test/oauth/server_test.rb in rack-oauth2-server-2.0.0.beta3 vs test/oauth/server_test.rb in rack-oauth2-server-2.0.0.beta4
- old
+ new
@@ -6,11 +6,11 @@
def setup
super
end
context "get_auth_request" do
- setup { @request = Server::AuthRequest.create(client.id, client.scopes.join(" "), client.redirect_uri, "token", nil) }
+ setup { @request = Server::AuthRequest.create(client, client.scope.join(" "), client.redirect_uri, "token", nil) }
should "return authorization request" do
assert_equal @request.id, Server.get_auth_request(@request.id).id
end
should "return nil if no request found" do
@@ -32,11 +32,11 @@
context "register" do
context "no client ID" do
setup do
@client = Server.register(:display_name=>"MyApp", :link=>"http://example.org", :image_url=>"http://example.org/favicon.ico",
- :redirect_uri=>"http://example.org/oauth/callback", :scopes=>%w{read write})
+ :redirect_uri=>"http://example.org/oauth/callback", :scope=>%w{read write})
end
should "create new client" do
assert_equal 2, Server::Client.collection.count
assert_contains Server::Client.all.map(&:id), @client.id
@@ -56,12 +56,12 @@
should "set redirect URI" do
assert_equal "http://example.org/oauth/callback", Server.get_client(@client.id).redirect_uri
end
- should "set scopes" do
- assert_equal %w{read write}, Server.get_client(@client.id).scopes
+ should "set scope" do
+ assert_equal %w{read write}, Server.get_client(@client.id).scope
end
should "assign client an ID" do
assert_match /[0-9a-f]{24}/, @client.id.to_s
end
@@ -132,73 +132,116 @@
end
end
+ context "access_grant" do
+ setup do
+ code = Server.access_grant("Batman", client.id, %w{read})
+ basic_authorize client.id, client.secret
+ post "/oauth/access_token", :scope=>"read", :grant_type=>"authorization_code", :code=>code, :redirect_uri=>client.redirect_uri
+ @token = JSON.parse(last_response.body)["access_token"]
+ end
+
+ should "resolve into an access token" do
+ assert Server.get_access_token(@token)
+ end
+
+ should "resolve into access token with grant identity" do
+ assert_equal "Batman", Server.get_access_token(@token).identity
+ end
+
+ should "resolve into access token with grant scope" do
+ assert_equal %w{read}, Server.get_access_token(@token).scope
+ end
+
+ should "resolve into access token with grant client" do
+ assert_equal client.id, Server.get_access_token(@token).client_id
+ end
+
+ context "with no scope" do
+ setup { @code = Server.access_grant("Batman", client.id) }
+
+ should "pick client scope" do
+ assert_equal %w{oauth-admin read write}, Server::AccessGrant.from_code(@code).scope
+ end
+ end
+
+ end
+
+
context "get_access_token" do
- setup { @token = Server.get_token_for("Batman", client.id, %w{read}).token }
+ setup { @token = Server.token_for("Batman", client.id, %w{read}) }
should "return authorization request" do
assert_equal @token, Server.get_access_token(@token).token
end
should "return nil if no client found" do
assert !Server.get_access_token("4ce2488e3321e87ac1000004")
end
+
+ context "with no scope" do
+ setup { @token = Server.token_for("Batman", client.id) }
+
+ should "pick client scope" do
+ assert_equal %w{oauth-admin read write}, Server::AccessToken.from_token(@token).scope
+ end
+ end
end
- context "get_token_for" do
- setup { @token = Server.get_token_for("Batman", client.id, %w{read write}) }
+ context "token_for" do
+ setup { @token = Server.token_for("Batman", client.id, %w{read write}) }
should "return access token" do
- assert Server::AccessToken === @token
+ assert_match /[0-9a-f]{32}/, @token
end
should "associate token with client" do
- assert_equal client.id, @token.client_id
+ assert_equal client.id, Server.get_access_token(@token).client_id
end
should "associate token with identity" do
- assert_equal "Batman", @token.identity
+ assert_equal "Batman", Server.get_access_token(@token).identity
end
should "associate token with scope" do
- assert_equal %w{read write}, @token.scope
+ assert_equal %w{read write}, Server.get_access_token(@token).scope
end
should "return same token for same parameters" do
- assert_equal @token.token, Server.get_token_for("Batman", client.id, %w{write read}).token
+ assert_equal @token, Server.token_for("Batman", client.id, %w{write read})
end
should "return different token for different identity" do
- assert @token.token != Server.get_token_for("Superman", client.id, %w{read write}).token
+ assert @token != Server.token_for("Superman", client.id, %w{read write})
end
should "return different token for different client" do
client = Server.register(:display_name=>"MyApp")
- assert @token.token != Server.get_token_for("Batman", client.id, %w{read write}).token
+ assert @token != Server.token_for("Batman", client.id, %w{read write})
end
should "return different token for different scope" do
- assert @token.token != Server.get_token_for("Batman", client.id, %w{read}).token
+ assert @token != Server.token_for("Batman", client.id, %w{read})
end
end
context "list access tokens" do
setup do
- @one = Server.get_token_for("Batman", client.id, %w{read})
- @two = Server.get_token_for("Superman", client.id, %w{read})
- @three = Server.get_token_for("Batman", client.id, %w{write})
+ @one = Server.token_for("Batman", client.id, %w{read})
+ @two = Server.token_for("Superman", client.id, %w{read})
+ @three = Server.token_for("Batman", client.id, %w{write})
end
should "return all tokens for identity" do
- assert_contains Server.list_access_tokens("Batman").map(&:token), @one.token
- assert_contains Server.list_access_tokens("Batman").map(&:token), @three.token
+ assert_contains Server.list_access_tokens("Batman").map(&:token), @one
+ assert_contains Server.list_access_tokens("Batman").map(&:token), @three
end
should "not return tokens for other identities" do
- assert !Server.list_access_tokens("Batman").map(&:token).include?(@two.token)
+ assert !Server.list_access_tokens("Batman").map(&:token).include?(@two)
end
end
end