cartodb/spec/models/carto/oauth_authorization_code_spec.rb

88 lines
2.9 KiB
Ruby
Raw Normal View History

2020-06-15 10:58:47 +08:00
require 'spec_helper_min'
module Carto
describe OauthAuthorizationCode do
describe '#validation' do
before(:all) do
@user = FactoryGirl.create(:valid_user)
@carto_user = Carto::User.find(@user.id)
@app = FactoryGirl.build(:oauth_app, user: @carto_user)
@app_user = OauthAppUser.new(user: @carto_user, oauth_app: @app)
end
after(:all) do
@app_user.destroy
@app.destroy
@user.destroy
end
it 'does not accept invalid scopes' do
authorization = OauthAuthorizationCode.new(scopes: ['wadus'])
expect(authorization).to_not(be_valid)
expect(authorization.errors[:scopes]).to(include("contains unsupported scopes: wadus"))
end
it 'validates without redirect_uri and autogenerates code' do
authorization = OauthAuthorizationCode.new(oauth_app_user: @app_user)
expect(authorization).to(be_valid)
expect(authorization.code).to(be_present)
end
it 'validates with redirect_uri and autogenerates code' do
authorization = OauthAuthorizationCode.new(oauth_app_user: @app_user, redirect_uri: ['https://redirect'])
expect(authorization).to(be_valid)
expect(authorization.code).to(be_present)
end
end
describe '#exchange!' do
before(:all) do
@user = FactoryGirl.create(:valid_user)
@carto_user = Carto::User.find(@user.id)
@app = FactoryGirl.create(:oauth_app, user: @carto_user)
@app_user = OauthAppUser.create(user: @carto_user, oauth_app: @app)
end
after(:all) do
@app_user.destroy
@app.destroy
@user.destroy
end
before(:each) do
@authorization_code = @app_user.oauth_authorization_codes.create!
end
after(:each) do
@authorization_code.destroy
end
it 'fails if the code is expired' do
@authorization_code.created_at -= 10.minutes
expect { @authorization_code.exchange! }.to(raise_error(OauthProvider::Errors::InvalidGrant))
expect(Carto::OauthAuthorizationCode.exists?(@authorization_code.id)).to(be_true)
end
it 'creates a new api key and blanks the code' do
access_token, refresh_token = @authorization_code.exchange!
expect(Carto::OauthAuthorizationCode.exists?(@authorization_code.id)).to(be_false)
expect(access_token.api_key).to(be)
expect(access_token.api_key.type).to(eq('oauth'))
expect(refresh_token).to(be_nil)
end
it 'with offline scope creates a new access token and refresh token' do
@authorization_code.update!(scopes: ['offline'])
access_token, refresh_token = @authorization_code.exchange!
expect(Carto::OauthAuthorizationCode.exists?(@authorization_code.id)).to(be_false)
expect(access_token.api_key).to(be)
expect(access_token.api_key.type).to(eq('oauth'))
expect(refresh_token).to(be)
end
end
end
end