nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

New syntax for request specs

Browse source
This commit is contained in:
Benjamin Neff 2017-08-06 19:04:54 +02:00
parent 7c9590a27c
commit 621fdda197
No known key found for this signature in database
GPG key ID: 971464C3F1A90194
7 changed files with 60 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
spec/integration/application_spec.rb
View file

@ -10,14 +10,14 @@ describe ApplicationController, type: :request do
it "redirects to the new session page on validation fails" do it "redirects to the new session page on validation fails" do
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(false) expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(false)
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"} post "/users/sign_in", params: {user: {remember_me: 0, username: @user.username, password: "evankorth"}}
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail")) expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
end end
it "doesn't redirect to the new session page if the validation succeeded" do it "doesn't redirect to the new session page if the validation succeeded" do
expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(true) expect_any_instance_of(SessionsController).to receive(:verified_request?).and_return(true)
post "/users/sign_in", user: {remember_me: 0, username: @user.username, password: "evankorth"} post "/users/sign_in", params: {user: {remember_me: 0, username: @user.username, password: "evankorth"}}
expect(response).to redirect_to stream_path expect(response).to redirect_to stream_path
expect(flash[:error]).to be_blank expect(flash[:error]).to be_blank
end end
@ -30,7 +30,7 @@ describe ApplicationController, type: :request do
it "signs out users if a wrong token was given" do it "signs out users if a wrong token was given" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false) expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false)
put edit_user_path, user: {language: "en"} put edit_user_path, params: {user: {language: "en"}}
expect(response).to redirect_to new_user_session_path expect(response).to redirect_to new_user_session_path
expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail")) expect(flash[:error]).to eq(I18n.t("error_messages.csrf_token_fail"))
end end
@ -38,12 +38,12 @@ describe ApplicationController, type: :request do
it "sends an email to the current user if the token validation failed" do it "sends an email to the current user if the token validation failed" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false) expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(false)
expect(Workers::Mail::CsrfTokenFail).to receive(:perform_async).with(alice.id) expect(Workers::Mail::CsrfTokenFail).to receive(:perform_async).with(alice.id)
put edit_user_path, user: {language: "en"} put edit_user_path, params: {user: {language: "en"}}
end end
it "doesn't sign out users if the token was correct" do it "doesn't sign out users if the token was correct" do
expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(true) expect_any_instance_of(UsersController).to receive(:verified_request?).and_return(true)
put edit_user_path, user: {language: "en"} put edit_user_path, params: {user: {language: "en"}}
expect(response).not_to be_redirect expect(response).not_to be_redirect
expect(flash[:error]).to be_blank expect(flash[:error]).to be_blank
end end

4
spec/integration/federation/federation_helper.rb
View file

@ -61,12 +61,12 @@ def post_message(payload, recipient=nil)
if recipient if recipient
inlined_jobs do inlined_jobs do
headers = {"CONTENT_TYPE" => "application/json"} headers = {"CONTENT_TYPE" => "application/json"}
post "/receive/users/#{recipient.guid}", payload, headers post "/receive/users/#{recipient.guid}", params: payload, headers: headers
end end
else else
inlined_jobs do inlined_jobs do
headers = {"CONTENT_TYPE" => "application/magic-envelope+xml"} headers = {"CONTENT_TYPE" => "application/magic-envelope+xml"}
post "/receive/public", payload, headers post "/receive/public", params: payload, headers: headers
end end
end end
end end

5
spec/integration/mentioning_spec.rb
View file

@ -51,7 +51,10 @@ module MentioningSpecHelpers
sign_in user1 sign_in user1
status_msg = nil status_msg = nil
inlined_jobs do inlined_jobs do
post "/status_messages.json", status_message: {text: text_mentioning(mentioned_user)}, aspect_ids: aspects post "/status_messages.json", params: {
status_message: {text: text_mentioning(mentioned_user)},
aspect_ids: aspects
}
status_msg = StatusMessage.find(JSON.parse(response.body)["id"]) status_msg = StatusMessage.find(JSON.parse(response.body)["id"])
end end
status_msg status_msg

6
spec/integration/mobile_posts_spec.rb
View file

@ -3,7 +3,7 @@ describe PostsController, type: :request do
let(:sm) { FactoryGirl.build(:status_message_with_poll, public: true) } let(:sm) { FactoryGirl.build(:status_message_with_poll, public: true) }
it "displays the poll" do it "displays the poll" do
get "/posts/#{sm.id}", format: :mobile get "/posts/#{sm.id}", params: {format: :mobile}
expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(response.body).to match(/div class='poll'/) expect(response.body).to match(/div class='poll'/)
@ -13,7 +13,7 @@ describe PostsController, type: :request do
it "displays the correct percentage for the answers" do it "displays the correct percentage for the answers" do
alice.participate_in_poll!(sm, sm.poll.poll_answers.first) alice.participate_in_poll!(sm, sm.poll.poll_answers.first)
bob.participate_in_poll!(sm, sm.poll.poll_answers.last) bob.participate_in_poll!(sm, sm.poll.poll_answers.last)
get "/posts/#{sm.id}", format: :mobile get "/posts/#{sm.id}", params: {format: :mobile}
expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(response.body).to match(/div class='percentage pull-right'>\n50%/) expect(response.body).to match(/div class='percentage pull-right'>\n50%/)
@ -24,7 +24,7 @@ describe PostsController, type: :request do
let(:sm) { FactoryGirl.build(:status_message_with_location, public: true) } let(:sm) { FactoryGirl.build(:status_message_with_location, public: true) }
it "displays the location" do it "displays the location" do
get "/posts/#{sm.id}", format: :mobile get "/posts/#{sm.id}", params: {format: :mobile}
expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(response.body).to match(/'location nsfw-hidden'/) expect(response.body).to match(/'location nsfw-hidden'/)

4
spec/integration/tag_people_spec.rb
View file

@ -1,4 +1,4 @@
describe TagsController, :type => :request do describe TagsController, type: :request do
describe 'will_paginate people on the tag page' do describe 'will_paginate people on the tag page' do
let(:people) { (1..2).map { FactoryGirl.create(:person) } } let(:people) { (1..2).map { FactoryGirl.create(:person) } }
let(:tag) { "diaspora" } let(:tag) { "diaspora" }
@ -17,7 +17,7 @@ describe TagsController, :type => :request do
end end
it 'fetches the second page' do it 'fetches the second page' do
get "/tags/#{tag}", page: 2 get "/tags/#{tag}", params: {page: 2}
expect(response.status).to eq(200) expect(response.status).to eq(200)
expect(response.body).to match(/<li class="active"><a href="\/tags\/diaspora\?page=2">2<\/a><\/li>/) expect(response.body).to match(/<li class="active"><a href="\/tags\/diaspora\?page=2">2<\/a><\/li>/)

8
spec/lib/api/openid_connect/protected_resource_endpoint_spec.rb
View file

@ -11,7 +11,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when valid access token is provided" do context "when valid access token is provided" do
before do before do
get api_openid_connect_user_info_path, access_token: access_token_with_read get api_openid_connect_user_info_path, params: {access_token: access_token_with_read}
end end
it "includes private in the cache-control header" do it "includes private in the cache-control header" do
@ -21,7 +21,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when access token is expired" do context "when access token is expired" do
before do before do
get api_openid_connect_user_info_path, access_token: expired_access_token get api_openid_connect_user_info_path, params: {access_token: expired_access_token}
end end
it "should respond with a 401 Unauthorized response" do it "should respond with a 401 Unauthorized response" do
@ -47,7 +47,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when an invalid access token is provided" do context "when an invalid access token is provided" do
before do before do
get api_openid_connect_user_info_path, access_token: invalid_token get api_openid_connect_user_info_path, params: {access_token: invalid_token}
end end
it "should respond with a 401 Unauthorized response" do it "should respond with a 401 Unauthorized response" do
@ -66,7 +66,7 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
context "when authorization has been destroyed" do context "when authorization has been destroyed" do
before do before do
auth_with_read.destroy auth_with_read.destroy
get api_openid_connect_user_info_path, access_token: access_token_with_read get api_openid_connect_user_info_path, params: {access_token: access_token_with_read}
end end
it "should respond with a 401 Unauthorized response" do it "should respond with a 401 Unauthorized response" do

78
spec/lib/api/openid_connect/token_endpoint_spec.rb
View file

@ -19,9 +19,9 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
describe "the authorization code grant type" do describe "the authorization code grant type" do
context "when the authorization code is valid" do context "when the authorization code is valid" do
before do before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret, client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: code redirect_uri: "http://localhost:3000/", code: code}
end end
it "should return a valid id token" do it "should return a valid id token" do
@ -53,26 +53,26 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
it "should not allow code to be reused" do it "should not allow code to be reused" do
auth.reload auth.reload
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret, client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: code redirect_uri: "http://localhost:3000/", code: code}
expect(JSON.parse(response.body)["error"]).to eq("invalid_grant") expect(JSON.parse(response.body)["error"]).to eq("invalid_grant")
end end
it "should not allow a nil code" do it "should not allow a nil code" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret, client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: nil redirect_uri: "http://localhost:3000/", code: nil}
expect(JSON.parse(response.body)["error"]).to eq("invalid_request") expect(JSON.parse(response.body)["error"]).to eq("invalid_request")
end end
end end
context "when the authorization code is valid with jwt bearer" do context "when the authorization code is valid with jwt bearer" do
before do before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id, redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(valid_client_assertion_path) client_assertion: File.read(valid_client_assertion_path)}
end end
it "should return a valid id token" do it "should return a valid id token" do
@ -97,27 +97,27 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
it "should not allow code to be reused" do it "should not allow code to be reused" do
auth_with_specific_id.reload auth_with_specific_id.reload
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret, client_id: client.client_id, client_secret: client.client_secret,
redirect_uri: "http://localhost:3000/", code: code_with_specific_id redirect_uri: "http://localhost:3000/", code: code_with_specific_id}
expect(JSON.parse(response.body)["error"]).to eq("invalid_grant") expect(JSON.parse(response.body)["error"]).to eq("invalid_grant")
end end
end end
context "when the authorization code is not valid" do context "when the authorization code is not valid" do
it "should return an invalid grant error" do it "should return an invalid grant error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret, code: "123456" client_id: client.client_id, client_secret: client.client_secret, code: "123456"}
expect(response.body).to include "invalid_grant" expect(response.body).to include "invalid_grant"
end end
end end
context "when the client assertion is in an invalid format" do context "when the client assertion is in an invalid format" do
before do before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id, redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: "invalid_client_assertion.random" client_assertion: "invalid_client_assertion.random"}
end end
it "should return an error" do it "should return an error" do
@ -127,10 +127,10 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the client assertion is not matching with jwks keys" do context "when the client assertion is not matching with jwks keys" do
before do before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id, redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(client_assertion_with_tampered_sig_path) client_assertion: File.read(client_assertion_with_tampered_sig_path)}
end end
it "should return an error" do it "should return an error" do
@ -140,10 +140,10 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when kid doesn't exist in jwks keys" do context "when kid doesn't exist in jwks keys" do
before do before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id, redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(client_assertion_with_nonexistent_kid_path) client_assertion: File.read(client_assertion_with_nonexistent_kid_path)}
end end
it "should return an error" do it "should return an error" do
@ -153,18 +153,18 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the client is unregistered" do context "when the client is unregistered" do
it "should return an error" do it "should return an error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", code: auth.refresh_token, post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code", code: auth.refresh_token,
client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret}
expect(response.body).to include "invalid_client" expect(response.body).to include "invalid_client"
end end
end end
context "when the client is unregistered with jwks keys" do context "when the client is unregistered with jwks keys" do
before do before do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
redirect_uri: "http://localhost:3000/", code: code_with_specific_id, redirect_uri: "http://localhost:3000/", code: code_with_specific_id,
client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer", client_assertion_type: "urn:ietf:params:oauth:client-assertion-type:jwt-bearer",
client_assertion: File.read(client_assertion_with_nonexistent_client_id_path) client_assertion: File.read(client_assertion_with_nonexistent_client_id_path)}
end end
it "should return an error" do it "should return an error" do
@ -174,16 +174,16 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the code field is missing" do context "when the code field is missing" do
it "should return an invalid request error" do it "should return an invalid request error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code",
client_id: client.client_id, client_secret: client.client_secret client_id: client.client_id, client_secret: client.client_secret}
expect(response.body).to include "invalid_request" expect(response.body).to include "invalid_request"
end end
end end
context "when the client_secret doesn't match" do context "when the client_secret doesn't match" do
it "should return an invalid client error" do it "should return an invalid client error" do
post api_openid_connect_access_tokens_path, grant_type: "authorization_code", code: auth.refresh_token, post api_openid_connect_access_tokens_path, params: {grant_type: "authorization_code", code: auth.refresh_token,
client_id: client.client_id, client_secret: "client.client_secret" client_id: client.client_id, client_secret: "client.client_secret"}
expect(response.body).to include "invalid_client" expect(response.body).to include "invalid_client"
end end
end end
@ -191,8 +191,8 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
describe "an unsupported grant type" do describe "an unsupported grant type" do
it "should return an unsupported grant type error" do it "should return an unsupported grant type error" do
post api_openid_connect_access_tokens_path, grant_type: "noexistgrant", username: "bob", post api_openid_connect_access_tokens_path, params: {grant_type: "noexistgrant", username: "bob",
password: "bluepin7", client_id: client.client_id, client_secret: client.client_secret, scope: "read" password: "bluepin7", client_id: client.client_id, client_secret: client.client_secret, scope: "read"}
expect(response.body).to include "unsupported_grant_type" expect(response.body).to include "unsupported_grant_type"
end end
end end
@ -200,8 +200,8 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
describe "the refresh token grant type" do describe "the refresh token grant type" do
context "when the refresh token is valid" do context "when the refresh token is valid" do
it "should return an access token" do it "should return an access token" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token", post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret, refresh_token: auth.refresh_token client_id: client.client_id, client_secret: client.client_secret, refresh_token: auth.refresh_token}
json = JSON.parse(response.body) json = JSON.parse(response.body)
expect(response.body).to include "expires_in" expect(response.body).to include "expires_in"
expect(json["access_token"].length).to eq(64) expect(json["access_token"].length).to eq(64)
@ -211,32 +211,34 @@ describe Api::OpenidConnect::TokenEndpoint, type: :request do
context "when the refresh token is not valid" do context "when the refresh token is not valid" do
it "should return an invalid grant error" do it "should return an invalid grant error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token", post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret, refresh_token: "123456" client_id: client.client_id, client_secret: client.client_secret, refresh_token: "123456"}
expect(response.body).to include "invalid_grant" expect(response.body).to include "invalid_grant"
end end
end end
context "when the client is unregistered" do context "when the client is unregistered" do
it "should return an error" do it "should return an error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token", refresh_token: auth.refresh_token, post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret refresh_token: auth.refresh_token,
client_id: SecureRandom.hex(16).to_s, client_secret: client.client_secret}
expect(response.body).to include "invalid_client" expect(response.body).to include "invalid_client"
end end
end end
context "when the refresh_token field is missing" do context "when the refresh_token field is missing" do
it "should return an invalid request error" do it "should return an invalid request error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token", post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: client.client_id, client_secret: client.client_secret client_id: client.client_id, client_secret: client.client_secret}
expect(response.body).to include "'refresh_token' required" expect(response.body).to include "'refresh_token' required"
end end
end end
context "when the client_secret doesn't match" do context "when the client_secret doesn't match" do
it "should return an invalid client error" do it "should return an invalid client error" do
post api_openid_connect_access_tokens_path, grant_type: "refresh_token", refresh_token: auth.refresh_token, post api_openid_connect_access_tokens_path, params: {grant_type: "refresh_token",
client_id: client.client_id, client_secret: "client.client_secret" refresh_token: auth.refresh_token,
client_id: client.client_id, client_secret: "client.client_secret"}
expect(response.body).to include "invalid_client" expect(response.body).to include "invalid_client"
end end
end end