RubyGems - doorkeeper-mongodb - Versions diffs - 5.2.1 → 5.2.3 - Mend

doorkeeper-mongodb 5.2.1 → 5.2.3

Files changed (177) hide show

data/spec/controllers/applications_controller_spec.rb CHANGED Viewed

@@ -2,132 +2,154 @@
 require "spec_helper"
-module Doorkeeper
-  describe ApplicationsController do
-    context "JSON API" do
-      render_views
+RSpec.describe Doorkeeper::ApplicationsController do
+  render_views
-      before do
-        allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
-        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
-      end
+  context "when JSON API used" do
+    before do
+      allow(Doorkeeper.configuration).to receive(:api_only).and_return(true)
+      allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
+    end
-      it "creates an application" do
-        expect do
-          post :create, params: {
-            doorkeeper_application: {
-              name: "Example",
-              redirect_uri: "https://example.com",
-            }, format: :json,
-          }
-        end.to(change { Doorkeeper::Application.count })
+    it "creates an application" do
+      expect do
+        post :create, params: {
+          doorkeeper_application: {
+            name: "Example",
+            redirect_uri: "https://example.com",
+          }, format: :json,
+        }
+      end.to(change { Doorkeeper::Application.count })
-        expect(response).to be_successful
+      expect(response).to be_successful
-        expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
+      expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
-        application = Application.last
-        secret_from_response = json_response["secret"]
-        expect(application.secret_matches?(secret_from_response)).to be_truthy
+      application = Doorkeeper::Application.last
+      secret_from_response = json_response["secret"]
+      expect(application).to be_secret_matches(secret_from_response)
-        expect(json_response["name"]).to eq("Example")
-        expect(json_response["redirect_uri"]).to eq("https://example.com")
-      end
+      expect(json_response["name"]).to eq("Example")
+      expect(json_response["redirect_uri"]).to eq("https://example.com")
+    end
-      it "returns validation errors on wrong create params" do
-        expect do
-          post :create, params: {
-            doorkeeper_application: {
-              name: "Example",
-            }, format: :json,
-          }
-        end.not_to(change { Doorkeeper::Application.count })
+    it "returns validation errors on wrong create params" do
+      expect do
+        post :create, params: {
+          doorkeeper_application: {
+            name: "Example",
+          }, format: :json,
+        }
+      end.not_to(change { Doorkeeper::Application.count })
-        expect(response).to have_http_status(422)
+      expect(response).to have_http_status(422)
-        expect(json_response).to include("errors")
-      end
+      expect(json_response).to include("errors")
+    end
-      it "returns validations on wrong create params (unspecified scheme)" do
-        expect do
-          post :create, params: {
-            doorkeeper_application: {
-              name: "Example",
-              redirect_uri: "app.com:80",
-            }, format: :json,
-          }
-        end.not_to(change { Doorkeeper::Application.count })
+    it "returns validations on wrong create params (unspecified scheme)" do
+      expect do
+        post :create, params: {
+          doorkeeper_application: {
+            name: "Example",
+            redirect_uri: "app.com:80",
+          }, format: :json,
+        }
+      end.not_to(change { Doorkeeper::Application.count })
-        expect(response).to have_http_status(422)
+      expect(response).to have_http_status(422)
-        expect(json_response).to include("errors")
-      end
+      expect(json_response).to include("errors")
+    end
-      it "returns application info" do
-        application = FactoryBot.create(:application, name: "Change me")
+    it "returns application info" do
+      application = FactoryBot.create(:application, name: "Change me")
-        get :show, params: { id: application.id, format: :json }
+      get :show, params: { id: application.id, format: :json }
-        expect(response).to be_successful
+      expect(response).to be_successful
-        expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
-      end
+      expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
+    end
-      it "updates application" do
-        application = FactoryBot.create(:application, name: "Change me")
+    it "updates application" do
+      application = FactoryBot.create(:application, name: "Change me")
-        put :update, params: {
-          id: application.id,
-          doorkeeper_application: {
-            name: "Example App",
-            redirect_uri: "https://example.com",
-          }, format: :json,
-        }
+      put :update, params: {
+        id: application.id,
+        doorkeeper_application: {
+          name: "Example App",
+          redirect_uri: "https://example.com",
+        }, format: :json,
+      }
-        expect(application.reload.name).to eq "Example App"
+      expect(application.reload.name).to eq "Example App"
-        expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
-      end
+      expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
+    end
-      it "returns validation errors on wrong update params" do
-        application = FactoryBot.create(:application, name: "Change me")
+    it "returns validation errors on wrong update params" do
+      application = FactoryBot.create(:application, name: "Change me")
-        put :update, params: {
-          id: application.id,
-          doorkeeper_application: {
-            name: "Example App",
-            redirect_uri: "localhost:3000",
-          }, format: :json,
-        }
+      put :update, params: {
+        id: application.id,
+        doorkeeper_application: {
+          name: "Example App",
+          redirect_uri: "localhost:3000",
+        }, format: :json,
+      }
-        expect(response).to have_http_status(422)
+      expect(response).to have_http_status(422)
-        expect(json_response).to include("errors")
-      end
+      expect(json_response).to include("errors")
+    end
-      it "destroys an application" do
-        application = FactoryBot.create(:application)
+    it "destroys an application" do
+      application = FactoryBot.create(:application)
-        delete :destroy, params: { id: application.id, format: :json }
+      delete :destroy, params: { id: application.id, format: :json }
-        expect(response).to have_http_status(204)
-        expect(Application.count).to be_zero
-      end
+      expect(response).to have_http_status(204)
+      expect(Doorkeeper::Application.count).to be_zero
     end
+  end
-    context "when admin is not authenticated" do
-      before do
-        allow(Doorkeeper.config).to receive(:authenticate_admin).and_return(proc do
-          redirect_to main_app.root_url
-        end)
-      end
+  context "when admin is not authenticated" do
+    before do
+      allow(Doorkeeper.config).to receive(:authenticate_admin).and_return(proc do
+        redirect_to main_app.root_url
+      end)
+    end
+    it "redirects as set in Doorkeeper.authenticate_admin" do
+      get :index
+      expect(response).to redirect_to(controller.main_app.root_url)
+    end
+    it "does not create application" do
+      expect do
+        post :create, params: {
+          doorkeeper_application: {
+            name: "Example",
+            redirect_uri: "https://example.com",
+          },
+        }
+      end.not_to(change { Doorkeeper::Application.count })
+    end
+  end
+  context "when admin is authenticated" do
+    before do
+      allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
+    end
-      it "redirects as set in Doorkeeper.authenticate_admin" do
-        get :index
-        expect(response).to redirect_to(controller.main_app.root_url)
+    context "when application secrets are hashed" do
+      before do
+        allow(Doorkeeper.configuration)
+          .to receive(:application_secret_strategy).and_return(Doorkeeper::SecretStoring::Sha256Hash)
       end
-      it "does not create application" do
+      it "shows the application secret after creating a new application" do
         expect do
           post :create, params: {
             doorkeeper_application: {
@@ -135,140 +157,114 @@ module Doorkeeper
               redirect_uri: "https://example.com",
             },
           }
-        end.not_to(change { Doorkeeper::Application.count })
-      end
-    end
+        end.to change { Doorkeeper::Application.count }.by(1)
-    context "when admin is authenticated" do
-      context "when application secrets are hashed" do
-        before do
-          allow(Doorkeeper.configuration)
-            .to receive(:application_secret_strategy).and_return(Doorkeeper::SecretStoring::Sha256Hash)
-        end
-        it "shows the application secret after creating a new application" do
-          expect do
-            post :create, params: {
-              doorkeeper_application: {
-                name: "Example",
-                redirect_uri: "https://example.com",
-              },
-            }
-          end.to change { Doorkeeper::Application.count }.by(1)
-          application = Application.last
-          secret_from_flash = flash[:application_secret]
-          expect(secret_from_flash).not_to be_empty
-          expect(application.secret_matches?(secret_from_flash)).to be_truthy
-          expect(response).to redirect_to(controller.main_app.oauth_application_url(application.id))
-          get :show, params: { id: application.id, format: :html }
-          # We don't know the application secret here (because its hashed) so we can not assert its text on the page
-          # Instead, we read it from the page and then check if it matches the application secret
-          code_element = %r{<code.*id="secret".*>(.*)<\/code>}.match(response.body)
-          secret_from_page = code_element[1]
-          expect(response.body).to have_selector("code#application_id", text: application.uid)
-          expect(response.body).to have_selector("code#secret")
-          expect(secret_from_page).not_to be_empty
-          expect(application.secret_matches?(secret_from_page)).to be_truthy
-        end
-        it "does not show an application secret when application did already exist" do
-          application = FactoryBot.create(:application)
-          get :show, params: { id: application.id, format: :html }
-          expect(response.body).to have_selector("code#application_id", text: application.uid)
-          expect(response.body).to have_selector("code#secret", text: "")
-        end
-        it "returns the application details in a json response" do
-          expect do
-            post :create, params: {
-              doorkeeper_application: {
-                name: "Example",
-                redirect_uri: "https://example.com",
-              }, format: :json,
-            }
-          end.to(change { Doorkeeper::Application.count })
-          expect(response).to be_successful
-          expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
-          application = Application.last
-          secret_from_response = json_response["secret"]
-          expect(application.secret_matches?(secret_from_response)).to be_truthy
-          expect(json_response["name"]).to eq("Example")
-          expect(json_response["redirect_uri"]).to eq("https://example.com")
-        end
-      end
+        application = Doorkeeper::Application.last
-      render_views
+        secret_from_flash = flash[:application_secret]
+        expect(secret_from_flash).not_to be_empty
+        expect(application).to be_secret_matches(secret_from_flash)
+        expect(response).to redirect_to(controller.main_app.oauth_application_url(application.id))
-      before do
-        allow(Doorkeeper.configuration).to receive(:authenticate_admin).and_return(->(*) { true })
-      end
+        get :show, params: { id: application.id, format: :html }
+        # We don't know the application secret here (because its hashed) so we can not assert its text on the page
+        # Instead, we read it from the page and then check if it matches the application secret
+        code_element = /code.*id="secret">\s*\K([^<]*)/m.match(response.body)
+        secret_from_page = code_element[1].strip
-      it "sorts applications by created_at" do
-        first_application = FactoryBot.create(:application)
-        second_application = FactoryBot.create(:application)
-        expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
+        expect(response.body).to have_selector("code#application_id", text: application.uid)
+        expect(response.body).to have_selector("code#secret")
+        expect(secret_from_page).not_to be_empty
+        expect(application).to be_secret_matches(secret_from_page)
+      end
-        get :index
+      it "does not show an application secret when application did already exist" do
+        application = FactoryBot.create(:application)
+        get :show, params: { id: application.id, format: :html }
-        expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
-        expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
+        expect(response.body).to have_selector("code#application_id", text: application.uid)
+        expect(response.body).to have_selector("code#secret", text: "")
       end
-      it "creates application" do
+      it "returns the application details in a json response" do
         expect do
           post :create, params: {
             doorkeeper_application: {
               name: "Example",
               redirect_uri: "https://example.com",
-            },
+            }, format: :json,
           }
-        end.to change { Doorkeeper::Application.count }.by(1)
+        end.to(change { Doorkeeper::Application.count })
-        expect(response).to be_redirect
-      end
+        expect(response).to be_successful
-      it "shows application details" do
-        application = FactoryBot.create(:application)
-        get :show, params: { id: application.id, format: :html }
+        expect(json_response).to include("id", "name", "uid", "secret", "redirect_uri", "scopes")
-        expect(response.body).to have_selector("code#application_id", text: application.uid)
-        expect(response.body).to have_selector("code#secret", text: application.plaintext_secret)
+        application = Doorkeeper::Application.last
+        secret_from_response = json_response["secret"]
+        expect(application).to be_secret_matches(secret_from_response)
+        expect(json_response["name"]).to eq("Example")
+        expect(json_response["redirect_uri"]).to eq("https://example.com")
       end
+    end
-      it "does not allow mass assignment of uid or secret" do
-        application = FactoryBot.create(:application)
-        put :update, params: {
-          id: application.id,
-          doorkeeper_application: {
-            uid: "1A2B3C4D",
-            secret: "1A2B3C4D",
-          },
-        }
+    it "sorts applications by created_at" do
+      first_application = FactoryBot.create(:application)
+      second_application = FactoryBot.create(:application)
+      expect(Doorkeeper::Application).to receive(:ordered_by).and_call_original
-        expect(application.reload.uid).not_to eq "1A2B3C4D"
-      end
+      get :index
-      it "updates application" do
-        application = FactoryBot.create(:application)
-        put :update, params: {
-          id: application.id, doorkeeper_application: {
+      expect(response.body).to have_selector("tbody tr:first-child#application_#{first_application.id}")
+      expect(response.body).to have_selector("tbody tr:last-child#application_#{second_application.id}")
+    end
+    it "creates application" do
+      expect do
+        post :create, params: {
+          doorkeeper_application: {
             name: "Example",
             redirect_uri: "https://example.com",
           },
         }
+      end.to change { Doorkeeper::Application.count }.by(1)
-        expect(application.reload.name).to eq "Example"
-      end
+      expect(response).to be_redirect
+    end
+    it "shows application details" do
+      application = FactoryBot.create(:application)
+      get :show, params: { id: application.id, format: :html }
+      expect(response.body).to have_selector("code#application_id", text: application.uid)
+      expect(response.body).to have_selector("code#secret", text: application.plaintext_secret)
+    end
+    it "does not allow mass assignment of uid or secret" do
+      application = FactoryBot.create(:application)
+      put :update, params: {
+        id: application.id,
+        doorkeeper_application: {
+          uid: "1A2B3C4D",
+          secret: "1A2B3C4D",
+        },
+      }
+      expect(application.reload.uid).not_to eq "1A2B3C4D"
+    end
+    it "updates application" do
+      application = FactoryBot.create(:application)
+      put :update, params: {
+        id: application.id, doorkeeper_application: {
+          name: "Example",
+          redirect_uri: "https://example.com",
+        },
+      }
+      expect(application.reload.name).to eq "Example"
     end
   end
 end