From 98fd18077a950af84609c29bd9cc19b1d29a4746 Mon Sep 17 00:00:00 2001
From: theworldbright <kent@kentshikama.com>
Date: Sun, 2 Aug 2015 13:52:09 +0900
Subject: [PATCH] Add test for expired access token

---
 .../api/openid_connect/authorization.rb       |  1 -
 .../authorization_point/endpoint.rb           |  2 --
 .../protected_resource_endpoint_spec.rb       | 22 ++++++++++++++++---
 3 files changed, 19 insertions(+), 6 deletions(-)

diff --git a/app/models/api/openid_connect/authorization.rb b/app/models/api/openid_connect/authorization.rb
index 90a225845..8ca7c8e41 100644
--- a/app/models/api/openid_connect/authorization.rb
+++ b/app/models/api/openid_connect/authorization.rb
@@ -57,7 +57,6 @@ module Api
         auth.code = nil if auth # Remove auth code if found so it can't be reused
         auth
       end
-      # TODO: Consider splitting into subclasses by flow type
     end
   end
 end
diff --git a/lib/api/openid_connect/authorization_point/endpoint.rb b/lib/api/openid_connect/authorization_point/endpoint.rb
index 29d010f91..38ccb5f99 100644
--- a/lib/api/openid_connect/authorization_point/endpoint.rb
+++ b/lib/api/openid_connect/authorization_point/endpoint.rb
@@ -50,8 +50,6 @@ module Api
             end
           }
         end
-
-        # TODO: buildResponseType(req)
       end
     end
   end
diff --git a/spec/lib/api/openid_connect/protected_resource_endpoint_spec.rb b/spec/lib/api/openid_connect/protected_resource_endpoint_spec.rb
index ec819f13e..0d1f9eaa3 100644
--- a/spec/lib/api/openid_connect/protected_resource_endpoint_spec.rb
+++ b/spec/lib/api/openid_connect/protected_resource_endpoint_spec.rb
@@ -1,12 +1,15 @@
 require "spec_helper"
-
 describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
   let(:auth_with_read) { FactoryGirl.create(:auth_with_read) }
   let!(:access_token_with_read) { auth_with_read.create_access_token.to_s }
+  let!(:expired_access_token) do
+    access_token = auth_with_read.o_auth_access_tokens.create!
+    access_token.expires_at = Time.zone.now - 100
+    access_token.save
+    access_token.bearer_token.to_s
+  end
   let(:invalid_token) { SecureRandom.hex(32).to_s }
 
-  # TODO: Add tests for expired access tokens
-
   context "when valid access token is provided" do
     before do
       get api_openid_connect_user_info_path, access_token: access_token_with_read
@@ -17,6 +20,19 @@ describe Api::OpenidConnect::ProtectedResourceEndpoint, type: :request do
     end
   end
 
+  context "when access token is expired" do
+    before do
+      get api_openid_connect_user_info_path, access_token: expired_access_token
+    end
+
+    it "should respond with a 401 Unauthorized response" do
+      expect(response.status).to be(401)
+    end
+    it "should have an auth-scheme value of Bearer" do
+      expect(response.headers["WWW-Authenticate"]).to include("Bearer")
+    end
+  end
+
   context "when no access token is provided" do
     before do
       get api_openid_connect_user_info_path