From cd2f1215e8f86bcdd9e6cf78a41c73f93342f927 Mon Sep 17 00:00:00 2001
From: theworldbright <kent@kentshikama.com>
Date: Wed, 12 Aug 2015 19:51:33 +0900
Subject: [PATCH] Adjust protect resource endpoint spec

---
 app/controllers/api/v0/users_controller.rb    |  2 +-
 .../protected_resource_endpoint_spec.rb       | 29 +++++--------------
 2 files changed, 9 insertions(+), 22 deletions(-)

diff --git a/app/controllers/api/v0/users_controller.rb b/app/controllers/api/v0/users_controller.rb
index 11f68ffe9..5a96e8d73 100644
--- a/app/controllers/api/v0/users_controller.rb
+++ b/app/controllers/api/v0/users_controller.rb
@@ -1,5 +1,5 @@
 class Api::V0::UsersController < Api::V0::BaseController
-  before_filter do
+  before_action do
     require_access_token OpenidConnect::Scope.find_by(name: "read")
   end
 
diff --git a/spec/lib/openid_connect/protected_resource_endpoint_spec.rb b/spec/lib/openid_connect/protected_resource_endpoint_spec.rb
index 7fd948a75..cd344c3a9 100644
--- a/spec/lib/openid_connect/protected_resource_endpoint_spec.rb
+++ b/spec/lib/openid_connect/protected_resource_endpoint_spec.rb
@@ -1,41 +1,28 @@
 require "spec_helper"
 
 describe OpenidConnect::ProtectedResourceEndpoint, type: :request do
+  # TODO: Replace with factory
   let!(:client) do
     OpenidConnect::OAuthApplication.create!(
       client_name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/"])
   end
   let(:auth_with_read) do
-    auth = OpenidConnect::Authorization.find_or_create_by(o_auth_application: client, user: bob)
+    auth = OpenidConnect::Authorization.create!(o_auth_application: client, user: alice)
     auth.scopes << [OpenidConnect::Scope.find_or_create_by(name: "read")]
     auth
   end
   let!(:access_token_with_read) { auth_with_read.create_access_token.to_s }
-  let(:auth_with_read_and_write) do
-    auth = OpenidConnect::Authorization.find_or_create_by(o_auth_application: client, user: bob)
-    auth.scopes << [OpenidConnect::Scope.find_or_create_by(name: "read"), OpenidConnect::Scope.find_or_create_by(name: "write")]
-    auth
-  end
-  let!(:access_token_with_read_and_write) { auth_with_read_and_write.create_access_token.to_s }
   let(:invalid_token) { SecureRandom.hex(32).to_s }
 
   # TODO: Add tests for expired access tokens
 
-  context "when read scope access token is provided for read required endpoint" do
-    describe "user info endpoint" do
-      before do
-        get api_v0_user_path, access_token: access_token_with_read
-      end
+  context "when valid access token is provided" do
+    before do
+      get api_v0_user_path, access_token: access_token_with_read
+    end
 
-      it "shows the info" do
-        json_body = JSON.parse(response.body)
-        expect(json_body["username"]).to eq(bob.username)
-        expect(json_body["email"]).to eq(bob.email)
-      end
-
-      it "includes private in the cache-control header" do
-        expect(response.headers["Cache-Control"]).to include("private")
-      end
+    it "includes private in the cache-control header" do
+      expect(response.headers["Cache-Control"]).to include("private")
     end
   end