/
controller_oauth_spec.rb
206 lines (177 loc) · 8.71 KB
/
controller_oauth_spec.rb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
require File.expand_path(File.dirname(__FILE__) + '/spec_helper')
require File.expand_path(File.dirname(__FILE__) + '/../../shared_examples/controller_oauth_shared_examples')
require 'ostruct'
def stub_all_oauth_requests!
@consumer = OAuth::Consumer.new("key","secret", :site => "http://myapi.com")
OAuth::Consumer.stub!(:new).and_return(@consumer)
@req_token = OAuth::RequestToken.new(@consumer)
@consumer.stub!(:get_request_token).and_return(@req_token)
@acc_token = OAuth::AccessToken.new(@consumer)
@req_token.stub!(:get_access_token).and_return(@acc_token)
session[:request_token] = @req_token.token
session[:request_token_secret] = @req_token.secret
OAuth::RequestToken.stub!(:new).and_return(@req_token)
response = OpenStruct.new()
response.body = {"following"=>false, "listed_count"=>0, "profile_link_color"=>"0084B4", "profile_image_url"=>"http://a1.twimg.com/profile_images/536178575/noamb_normal.jpg", "description"=>"Programmer/Heavy Metal Fan/New Father", "status"=>{"text"=>"coming soon to sorcery gem: twitter and facebook authentication support.", "truncated"=>false, "favorited"=>false, "source"=>"web", "geo"=>nil, "in_reply_to_screen_name"=>nil, "in_reply_to_user_id"=>nil, "in_reply_to_status_id_str"=>nil, "created_at"=>"Sun Mar 06 23:01:12 +0000 2011", "contributors"=>nil, "place"=>nil, "retweeted"=>false, "in_reply_to_status_id"=>nil, "in_reply_to_user_id_str"=>nil, "coordinates"=>nil, "retweet_count"=>0, "id"=>44533012284706816, "id_str"=>"44533012284706816"}, "show_all_inline_media"=>false, "geo_enabled"=>true, "profile_sidebar_border_color"=>"a8c7f7", "url"=>nil, "followers_count"=>10, "screen_name"=>"nbenari", "profile_use_background_image"=>true, "location"=>"Israel", "statuses_count"=>25, "profile_background_color"=>"022330", "lang"=>"en", "verified"=>false, "notifications"=>false, "profile_background_image_url"=>"http://a3.twimg.com/profile_background_images/104087198/04042010339.jpg", "favourites_count"=>5, "created_at"=>"Fri Nov 20 21:58:19 +0000 2009", "is_translator"=>false, "contributors_enabled"=>false, "protected"=>false, "follow_request_sent"=>false, "time_zone"=>"Greenland", "profile_text_color"=>"333333", "name"=>"Noam Ben Ari", "friends_count"=>10, "profile_sidebar_fill_color"=>"C0DFEC", "id"=>123, "id_str"=>"91434812", "profile_background_tile"=>false, "utc_offset"=>-10800}.to_json
@acc_token.stub!(:get).and_return(response)
end
describe ApplicationController do
before(:all) do
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
sorcery_reload!([:external])
sorcery_controller_property_set(:external_providers, [:twitter])
sorcery_controller_external_property_set(:twitter, :key, "eYVNBjBDi33aa9GkA3w")
sorcery_controller_external_property_set(:twitter, :secret, "XpbeSdCoaKSmQGSeokz5qcUATClRW5u08QWNfv71N8")
sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
end
after(:all) do
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
end
# ----------------- OAuth -----------------------
describe ApplicationController, "'using external API to login'" do
before(:each) do
stub_all_oauth_requests!
end
after(:each) do
User.delete_all
Authentication.delete_all
end
context "when callback_url begin with /" do
before do
sorcery_controller_external_property_set(:twitter, :callback_url, "/oauth/twitter/callback")
end
it "login_at redirects correctly" do
create_new_user
get :login_at_test
response.should be_a_redirect
response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Ftest.host%2Foauth%2Ftwitter%2Fcallback&oauth_token=")
end
after do
sorcery_controller_external_property_set(:twitter, :callback_url, "http://blabla.com")
end
end
context "when callback_url begin with http://" do
it "login_at redirects correctly" do
create_new_user
get :login_at_test
response.should be_a_redirect
response.should redirect_to("http://myapi.com/oauth/authorize?oauth_callback=http%3A%2F%2Fblabla.com&oauth_token=")
end
end
it "logins if user exists" do
sorcery_model_property_set(:authentications_class, Authentication)
create_new_external_user(:twitter)
get :test_login_from, :oauth_verifier => "blablaRERASDFcxvSDFA"
flash[:notice].should == "Success!"
end
it "'login_from' fails if user doesn't exist" do
sorcery_model_property_set(:authentications_class, Authentication)
create_new_user
get :test_login_from, :oauth_verifier => "blablaRERASDFcxvSDFA"
flash[:alert].should == "Failed!"
end
it "on successful 'login_from' the user should be redirected to the url he originally wanted" do
sorcery_model_property_set(:authentications_class, Authentication)
create_new_external_user(:twitter)
get :test_return_to_with_external, {}, :return_to_url => "fuu"
response.should redirect_to("fuu")
flash[:notice].should == "Success!"
end
end
describe ApplicationController do
it_behaves_like "oauth_controller"
end
describe ApplicationController, "using OAuth with User Activation features" do
before(:all) do
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activation")
sorcery_reload!([:user_activation,:external], :user_activation_mailer => ::SorceryMailer)
end
after(:all) do
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activation")
end
after(:each) do
User.delete_all
Authentication.delete_all
end
it "should not send activation email to external users" do
old_size = ActionMailer::Base.deliveries.size
create_new_external_user(:twitter)
ActionMailer::Base.deliveries.size.should == old_size
end
it "should not send external users an activation success email" do
sorcery_model_property_set(:activation_success_email_method_name, nil)
create_new_external_user(:twitter)
old_size = ActionMailer::Base.deliveries.size
@user.activate!
ActionMailer::Base.deliveries.size.should == old_size
end
end
describe ApplicationController, "OAuth with user activation features" do
before(:all) do
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/activity_logging")
sorcery_reload!([:activity_logging, :external])
end
after(:all) do
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/activity_logging")
end
context "when twitter" do
before(:each) do
User.delete_all
Authentication.delete_all
sorcery_controller_property_set(:register_login_time, true)
stub_all_oauth_requests!
sorcery_model_property_set(:authentications_class, Authentication)
create_new_external_user(:twitter)
end
it "should register login time" do
now = Time.now.in_time_zone
get :test_login_from
User.last.last_login_at.should_not be_nil
User.last.last_login_at.to_s(:db).should >= now.to_s(:db)
User.last.last_login_at.to_s(:db).should <= (now+2).to_s(:db)
end
it "should not register login time if configured so" do
sorcery_controller_property_set(:register_login_time, false)
now = Time.now.in_time_zone
get :test_login_from
User.last.last_login_at.should be_nil
end
end
end
describe ApplicationController, "OAuth with session timeout features" do
before(:all) do
ActiveRecord::Migrator.migrate("#{Rails.root}/db/migrate/external")
sorcery_reload!([:session_timeout, :external])
end
after(:all) do
ActiveRecord::Migrator.rollback("#{Rails.root}/db/migrate/external")
end
context "when twitter" do
before(:each) do
User.delete_all
Authentication.delete_all
sorcery_model_property_set(:authentications_class, Authentication)
sorcery_controller_property_set(:session_timeout,0.5)
stub_all_oauth_requests!
create_new_external_user(:twitter)
end
after(:each) do
Timecop.return
end
it "should not reset session before session timeout" do
get :test_login_from
session[:user_id].should_not be_nil
flash[:notice].should == "Success!"
end
it "should reset session after session timeout" do
get :test_login_from
Timecop.travel(Time.now.in_time_zone+0.6)
get :test_should_be_logged_in
session[:user_id].should be_nil
response.should be_a_redirect
end
end
end
end