|
|
|
@ -9,7 +9,8 @@ describe 'Credentials' do |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context 'with an oauth token' do |
|
|
|
|
let(:token) { Fabricate(:accessible_access_token, scopes: 'read', application: Fabricate(:application)) } |
|
|
|
|
let(:application) { Fabricate(:application, scopes: 'read') } |
|
|
|
|
let(:token) { Fabricate(:accessible_access_token, application: application) } |
|
|
|
|
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } |
|
|
|
|
|
|
|
|
|
it 'returns the app information correctly', :aggregate_failures do |
|
|
|
@ -21,7 +22,35 @@ describe 'Credentials' do |
|
|
|
|
a_hash_including( |
|
|
|
|
name: token.application.name, |
|
|
|
|
website: token.application.website, |
|
|
|
|
vapid_key: Rails.configuration.x.vapid_public_key |
|
|
|
|
vapid_key: Rails.configuration.x.vapid_public_key, |
|
|
|
|
scopes: token.application.scopes.map(&:to_s), |
|
|
|
|
client_id: token.application.uid |
|
|
|
|
) |
|
|
|
|
) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context 'with a non-read scoped oauth token' do |
|
|
|
|
let(:application) { Fabricate(:application, scopes: 'admin:write') } |
|
|
|
|
let(:token) { Fabricate(:accessible_access_token, application: application) } |
|
|
|
|
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } |
|
|
|
|
|
|
|
|
|
it 'returns http success' do |
|
|
|
|
subject |
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200) |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it 'returns the app information correctly' do |
|
|
|
|
subject |
|
|
|
|
|
|
|
|
|
expect(body_as_json).to match( |
|
|
|
|
a_hash_including( |
|
|
|
|
name: token.application.name, |
|
|
|
|
website: token.application.website, |
|
|
|
|
vapid_key: Rails.configuration.x.vapid_public_key, |
|
|
|
|
scopes: token.application.scopes.map(&:to_s), |
|
|
|
|
client_id: token.application.uid |
|
|
|
|
) |
|
|
|
|
) |
|
|
|
|
end |
|
|
|
@ -36,5 +65,49 @@ describe 'Credentials' do |
|
|
|
|
expect(response).to have_http_status(401) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context 'with a revoked oauth token' do |
|
|
|
|
let(:application) { Fabricate(:application, scopes: 'read') } |
|
|
|
|
let(:token) { Fabricate(:accessible_access_token, application: application, revoked_at: DateTime.now.utc) } |
|
|
|
|
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } } |
|
|
|
|
|
|
|
|
|
it 'returns http authorization error' do |
|
|
|
|
subject |
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(401) |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it 'returns the error in the json response' do |
|
|
|
|
subject |
|
|
|
|
|
|
|
|
|
expect(body_as_json).to match( |
|
|
|
|
a_hash_including( |
|
|
|
|
error: 'The access token was revoked' |
|
|
|
|
) |
|
|
|
|
) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
context 'with an invalid oauth token' do |
|
|
|
|
let(:application) { Fabricate(:application, scopes: 'read') } |
|
|
|
|
let(:token) { Fabricate(:accessible_access_token, application: application) } |
|
|
|
|
let(:headers) { { 'Authorization' => "Bearer #{token.token}-invalid" } } |
|
|
|
|
|
|
|
|
|
it 'returns http authorization error' do |
|
|
|
|
subject |
|
|
|
|
|
|
|
|
|
expect(response).to have_http_status(401) |
|
|
|
|
end |
|
|
|
|
|
|
|
|
|
it 'returns the error in the json response' do |
|
|
|
|
subject |
|
|
|
|
|
|
|
|
|
expect(body_as_json).to match( |
|
|
|
|
a_hash_including( |
|
|
|
|
error: 'The access token is invalid' |
|
|
|
|
) |
|
|
|
|
) |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|
end |
|
|
|
|