72 lines
2.2 KiB
Ruby
72 lines
2.2 KiB
Ruby
|
require 'spec_helper_integration'
|
||
|
|
||
|
feature 'Authorization endpoint' do
|
||
|
background do
|
||
|
config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
|
||
|
client_exists(name: 'MyApp')
|
||
|
end
|
||
|
|
||
|
scenario 'requires resource owner to be authenticated' do
|
||
|
visit authorization_endpoint_url(client: @client)
|
||
|
i_should_see 'Sign in'
|
||
|
i_should_be_on '/'
|
||
|
end
|
||
|
|
||
|
context 'with authenticated resource owner' do
|
||
|
background do
|
||
|
create_resource_owner
|
||
|
sign_in
|
||
|
end
|
||
|
|
||
|
scenario 'displays the authorization form' do
|
||
|
visit authorization_endpoint_url(client: @client)
|
||
|
i_should_see 'Authorize MyApp to use your account?'
|
||
|
end
|
||
|
|
||
|
scenario 'displays all requested scopes' do
|
||
|
default_scopes_exist :public
|
||
|
optional_scopes_exist :write
|
||
|
visit authorization_endpoint_url(client: @client, scope: 'public write')
|
||
|
i_should_see 'Access your public data'
|
||
|
i_should_see 'Update your data'
|
||
|
end
|
||
|
end
|
||
|
|
||
|
context 'with a invalid request' do
|
||
|
background do
|
||
|
create_resource_owner
|
||
|
sign_in
|
||
|
end
|
||
|
|
||
|
scenario 'displays the related error' do
|
||
|
visit authorization_endpoint_url(client: @client, response_type: '')
|
||
|
i_should_not_see 'Authorize'
|
||
|
i_should_see_translated_error_message :unsupported_response_type
|
||
|
end
|
||
|
|
||
|
scenario "displays unsupported_response_type error when using a disabled response type" do
|
||
|
config_is_set(:grant_flows, ['implicit'])
|
||
|
visit authorization_endpoint_url(client: @client, response_type: 'code')
|
||
|
i_should_not_see "Authorize"
|
||
|
i_should_see_translated_error_message :unsupported_response_type
|
||
|
end
|
||
|
end
|
||
|
|
||
|
context 'forgery protection enabled' do
|
||
|
background do
|
||
|
create_resource_owner
|
||
|
sign_in
|
||
|
end
|
||
|
|
||
|
scenario 'raises exception on forged requests' do
|
||
|
allowing_forgery_protection do
|
||
|
expect {
|
||
|
page.driver.post authorization_endpoint_url(client_id: @client.uid,
|
||
|
redirect_uri: @client.redirect_uri,
|
||
|
response_type: 'code')
|
||
|
}.to raise_error(ActionController::InvalidAuthenticityToken)
|
||
|
end
|
||
|
end
|
||
|
end
|
||
|
end
|