Sha256: 48de6ddead0d4f32efbd68c16e2e2035d6bc1693e3ddb814c2a05b3764a7bbeb
Contents?: true
Size: 1.71 KB
Versions: 1
Compression:
Stored size: 1.71 KB
Contents
require 'spec_helper_integration'
feature 'Private API' do
background do
@client = FactoryGirl.create(:application)
@resource = User.create!(:name => "Joe", :password => "sekret")
@token = client_is_authorized(@client, @resource)
end
scenario 'client requests protected resource with valid token' do
with_access_token_header @token.token
visit '/full_protected_resources'
page.body.should have_content("index")
end
scenario 'client requests protected resource with disabled header authentication' do
config_is_set :access_token_methods, [:from_access_token_param]
with_access_token_header @token.token
visit '/full_protected_resources'
response_status_should_be 401
end
scenario 'client attempts to request protected resource with invalid token' do
with_access_token_header "invalid"
visit '/full_protected_resources'
response_status_should_be 401
end
scenario 'client attempts to request protected resource with expired token' do
@token.update_column :expires_in, -100 # expires token
with_access_token_header @token.token
visit '/full_protected_resources'
response_status_should_be 401
end
scenario 'client requests protected resource with permanent token' do
@token.update_column :expires_in, nil # never expires
with_access_token_header @token.token
visit '/full_protected_resources'
page.body.should have_content("index")
end
scenario 'access token with no scopes' do
optional_scopes_exist :admin
@token.update_column :scopes, nil
with_access_token_header @token.token
visit '/full_protected_resources/1.json'
response_status_should_be 401
end
end
Version data entries
1 entries across 1 versions & 1 rubygems
| Version | Path |
|---|---|
| couchkeeper-0.6.7 | spec/requests/protected_resources/private_api_spec.rb |