Adjust protect resource endpoint spec

2015-08-12 19:51:33 +09:00 · 2015-08-12 19:51:33 +09:00 · cd2f1215e8
commit cd2f1215e8
parent 3cbe75469b
2 changed files with 9 additions and 22 deletions
--- a/app/controllers/api/v0/users_controller.rb
+++ b/app/controllers/api/v0/users_controller.rb
@ -1,5 +1,5 @@
 class Api::V0::UsersController < Api::V0::BaseController
-  before_filter do
+  before_action do
    require_access_token OpenidConnect::Scope.find_by(name: "read")
  end

--- a/spec/lib/openid_connect/protected_resource_endpoint_spec.rb
+++ b/spec/lib/openid_connect/protected_resource_endpoint_spec.rb
@ -1,43 +1,30 @@
 require "spec_helper"

 describe OpenidConnect::ProtectedResourceEndpoint, type: :request do
+  # TODO: Replace with factory
  let!(:client) do
    OpenidConnect::OAuthApplication.create!(
      client_name: "Diaspora Test Client", redirect_uris: ["http://localhost:3000/"])
  end
  let(:auth_with_read) do
-    auth = OpenidConnect::Authorization.find_or_create_by(o_auth_application: client, user: bob)
+    auth = OpenidConnect::Authorization.create!(o_auth_application: client, user: alice)
    auth.scopes << [OpenidConnect::Scope.find_or_create_by(name: "read")]
    auth
  end
  let!(:access_token_with_read) { auth_with_read.create_access_token.to_s }
-  let(:auth_with_read_and_write) do
-    auth = OpenidConnect::Authorization.find_or_create_by(o_auth_application: client, user: bob)
-    auth.scopes << [OpenidConnect::Scope.find_or_create_by(name: "read"), OpenidConnect::Scope.find_or_create_by(name: "write")]
-    auth
-  end
-  let!(:access_token_with_read_and_write) { auth_with_read_and_write.create_access_token.to_s }
  let(:invalid_token) { SecureRandom.hex(32).to_s }

  # TODO: Add tests for expired access tokens

-  context "when read scope access token is provided for read required endpoint" do
-    describe "user info endpoint" do
+  context "when valid access token is provided" do
    before do
      get api_v0_user_path, access_token: access_token_with_read
    end

-      it "shows the info" do
-        json_body = JSON.parse(response.body)
-        expect(json_body["username"]).to eq(bob.username)
-        expect(json_body["email"]).to eq(bob.email)
-      end
-
    it "includes private in the cache-control header" do
      expect(response.headers["Cache-Control"]).to include("private")
    end
  end
-  end

  context "when no access token is provided" do
    it "should respond with a 401 Unauthorized response" do