Sha256: b1d49d4d2e9b3c82b239f6216ffa0eafc5690bb5667d9ba12b3f818415e811f2
Contents?: true
Size: 1.93 KB
Versions: 12
Compression:
Stored size: 1.93 KB
Contents
require 'spec_helper_integration'
feature 'Private API' do
background do
@client = FactoryGirl.create(:application)
@resource = User.create!(name: 'Joe', password: 'sekret')
@token = client_is_authorized(@client, @resource)
end
scenario 'client requests protected resource with valid token' do
with_access_token_header @token.token
visit '/full_protected_resources'
expect(page.body).to have_content('index')
end
scenario 'client requests protected resource with disabled header authentication' do
config_is_set :access_token_methods, [:from_access_token_param]
with_access_token_header @token.token
visit '/full_protected_resources'
response_status_should_be 401
end
scenario 'client attempts to request protected resource with invalid token' do
with_access_token_header 'invalid'
visit '/full_protected_resources'
response_status_should_be 401
end
scenario 'client attempts to request protected resource with expired token' do
@token.update_attribute :expires_in, -100 # expires token
with_access_token_header @token.token
visit '/full_protected_resources'
response_status_should_be 401
end
scenario 'client requests protected resource with permanent token' do
@token.update_attribute :expires_in, nil # never expires
with_access_token_header @token.token
visit '/full_protected_resources'
expect(page.body).to have_content('index')
end
scenario 'access token with no scopes' do
optional_scopes_exist :admin
@token.update_attribute :scopes, nil
with_access_token_header @token.token
visit '/full_protected_resources/1.json'
response_status_should_be 403
end
scenario 'access token with default scope' do
default_scopes_exist :admin
@token.update_attribute :scopes, 'admin'
with_access_token_header @token.token
visit '/full_protected_resources/1.json'
expect(page.body).to have_content('show')
end
end
Version data entries
12 entries across 12 versions & 1 rubygems