spec/requests/flows/password_spec.rb in doorkeeper-0.7.4 vs spec/requests/flows/password_spec.rb in doorkeeper-1.0.0.rc1

@@ -37,10 +37,20 @@
       token = Doorkeeper::AccessToken.first
 
       should_have_json 'access_token',  token.token
     end
 
+    scenario "should issue new token without client credentials" do
+      expect {
+        post password_token_endpoint_url(:resource_owner => @resource_owner)
+      }.to change { Doorkeeper::AccessToken.count }.by(1)
+
+      token = Doorkeeper::AccessToken.first
+
+      should_have_json 'access_token',  token.token
+    end
+
     scenario "should issue a refresh token if enabled" do
       config_is_set(:refresh_token_enabled, true)
 
       post password_token_endpoint_url(:client => @client, :resource_owner => @resource_owner)
 
@@ -60,9 +70,19 @@
     end
 
     scenario "should not issue new token without credentials" do
       expect {
         post password_token_endpoint_url( :client => @client)
+      }.to_not change { Doorkeeper::AccessToken.count }
+    end
+  end
+
+  context "with invalid client credentials" do
+    scenario "should not issue new token with bad client credentials" do
+      expect {
+        post password_token_endpoint_url( :client_id => @client.uid,
+                                          :client_secret => "bad_secret",
+                                          :resource_owner => @resource_owner)
       }.to_not change { Doorkeeper::AccessToken.count }
     end
   end
 end