@ -5,23 +5,25 @@ require 'rails_helper'
RSpec . describe Oauth :: AuthorizationsController , type : :controller do
RSpec . describe Oauth :: AuthorizationsController , type : :controller do
render_views
render_views
let ( :app ) { Doorkeeper :: Application . create! ( name : 'test' , redirect_uri : 'http://localhost/' ) }
let ( :app ) { Doorkeeper :: Application . create! ( name : 'test' , redirect_uri : 'http://localhost/' , scopes : 'read' ) }
describe 'GET #new' do
describe 'GET #new' do
subject do
subject do
get :new , params : { client_id : app . uid , response_type : 'code' , redirect_uri : 'http://localhost/' }
get :new , params : { client_id : app . uid , response_type : 'code' , redirect_uri : 'http://localhost/' , scope : 'read' }
end
end
shared_examples 'stores location for user' do
shared_examples 'stores location for user' do
it 'stores location for user' do
it 'stores location for user' do
subject
subject
expect ( controller . stored_location_for ( :user ) ) . to eq " /oauth/authorize?client_id= #{ app . uid } &redirect_uri=http%3A%2F%2Flocalhost%2F&response_type=code "
expect ( controller . stored_location_for ( :user ) ) . to eq " /oauth/authorize?client_id= #{ app . uid } &redirect_uri=http%3A%2F%2Flocalhost%2F&response_type=code &scope=read "
end
end
end
end
context 'when signed in' do
context 'when signed in' do
let! ( :user ) { Fabricate ( :user ) }
before do
before do
sign_in Fabricate ( :user ) , scope : :user
sign_in user , scope : :user
end
end
it 'returns http success' do
it 'returns http success' do
@ -35,6 +37,28 @@ RSpec.describe Oauth::AuthorizationsController, type: :controller do
end
end
include_examples 'stores location for user'
include_examples 'stores location for user'
context 'when app is already authorized' do
before do
Doorkeeper :: AccessToken . find_or_create_for (
app ,
user . id ,
app . scopes ,
Doorkeeper . configuration . access_token_expires_in ,
Doorkeeper . configuration . refresh_token_enabled?
)
end
it 'redirects to callback' do
subject
expect ( response ) . to redirect_to ( / \ A #{ app . redirect_uri } / )
end
it 'does not redirect to callback with force_login=true' do
get :new , params : { client_id : app . uid , response_type : 'code' , redirect_uri : 'http://localhost/' , scope : 'read' , force_login : 'true' }
expect ( response . body ) . to match ( / Authorize / )
end
end
end
end
context 'when not signed in' do
context 'when not signed in' do