mirror of https://github.com/mastodon/mastodon
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
108 lines
2.9 KiB
Ruby
108 lines
2.9 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'rails_helper'
|
|
|
|
RSpec.describe 'Obtaining OAuth Tokens' do
|
|
describe 'POST /oauth/token' do
|
|
subject do
|
|
post '/oauth/token', params: params
|
|
end
|
|
|
|
let(:application) do
|
|
Fabricate(:application, scopes: 'read write follow', redirect_uri: 'urn:ietf:wg:oauth:2.0:oob')
|
|
end
|
|
let(:params) do
|
|
{
|
|
grant_type: grant_type,
|
|
client_id: application.uid,
|
|
client_secret: application.secret,
|
|
redirect_uri: 'urn:ietf:wg:oauth:2.0:oob',
|
|
code: code,
|
|
scope: scope,
|
|
}
|
|
end
|
|
|
|
context "with grant_type 'authorization_code'" do
|
|
let(:grant_type) { 'authorization_code' }
|
|
let(:code) do
|
|
access_grant = Fabricate(:access_grant, application: application, redirect_uri: 'urn:ietf:wg:oauth:2.0:oob', scopes: 'read write')
|
|
access_grant.plaintext_token
|
|
end
|
|
|
|
shared_examples 'returns originally requested scopes' do
|
|
it 'returns all scopes requested for the given code' do
|
|
subject
|
|
|
|
expect(response).to have_http_status(200)
|
|
expect(response.parsed_body[:scope]).to eq 'read write'
|
|
end
|
|
end
|
|
|
|
context 'with no scopes specified' do
|
|
let(:scope) { nil }
|
|
|
|
include_examples 'returns originally requested scopes'
|
|
end
|
|
|
|
context 'with scopes specified' do
|
|
context 'when the scopes were requested for this code' do
|
|
let(:scope) { 'write' }
|
|
|
|
include_examples 'returns originally requested scopes'
|
|
end
|
|
|
|
context 'when the scope was not requested for the code' do
|
|
let(:scope) { 'follow' }
|
|
|
|
include_examples 'returns originally requested scopes'
|
|
end
|
|
|
|
context 'when the scope does not belong to the application' do
|
|
let(:scope) { 'push' }
|
|
|
|
include_examples 'returns originally requested scopes'
|
|
end
|
|
end
|
|
end
|
|
|
|
context "with grant_type 'client_credentials'" do
|
|
let(:grant_type) { 'client_credentials' }
|
|
let(:code) { nil }
|
|
|
|
context 'with no scopes specified' do
|
|
let(:scope) { nil }
|
|
|
|
it 'returns only the default scope' do
|
|
subject
|
|
|
|
expect(response).to have_http_status(200)
|
|
expect(response.parsed_body[:scope]).to eq('read')
|
|
end
|
|
end
|
|
|
|
context 'with scopes specified' do
|
|
context 'when the scopes belong to the application' do
|
|
let(:scope) { 'read write' }
|
|
|
|
it 'returns all the requested scopes' do
|
|
subject
|
|
|
|
expect(response).to have_http_status(200)
|
|
expect(response.parsed_body[:scope]).to eq 'read write'
|
|
end
|
|
end
|
|
|
|
context 'when some scopes do not belong to the application' do
|
|
let(:scope) { 'read write push' }
|
|
|
|
it 'returns an error' do
|
|
subject
|
|
|
|
expect(response).to have_http_status(400)
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|