nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Adjust protect resource endpoint spec

Browse source
This commit is contained in:
theworldbright 2015-08-12 19:51:33 +09:00
parent 3cbe75469b
commit cd2f1215e8
2 changed files with 9 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/controllers/api/v0/users_controller.rb
View file

@ -1,5 +1,5 @@
class Api::V0::UsersController < Api::V0::BaseController class Api::V0::UsersController < Api::V0::BaseController
before_filter do before_action do
require_access_token OpenidConnect::Scope.find_by(name: "read") require_access_token OpenidConnect::Scope.find_by(name: "read")
end end

29
spec/lib/openid_connect/protected_resource_endpoint_spec.rb
View file

@ -1,41 +1,28 @@
require "spec_helper" require "spec_helper"
describe OpenidConnect::ProtectedResourceEndpoint, type: :request do describe OpenidConnect::ProtectedResourceEndpoint, type: :request do
# TODO: Replace with factory
let!(:client) do let!(:client) do
OpenidConnect::OAuthApplication.create!( OpenidConnect::OAuthApplication.create!(
client_name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/"]) client_name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/"])
end end
let(:auth_with_read) do let(:auth_with_read) do
auth = OpenidConnect::Authorization.find_or_create_by(o_auth_application: client, user: bob) auth = OpenidConnect::Authorization.create!(o_auth_application: client, user: alice)
auth.scopes << [OpenidConnect::Scope.find_or_create_by(name: "read")] auth.scopes << [OpenidConnect::Scope.find_or_create_by(name: "read")]
auth auth
end end
let!(:access_token_with_read) { auth_with_read.create_access_token.to_s } let!(:access_token_with_read) { auth_with_read.create_access_token.to_s }
let(:auth_with_read_and_write) do
auth = OpenidConnect::Authorization.find_or_create_by(o_auth_application: client, user: bob)
auth.scopes << [OpenidConnect::Scope.find_or_create_by(name: "read"), OpenidConnect::Scope.find_or_create_by(name: "write")]
auth
end
let!(:access_token_with_read_and_write) { auth_with_read_and_write.create_access_token.to_s }
let(:invalid_token) { SecureRandom.hex(32).to_s } let(:invalid_token) { SecureRandom.hex(32).to_s }
# TODO: Add tests for expired access tokens # TODO: Add tests for expired access tokens
context "when read scope access token is provided for read required endpoint" do context "when valid access token is provided" do
describe "user info endpoint" do before do
before do get api_v0_user_path, access_token: access_token_with_read
get api_v0_user_path, access_token: access_token_with_read end
end
it "shows the info" do it "includes private in the cache-control header" do
json_body = JSON.parse(response.body) expect(response.headers["Cache-Control"]).to include("private")
expect(json_body["username"]).to eq(bob.username)
expect(json_body["email"]).to eq(bob.email)
end
it "includes private in the cache-control header" do
expect(response.headers["Cache-Control"]).to include("private")
end
end end
end end