delete },
  39       { :controller => "oauth2_applications", :action => "destroy", :id => "1" }
  40     )
  41   end
  42
  43   def test_index
  44     user = create(:user)
  45     create_list(:oauth_application, 2, :owner => user)
  46
  47     get oauth_applications_path
  48     assert_redirected_to login_path(:referer => oauth_applications_path)
  49
  50     session_for(user)
  51
  52     get oauth_applications_path
  53     assert_response :success
  54     assert_template "oauth2_applications/index"
  55     assert_select "tbody tr", 2
  56   end
  57
  58   def test_index_with_moderator_app
  59     user = create(:user)
  60     create(:oauth_application, :owner => user, :scopes => "write_redactions")
  61
  62     session_for(user)
  63
  64     get oauth_applications_path
  65     assert_response :success
  66   end
  67
  68   def test_new
  69     user = create(:user)
  70
  71     get new_oauth_application_path
  72     assert_redirected_to login_path(:referer => new_oauth_application_path)
  73
  74     session_for(user)
  75
  76     get new_oauth_application_path
  77     assert_response :success
  78     assert_template "oauth2_applications/new"
  79     assert_select "#content form", 1 do
  80       assert_select "input#oauth2_application_name", 1
  81       assert_select "textarea#oauth2_application_redirect_uri", 1
  82       assert_select "input#oauth2_application_confidential", 1
  83       Oauth.scopes.each do |scope|
  84         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
  85       end
  86     end
  87   end
  88
  89   def test_create
  90     user = create(:user)
  91
  92     assert_difference "Doorkeeper::Application.count", 0 do
  93       post oauth_applications_path
  94     end
  95     assert_response :forbidden
  96
  97     session_for(user)
  98
  99     assert_difference "Doorkeeper::Application.count", 0 do
 100       post oauth_applications_path(:oauth2_application => {
 101                                      :name => "Test Application"
 102                                    })
 103     end
 104     assert_response :success
 105     assert_template "oauth2_applications/new"
 106
 107     assert_difference "Doorkeeper::Application.count", 0 do
 108       post oauth_applications_path(:oauth2_application => {
 109                                      :name => "Test Application",
 110                                      :redirect_uri => "https://test.example.com/",
 111                                      :scopes => ["bad_scope"]
 112                                    })
 113     end
 114     assert_response :success
 115     assert_template "oauth2_applications/new"
 116
 117     assert_difference "Doorkeeper::Application.count", 1 do
 118       post oauth_applications_path(:oauth2_application => {
 119                                      :name => "Test Application",
 120                                      :redirect_uri => "https://test.example.com/",
 121                                      :scopes => ["read_prefs"]
 122                                    })
 123     end
 124     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 125   end
 126
 127   def test_create_privileged
 128     session_for(create(:user))
 129
 130     assert_difference "Doorkeeper::Application.count", 0 do
 131       post oauth_applications_path(:oauth2_application => {
 132                                      :name => "Test Application",
 133                                      :redirect_uri => "https://test.example.com/",
 134                                      :scopes => ["read_email"]
 135                                    })
 136     end
 137     assert_response :success
 138     assert_template "oauth2_applications/new"
 139
 140     session_for(create(:administrator_user))
 141
 142     assert_difference "Doorkeeper::Application.count", 1 do
 143       post oauth_applications_path(:oauth2_application => {
 144                                      :name => "Test Application",
 145                                      :redirect_uri => "https://test.example.com/",
 146                                      :scopes => ["read_email"]
 147                                    })
 148     end
 149     assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id)
 150   end
 151
 152   def test_show
 153     user = create(:user)
 154     client = create(:oauth_application, :owner => user)
 155     other_client = create(:oauth_application)
 156
 157     get oauth_application_path(:id => client)
 158     assert_redirected_to login_path(:referer => oauth_application_path(:id => client.id))
 159
 160     session_for(user)
 161
 162     get oauth_application_path(:id => other_client)
 163     assert_response :not_found
 164     assert_template "oauth2_applications/not_found"
 165
 166     get oauth_application_path(:id => client)
 167     assert_response :success
 168     assert_template "oauth2_applications/show"
 169   end
 170
 171   def test_edit
 172     user = create(:user)
 173     client = create(:oauth_application, :owner => user)
 174     other_client = create(:oauth_application)
 175
 176     get edit_oauth_application_path(:id => client)
 177     assert_redirected_to login_path(:referer => edit_oauth_application_path(:id => client.id))
 178
 179     session_for(user)
 180
 181     get edit_oauth_application_path(:id => other_client)
 182     assert_response :not_found
 183     assert_template "oauth2_applications/not_found"
 184
 185     get edit_oauth_application_path(:id => client)
 186     assert_response :success
 187     assert_template "oauth2_applications/edit"
 188     assert_select "#content form", 1 do
 189       assert_select "input#oauth2_application_name", 1
 190       assert_select "textarea#oauth2_application_redirect_uri", 1
 191       assert_select "input#oauth2_application_confidential", 1
 192       Oauth.scopes.each do |scope|
 193         assert_select "input#oauth2_application_scopes_#{scope.name}", 1
 194       end
 195     end
 196   end
 197
 198   def test_update
 199     user = create(:user)
 200     client = create(:oauth_application, :owner => user)
 201     other_client = create(:oauth_application)
 202
 203     put oauth_application_path(:id => client)
 204     assert_response :forbidden
 205
 206     session_for(user)
 207
 208     put oauth_application_path(:id => other_client)
 209     assert_response :not_found
 210     assert_template "oauth2_applications/not_found"
 211
 212     put oauth_application_path(:id => client,
 213                                :oauth2_application => {
 214                                  :name => "New Name",
 215                                  :redirect_uri => nil
 216                                })
 217     assert_response :success
 218     assert_template "oauth2_applications/edit"
 219
 220     put oauth_application_path(:id => client,
 221                                :oauth2_application => {
 222                                  :name => "New Name",
 223                                  :redirect_uri => "https://new.example.com/url"
 224                                })
 225     assert_redirected_to oauth_application_path(:id => client.id)
 226   end
 227
 228   def test_destroy
 229     user = create(:user)
 230     client = create(:oauth_application, :owner => user)
 231     other_client = create(:oauth_application)
 232
 233     assert_difference "Doorkeeper::Application.count", 0 do
 234       delete oauth_application_path(:id => client)
 235     end
 236     assert_response :forbidden
 237
 238     session_for(user)
 239
 240     assert_difference "Doorkeeper::Application.count", 0 do
 241       delete oauth_application_path(:id => other_client)
 242     end
 243     assert_response :not_found
 244     assert_template "oauth2_applications/not_found"
 245
 246     assert_difference "Doorkeeper::Application.count", -1 do
 247       delete oauth_application_path(:id => client)
 248     end
 249     assert_redirected_to oauth_applications_path
 250   end
 251 end