Refactor OpenID specs to prevent duplicate client names

2017-08-06 20:06:26 +02:00 · 2017-08-06 20:06:26 +02:00 · 385ab76077
commit 385ab76077
parent 27f3b68f54
4 changed files with 7 additions and 26 deletions
--- a/features/step_definitions/oidc_common_steps.rb
+++ b/features/step_definitions/oidc_common_steps.rb
@ -1,5 +1,5 @@
 Given /^a client with a provided picture exists for user "([^\"]*)"$/ do |email|
-  app = FactoryGirl.create(:o_auth_application_with_image)
+  app = FactoryGirl.create(:o_auth_application, logo_uri: "/assets/user/default.png")
  user = User.find_by(email: email)
  FactoryGirl.create(:auth_with_read, user: user, o_auth_application: app)
 end
--- a/spec/controllers/api/openid_connect/authorizations_controller_spec.rb
+++ b/spec/controllers/api/openid_connect/authorizations_controller_spec.rb
@ -1,7 +1,5 @@
 describe Api::OpenidConnect::AuthorizationsController, type: :request do
  let!(:client) { FactoryGirl.create(:o_auth_application) }
-  let!(:client_with_xss) { FactoryGirl.create(:o_auth_application_with_xss) }
-  let!(:client_with_multiple_redirects) { FactoryGirl.create(:o_auth_application_with_multiple_redirects) }

  before do
    sign_in alice, scope: :user
@ -92,6 +90,8 @@ describe Api::OpenidConnect::AuthorizationsController, type: :request do

      context "when multiple redirect URLs are pre-registered" do
        it "should return an invalid request error" do
+          client_with_multiple_redirects =
+            FactoryGirl.create(:o_auth_application, redirect_uris: %w[http://localhost:3000/ http://localhost/])
          post api_openid_connect_authorizations_new_path, params: {client_id: client_with_multiple_redirects.client_id,
               response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)}
          expect(response.body).to include("The request was malformed")
@ -186,6 +186,7 @@ describe Api::OpenidConnect::AuthorizationsController, type: :request do

      context "when XSS script is passed as name" do
        it "should escape html" do
+          client_with_xss = FactoryGirl.create(:o_auth_application_with_xss)
          post api_openid_connect_authorizations_new_path, params: {client_id: client_with_xss.client_id,
               redirect_uri: "http://localhost:3000/",
               response_type: "id_token", scope: "openid", nonce: SecureRandom.hex(16), state: SecureRandom.hex(16)}
--- a/spec/factories.rb
+++ b/spec/factories.rb
@ -360,35 +360,15 @@ FactoryGirl.define do
  factory(:status, :parent => :status_message)

  factory :o_auth_application, class: Api::OpenidConnect::OAuthApplication do
-    client_name "Diaspora Test Client"
+    client_name { "Diaspora Test Client #{r_str}" }
    redirect_uris %w(http://localhost:3000/)
  end

-  factory :o_auth_application_with_image, class: Api::OpenidConnect::OAuthApplication do
-    client_name "Diaspora Test Client"
-    redirect_uris %w(http://localhost:3000/)
-    logo_uri "/assets/user/default.png"
-  end
-
-  factory :o_auth_application_with_ppid, class: Api::OpenidConnect::OAuthApplication do
-    client_name "Diaspora Test Client"
-    redirect_uris %w(http://localhost:3000/)
+  factory :o_auth_application_with_ppid, parent: :o_auth_application do
    ppid true
    sector_identifier_uri "https://example.com/uri"
  end

-  factory :o_auth_application_with_ppid_with_specific_id, class: Api::OpenidConnect::OAuthApplication do
-    client_name "Diaspora Test Client"
-    redirect_uris %w(http://localhost:3000/)
-    ppid true
-    sector_identifier_uri "https://example.com/uri"
-  end
-
-  factory :o_auth_application_with_multiple_redirects, class: Api::OpenidConnect::OAuthApplication do
-    client_name "Diaspora Test Client"
-    redirect_uris %w(http://localhost:3000/ http://localhost/)
-  end
-
  factory :o_auth_application_with_xss, class: Api::OpenidConnect::OAuthApplication do
    client_name "<script>alert(0);</script>"
    redirect_uris %w(http://localhost:3000/)
--- a/spec/lib/api/openid_connect/token_endpoint_spec.rb
+++ b/spec/lib/api/openid_connect/token_endpoint_spec.rb
@ -5,7 +5,7 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
      o_auth_application: client, user: bob, redirect_uri: "http://localhost:3000/", scopes: ["openid"])
  }
  let!(:code) { auth.create_code }
-  let!(:client_with_specific_id) { FactoryGirl.create(:o_auth_application_with_ppid_with_specific_id) }
+  let!(:client_with_specific_id) { FactoryGirl.create(:o_auth_application_with_ppid) }
  let!(:auth_with_specific_id) do
    client_with_specific_id.client_id = "14d692cd53d9c1a9f46fd69e0e57443e"
    client_with_specific_id.jwks = File.read(jwks_file_path)