Gab Social. All are welcome.

2019-07-02 03:10:25 -04:00
commit bd0b5afc92
5366 changed files with 222812 additions and 0 deletions
--- a/spec/controllers/oauth/authorizations_controller_spec.rb
+++ b/spec/controllers/oauth/authorizations_controller_spec.rb
@@ -0,0 +1,73 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Oauth::AuthorizationsController, type: :controller do
+  render_views
+
+  let(:app) { Doorkeeper::Application.create!(name: 'test', redirect_uri: 'http://localhost/', scopes: 'read') }
+
+  describe 'GET #new' do
+    subject do
+      get :new, params: { client_id: app.uid, response_type: 'code', redirect_uri: 'http://localhost/', scope: 'read' }
+    end
+
+    shared_examples 'stores location for user' do
+      it 'stores location for user' do
+        subject
+        expect(controller.stored_location_for(:user)).to eq "/oauth/authorize?client_id=#{app.uid}&redirect_uri=http%3A%2F%2Flocalhost%2F&response_type=code&scope=read"
+      end
+    end
+
+    context 'when signed in' do
+      let!(:user) { Fabricate(:user) }
+
+      before do
+        sign_in user, scope: :user
+      end
+
+      it 'returns http success' do
+        subject
+        expect(response).to have_http_status(200)
+      end
+
+      it 'gives options to authorize and deny' do
+        subject
+        expect(response.body).to match(/Authorize/)
+      end
+
+      include_examples 'stores location for user'
+
+      context 'when app is already authorized' do
+        before do
+          Doorkeeper::AccessToken.find_or_create_for(
+            app,
+            user.id,
+            app.scopes,
+            Doorkeeper.configuration.access_token_expires_in,
+            Doorkeeper.configuration.refresh_token_enabled?
+          )
+        end
+
+        it 'redirects to callback' do
+          subject
+          expect(response).to redirect_to(/\A#{app.redirect_uri}/)
+        end
+
+        it 'does not redirect to callback with force_login=true' do
+          get :new, params: { client_id: app.uid, response_type: 'code', redirect_uri: 'http://localhost/', scope: 'read', force_login: 'true' }
+          expect(response.body).to match(/Authorize/)
+        end
+      end
+    end
+
+    context 'when not signed in' do
+      it 'redirects' do
+        subject
+        expect(response).to redirect_to '/auth/sign_in'
+      end
+
+      include_examples 'stores location for user'
+    end
+  end
+end
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@@ -0,0 +1,62 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+describe Oauth::AuthorizedApplicationsController do
+  render_views
+
+  describe 'GET #index' do
+    subject do
+      get :index
+    end
+
+    shared_examples 'stores location for user' do
+      it 'stores location for user' do
+        subject
+        expect(controller.stored_location_for(:user)).to eq "/oauth/authorized_applications"
+      end
+    end
+
+    context 'when signed in' do
+      before do
+        sign_in Fabricate(:user), scope: :user
+      end
+
+      it 'returns http success' do
+        subject
+        expect(response).to have_http_status(200)
+      end
+
+      include_examples 'stores location for user'
+    end
+
+    context 'when not signed in' do
+      it 'redirects' do
+        subject
+        expect(response).to redirect_to '/auth/sign_in'
+      end
+
+      include_examples 'stores location for user'
+    end
+  end
+
+  describe 'DELETE #destroy' do
+    let!(:user) { Fabricate(:user) }
+    let!(:application) { Fabricate(:application) }
+    let!(:access_token) { Fabricate(:accessible_access_token, application: application, resource_owner_id: user.id) }
+    let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
+
+    before do
+      sign_in user, scope: :user
+      post :destroy, params: { id: application.id }
+    end
+
+    it 'revokes access tokens for the application' do
+      expect(Doorkeeper::AccessToken.where(application: application).first.revoked_at).to_not be_nil
+    end
+
+    it 'removes subscriptions for the application\'s access tokens' do
+      expect(Web::PushSubscription.where(user: user).count).to eq 0
+    end
+  end
+end
--- a/spec/controllers/oauth/tokens_controller_spec.rb
+++ b/spec/controllers/oauth/tokens_controller_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Oauth::TokensController, type: :controller do
+  describe 'POST #revoke' do
+    let!(:user) { Fabricate(:user) }
+    let!(:access_token) { Fabricate(:accessible_access_token, resource_owner_id: user.id) }
+    let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
+
+    before do
+      post :revoke, params: { token: access_token.token }
+    end
+
+    it 'revokes the token' do
+      expect(access_token.reload.revoked_at).to_not be_nil
+    end
+
+    it 'removes web push subscription for token' do
+      expect(Web::PushSubscription.where(access_token: access_token).count).to eq 0
+    end
+  end
+end