Sha256: c2ce038d45cca3ca46a76a82faa0b3f108f1addf2cbc1d2711f7485c0e16235e

Contents?: true

Size: 1.5 KB

Versions: 1

Compression:

Stored size: 1.5 KB

Contents

require 'test_helper'

class GoogleSignIn::CallbacksControllerTest < ActionDispatch::IntegrationTest
  test "receiving an authorization code" do
    post google_sign_in.authorization_url, params: { proceed_to: 'http://www.example.com/login' }
    assert_response :redirect

    stub_token_request code: '4/SgCpHSVW5-Cy', access_token: 'ya29.GlwIBo', id_token: 'eyJhbGciOiJSUzI'

    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: flash[:state])
    assert_redirected_to 'http://www.example.com/login'
    assert_equal 'eyJhbGciOiJSUzI', flash[:google_sign_in_token]
  end

  test "protecting against CSRF" do
    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: 'invalid')
    assert_response :unprocessable_entity
  end

  test "protecting against open redirects" do
    post google_sign_in.authorization_url, params: { proceed_to: 'http://malicious.example.com/login' }
    assert_response :redirect

    get google_sign_in.callback_url(code: '4/SgCpHSVW5-Cy', state: flash[:state])
    assert_response :bad_request
  end

  private
    def stub_token_request(code:, **params)
      stub_request(:post, 'https://www.googleapis.com/oauth2/v4/token').
        with(body: { grant_type: 'authorization_code', code: code,
          client_id: FAKE_GOOGLE_CLIENT_ID, client_secret: FAKE_GOOGLE_CLIENT_SECRET,
          redirect_uri: 'http://www.example.com/google_sign_in/callback' }).
        to_return(status: 200, headers: { 'Content-Type' => 'application/json' }, body: JSON.generate(params))
    end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version Path
google_sign_in-1.1.2 test/controllers/callbacks_controller_test.rb