nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

New syntax for request specs

Browse source
This commit is contained in:
Benjamin Neff 2017-08-06 19:04:54 +02:00
parent 7c9590a27c
commit 621fdda197
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
7 changed files with 60 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
spec/integration/application_spec.rb
View file

@ -10,14 +10,14 @@ describe ApplicationController, type: :request do
it "redirects to the new session page on validation fails" do
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(false)
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"}
post "/users/sign_in", params: {user: {remember_me: 0, username: @user.username, password: "evankorth"}}
expect(response).to redirect_to new_user_session_path
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
end
it "doesn't redirect to the new session page if the validation succeeded" do
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(true)
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"}
post "/users/sign_in", params: {user: {remember_me: 0, username: @user.username, password: "evankorth"}}
expect(response).to redirect_to stream_path
expect(flash[:error]).to be_blank
end
@ -30,7 +30,7 @@ describe ApplicationController, type: :request do
it "signs out users if a wrong token was given" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false)
put edit_user_path, user: {language: "en"}
put edit_user_path, params: {user: {language: "en"}}
expect(response).to redirect_to new_user_session_path
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
end
@ -38,12 +38,12 @@ describe ApplicationController, type: :request do
it "sends an email to the current user if the token validation failed" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false)
expect(Workers::Mail::CsrfTokenFail).to receive(:perform_async).with(alice.id)
put edit_user_path, user: {language: "en"}
put edit_user_path, params: {user: {language: "en"}}
end
it "doesn't sign out users if the token was correct" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(true)
put edit_user_path, user: {language: "en"}
put edit_user_path, params: {user: {language: "en"}}
expect(response).not_to be_redirect
expect(flash[:error]).to be_blank
end

4
spec/integration/federation/federation_helper.rb
View file

@ -61,12 +61,12 @@ def post_message(payload, recipient=nil)
if recipient
inlined_jobs do
headers = {"CONTENT_TYPE" => "application/json"}
post "/receive/users/#{recipient.guid}", payload, headers
post "/receive/users/#{recipient.guid}", params: payload, headers: headers
end
else
inlined_jobs do
headers = {"CONTENT_TYPE" => "application/magic-envelope+xml"}
post "/receive/public", payload, headers
post "/receive/public", params: payload, headers: headers
end
end
end

5
spec/integration/mentioning_spec.rb
View file

@ -51,7 +51,10 @@ module MentioningSpecHelpers
sign_in user1
status_msg = nil
inlined_jobs do
post "/status_messages.json", status_message: {text: text_mentioning(mentioned_user)}, aspect_ids: aspects
post "/status_messages.json", params: {
status_message: {text: text_mentioning(mentioned_user)},
aspect_ids: aspects
}
status_msg = StatusMessage.find(JSON.parse(response.body)["id"])
end
status_msg

6
spec/integration/mobile_posts_spec.rb
View file

@ -3,7 +3,7 @@ describe PostsController, type: :request do
let(:sm) { FactoryGirl.build(:status_message_with_poll, public: true) }
it "displays the poll" do
get "/posts/#{sm.id}", format: :mobile
get "/posts/#{sm.id}", params: {format: :mobile}
expect(response.status).to eq(200)
expect(response.body).to match(/div class='poll'/)
@ -13,7 +13,7 @@ describe PostsController, type: :request do
it "displays the correct percentage for the answers" do
alice.participate_in_poll!(sm, sm.poll.poll_answers.first)
bob.participate_in_poll!(sm, sm.poll.poll_answers.last)
get "/posts/#{sm.id}", format: :mobile
get "/posts/#{sm.id}", params: {format: :mobile}
expect(response.status).to eq(200)
expect(response.body).to match(/div class='percentage pull-right'>\n50%/)
@ -24,7 +24,7 @@ describe PostsController, type: :request do
let(:sm) { FactoryGirl.build(:status_message_with_location, public: true) }
it "displays the location" do
get "/posts/#{sm.id}", format: :mobile
get "/posts/#{sm.id}", params: {format: :mobile}
expect(response.status).to eq(200)
expect(response.body).to match(/'location nsfw-hidden'/)

4
spec/integration/tag_people_spec.rb
View file

@ -1,4 +1,4 @@
describe TagsController, :type => :request do
describe TagsController, type: :request do
describe 'will_paginate people on the tag page' do
let(:people) { (1..2).map { FactoryGirl.create(:person) } }
let(:tag) { "diaspora" }
@ -17,7 +17,7 @@ describe TagsController, :type => :request do
end
it 'fetches the second page' do
get "/tags/#{tag}", page: 2
get "/tags/#{tag}", params: {page: 2}
expect(response.status).to eq(200)
expect(response.body).to match(/<li class="active"><a href="\/tags\/diaspora\?page=2">2<\/a><\/li>/)

8
spec/lib/api/openid_connect/protected_resource_endpoint_spec.rb
View file

@ -11,7 +11,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when valid access token is provided" do
before do
get api_openid_connect_user_info_path, access_token: access_token_with_read
get api_openid_connect_user_info_path, params: {access_token: access_token_with_read}
end
it "includes private in the cache-control header" do
@ -21,7 +21,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when access token is expired" do
before do
get api_openid_connect_user_info_path, access_token: expired_access_token
get api_openid_connect_user_info_path, params: {access_token: expired_access_token}
end
it "should respond with a 401 Unauthorized response" do
@ -47,7 +47,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when an invalid access token is provided" do
before do
get api_openid_connect_user_info_path, access_token: invalid_token
get api_openid_connect_user_info_path, params: {access_token: invalid_token}
end
it "should respond with a 401 Unauthorized response" do
@ -66,7 +66,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when authorization has been destroyed" do
before do
auth_with_read.destroy
get api_openid_connect_user_info_path, access_token: access_token_with_read
get api_openid_connect_user_info_path, params: {access_token: access_token_with_read}
end
it "should respond with a 401 Unauthorized response" do

78
spec/lib/api/openid_connect/token_endpoint_spec.rb
View file

@ -19,9 +19,9 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
describe "the authorization code grant type" do
context "when the authorization code is valid" do
before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: code
redirect_uri: "http://localhost:3000/", code: code}
end
it "should return a valid id token" do
@ -53,26 +53,26 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
it "should not allow code to be reused" do
auth.reload
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: code
redirect_uri: "http://localhost:3000/", code: code}
expect(JSON.parse(response.body)["error"]).to eq("invalid_grant")
end
it "should not allow a nil code" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: nil
redirect_uri: "http://localhost:3000/", code: nil}
expect(JSON.parse(response.body)["error"]).to eq("invalid_request")
end
end
context "when the authorization code is valid with jwt bearer" do
before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(valid_client_assertion_path)
client_assertion: File.read(valid_client_assertion_path)}
end
it "should return a valid id token" do
@ -97,27 +97,27 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
it "should not allow code to be reused" do
auth_with_specific_id.reload
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: code_with_specific_id
redirect_uri: "http://localhost:3000/", code: code_with_specific_id}
expect(JSON.parse(response.body)["error"]).to eq("invalid_grant")
end
end
context "when the authorization code is not valid" do
it "should return an invalid grant error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret, code: "123456"
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret, code: "123456"}
expect(response.body).to include "invalid_grant"
end
end
context "when the client assertion is in an invalid format" do
before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: "invalid_client_assertion.random"
client_assertion: "invalid_client_assertion.random"}
end
it "should return an error" do
@ -127,10 +127,10 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the client assertion is not matching with jwks keys" do
before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(client_assertion_with_tampered_sig_path)
client_assertion: File.read(client_assertion_with_tampered_sig_path)}
end
it "should return an error" do
@ -140,10 +140,10 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when kid doesn't exist in jwks keys" do
before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(client_assertion_with_nonexistent_kid_path)
client_assertion: File.read(client_assertion_with_nonexistent_kid_path)}
end
it "should return an error" do
@ -153,18 +153,18 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the client is unregistered" do
it "should return an error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", code: auth.refresh_token,
client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code", code: auth.refresh_token,
client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret}
expect(response.body).to include "invalid_client"
end
end
context "when the client is unregistered with jwks keys" do
before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(client_assertion_with_nonexistent_client_id_path)
client_assertion: File.read(client_assertion_with_nonexistent_client_id_path)}
end
it "should return an error" do
@ -174,16 +174,16 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the code field is missing" do
it "should return an invalid request error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret}
expect(response.body).to include "invalid_request"
end
end
context "when the client_secret doesn't match" do
it "should return an invalid client error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", code: auth.refresh_token,
client_id: client.client_id, client_secret: "client.client_secret"
post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code", code: auth.refresh_token,
client_id: client.client_id, client_secret: "client.client_secret"}
expect(response.body).to include "invalid_client"
end
end
@ -191,8 +191,8 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
describe "an unsupported grant type" do
it "should return an unsupported grant type error" do
post api_openid_connect_access_tokens_path, grant_type: "noexistgrant", username: "bob",
password: "bluepin7", client_id: client.client_id, client_secret: client.client_secret, scope: "read"
post api_openid_connect_access_tokens_path, params: {grant_type: "noexistgrant", username: "bob",
password: "bluepin7", client_id: client.client_id, client_secret: client.client_secret, scope: "read"}
expect(response.body).to include "unsupported_grant_type"
end
end
@ -200,8 +200,8 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
describe "the refresh token grant type" do
context "when the refresh token is valid" do
it "should return an access token" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret, refresh_token: auth.refresh_token
post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret, refresh_token: auth.refresh_token}
json = JSON.parse(response.body)
expect(response.body).to include "expires_in"
expect(json["access_token"].length).to eq(64)
@ -211,32 +211,34 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the refresh token is not valid" do
it "should return an invalid grant error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret, refresh_token: "123456"
post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret, refresh_token: "123456"}
expect(response.body).to include "invalid_grant"
end
end
context "when the client is unregistered" do
it "should return an error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token", refresh_token: auth.refresh_token,
client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret
post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
refresh_token: auth.refresh_token,
client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret}
expect(response.body).to include "invalid_client"
end
end
context "when the refresh_token field is missing" do
it "should return an invalid request error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret
post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret}
expect(response.body).to include "'refresh_token' required"
end
end
context "when the client_secret doesn't match" do
it "should return an invalid client error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token", refresh_token: auth.refresh_token,
client_id: client.client_id, client_secret: "client.client_secret"
post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
refresh_token: auth.refresh_token,
client_id: client.client_id, client_secret: "client.client_secret"}
expect(response.body).to include "invalid_client"
end
end