debian-mirror-gitlab/doorkeeper/spec/grape/grape_integration_spec.rb

136 lines
3.5 KiB
Ruby
Raw Normal View History

2020-01-04 02:51:38 +05:30
require 'spec_helper_integration'
require 'grape'
require 'rack/test'
require 'doorkeeper/grape/helpers'
# Test Grape API application
module GrapeApp
class API < Grape::API
version 'v1', using: :path
format :json
prefix :api
helpers Doorkeeper::Grape::Helpers
resource :protected do
before do
doorkeeper_authorize!
end
desc 'Protected resource, requires token.'
get :status do
{ token: doorkeeper_token.token }
end
end
resource :protected_with_endpoint_scopes do
before do
doorkeeper_authorize!
end
desc 'Protected resource, requires token with scopes (defined in endpoint).'
get :status, scopes: [:admin] do
{ response: 'OK' }
end
end
resource :protected_with_helper_scopes do
before do
doorkeeper_authorize! :admin
end
desc 'Protected resource, requires token with scopes (defined in helper).'
get :status do
{ response: 'OK' }
end
end
resource :public do
desc "Public resource, no token required."
get :status do
{ response: 'OK' }
end
end
end
end
describe 'Grape integration' do
include Rack::Test::Methods
def app
GrapeApp::API
end
def json_body
JSON.parse(last_response.body)
end
let(:client) { FactoryBot.create(:application) }
let(:resource) { FactoryBot.create(:doorkeeper_testing_user, name: 'Joe', password: 'sekret') }
let(:access_token) { client_is_authorized(client, resource) }
context 'with valid Access Token' do
it 'successfully requests protected resource' do
get "api/v1/protected/status.json?access_token=#{access_token.token}"
expect(last_response).to be_successful
expect(json_body['token']).to eq(access_token.token)
end
it 'successfully requests protected resource with token that has required scopes (Grape endpoint)' do
access_token = client_is_authorized(client, resource, scopes: 'admin')
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
expect(last_response).to be_successful
expect(json_body).to have_key('response')
end
it 'successfully requests protected resource with token that has required scopes (Doorkeeper helper)' do
access_token = client_is_authorized(client, resource, scopes: 'admin')
get "api/v1/protected_with_helper_scopes/status.json?access_token=#{access_token.token}"
expect(last_response).to be_successful
expect(json_body).to have_key('response')
end
it 'successfully requests public resource' do
get "api/v1/public/status.json"
expect(last_response).to be_successful
expect(json_body).to have_key('response')
end
end
context 'with invalid Access Token' do
it 'fails without access token' do
get "api/v1/protected/status.json"
expect(last_response).not_to be_successful
expect(json_body).to have_key('error')
end
it 'fails for access token without scopes' do
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
expect(last_response).not_to be_successful
expect(json_body).to have_key('error')
end
it 'fails for access token with invalid scopes' do
access_token = client_is_authorized(client, resource, scopes: 'read write')
get "api/v1/protected_with_endpoint_scopes/status.json?access_token=#{access_token.token}"
expect(last_response).not_to be_successful
expect(json_body).to have_key('error')
end
end
end