Sha256: 10bf61ad71393a6a12ea9cd32e0595630b493294e47bdd2249a1d717a4f8be8f
Contents?: true
Size: 1.42 KB
Versions: 3
Compression:
Stored size: 1.42 KB
Contents
require 'spec_helper_integration'
feature 'Skip authorization form' do
background do
config_is_set(:authenticate_resource_owner) { User.first || redirect_to('/sign_in') }
client_exists
scope_exists :public, :default => true, :description => "Access your public data"
scope_exists :write, :description => "Update your data"
end
context 'for previously authorized clients' do
background do
create_resource_owner
sign_in
end
scenario 'skips the authorization and return a new grant code' do
client_is_authorized(@client, @resource_owner, :scopes => "public")
visit authorization_endpoint_url(:client => @client)
i_should_not_see "Authorize"
client_should_be_authorized @client
i_should_be_on_client_callback @client
url_should_have_param "code", Doorkeeper::AccessGrant.first.token
end
scenario 'does not skip authorization when scopes differ' do
client_is_authorized(@client, @resource_owner, :scopes => "public write")
visit authorization_endpoint_url(:client => @client, :scope => "public")
i_should_see "Authorize"
end
scenario 'creates grant with new scope when scopes differ' do
client_is_authorized(@client, @resource_owner, :scopes => "public write")
visit authorization_endpoint_url(:client => @client, :scope => "public")
click_on "Authorize"
access_grant_should_have_scopes :public
end
end
end
Version data entries
3 entries across 3 versions & 1 rubygems