diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 0884964edf..517b11e140 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -395,4 +395,10 @@ def safe_referer(referer) referer.to_s end + + def scope_enabled?(scope) + doorkeeper_token&.includes_scope?(scope) || current_token&.includes_scope?(scope) + end + + helper_method :scope_enabled? end diff --git a/app/controllers/oauth2_applications_controller.rb b/app/controllers/oauth2_applications_controller.rb index 63b77be4bc..97d84b1737 100644 --- a/app/controllers/oauth2_applications_controller.rb +++ b/app/controllers/oauth2_applications_controller.rb @@ -20,8 +20,8 @@ def set_application end def application_params - params[:doorkeeper_application][:scopes]&.delete("") - params.require(:doorkeeper_application) + params[:oauth2_application][:scopes]&.delete("") + params.require(:oauth2_application) .permit(:name, :redirect_uri, :confidential, :scopes => []) .merge(:owner => current_resource_owner) end diff --git a/app/models/oauth2_application.rb b/app/models/oauth2_application.rb new file mode 100644 index 0000000000..1657615202 --- /dev/null +++ b/app/models/oauth2_application.rb @@ -0,0 +1,13 @@ +class Oauth2Application < Doorkeeper::Application + belongs_to :owner, :polymorphic => true + + validate :allowed_scopes + + private + + def allowed_scopes + return if owner.administrator? + + errors.add(:scopes) if scopes.any? { |scope| Oauth::PRIVILEGED_SCOPES.include?(scope) } + end +end diff --git a/app/views/api/users/_user.json.jbuilder b/app/views/api/users/_user.json.jbuilder index 8423353dd3..7659e4e110 100644 --- a/app/views/api/users/_user.json.jbuilder +++ b/app/views/api/users/_user.json.jbuilder @@ -65,5 +65,7 @@ json.user do json.count user.sent_messages.size end end + + json.email user.email if scope_enabled?(:read_email) end end diff --git a/app/views/api/users/_user.xml.builder b/app/views/api/users/_user.xml.builder index 9092f2c96b..7d6b177f2f 100644 --- a/app/views/api/users/_user.xml.builder +++ b/app/views/api/users/_user.xml.builder @@ -40,5 +40,6 @@ xml.tag! "user", :id => user.id, :unread => user.new_messages.size xml.tag! "sent", :count => user.sent_messages.size end + xml.tag! "email", user.email if scope_enabled?(:read_email) end end diff --git a/app/views/oauth2_applications/_form.html.erb b/app/views/oauth2_applications/_form.html.erb index d69536c6b3..7fde3e0e7f 100644 --- a/app/views/oauth2_applications/_form.html.erb +++ b/app/views/oauth2_applications/_form.html.erb @@ -3,5 +3,5 @@ <%= f.form_group :confidential do %> <%= f.check_box :confidential %> <% end %> -<%= f.collection_check_boxes :scopes, Oauth.scopes, :name, :description %> +<%= f.collection_check_boxes :scopes, Oauth.scopes(:privileged => current_user.administrator?), :name, :description %> <%= f.primary %> diff --git a/config/initializers/doorkeeper.rb b/config/initializers/doorkeeper.rb index 549138b337..a96e6fd6c6 100644 --- a/config/initializers/doorkeeper.rb +++ b/config/initializers/doorkeeper.rb @@ -48,6 +48,8 @@ # end # end + application_class "Oauth2Application" + # Enables polymorphic Resource Owner association for Access Tokens and Access Grants. # By default this option is disabled. # @@ -221,7 +223,7 @@ # https://doorkeeper.gitbook.io/guides/ruby-on-rails/scopes # default_scopes :public - optional_scopes(*Oauth::SCOPES) + optional_scopes(*Oauth::SCOPES, *Oauth::PRIVILEGED_SCOPES) # Allows to restrict only certain scopes for grant_type. # By default, all the scopes will be available for all the grant types. @@ -417,10 +419,10 @@ # Under some circumstances you might want to have applications auto-approved, # so that the user skips the authorization step. # For example if dealing with a trusted application. - # - # skip_authorization do |resource_owner, client| - # client.superapp? or resource_owner.admin? - # end + + skip_authorization do |_, client| + client.scopes.include?("skip_authorization") + end # Configure custom constraints for the Token Introspection request. # By default this configuration option allows to introspect a token by another diff --git a/config/locales/en.yml b/config/locales/en.yml index c8392231e2..7a2aba1aa0 100644 --- a/config/locales/en.yml +++ b/config/locales/en.yml @@ -2367,6 +2367,8 @@ en: read_gpx: Read private GPS traces write_gpx: Upload GPS traces write_notes: Modify notes + read_email: Read user email address + skip_authorization: Auto approve application oauth_clients: new: title: "Register a new application" diff --git a/lib/oauth.rb b/lib/oauth.rb index 8f45a3b4b3..7ff2ba8b43 100644 --- a/lib/oauth.rb +++ b/lib/oauth.rb @@ -1,5 +1,6 @@ module Oauth SCOPES = %w[read_prefs write_prefs write_diary write_api read_gpx write_gpx write_notes].freeze + PRIVILEGED_SCOPES = %w[read_email skip_authorization].freeze class Scope attr_reader :name @@ -13,7 +14,9 @@ def description end end - def self.scopes - SCOPES.collect { |s| Scope.new(s) } + def self.scopes(privileged: false) + scopes = SCOPES + scopes += PRIVILEGED_SCOPES if privileged + scopes.collect { |s| Scope.new(s) } end end diff --git a/test/controllers/api/users_controller_test.rb b/test/controllers/api/users_controller_test.rb index d0d1e0dcf1..cb2c752050 100644 --- a/test/controllers/api/users_controller_test.rb +++ b/test/controllers/api/users_controller_test.rb @@ -48,7 +48,7 @@ def test_show assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, false) + check_xml_details(user, false, false) # check that a suspended user is not returned get api_user_path(:id => create(:user, :suspended).id) @@ -72,7 +72,7 @@ def test_show assert_not_nil js # check the data that is returned - check_json_details(js, user, false) + check_json_details(js, user, false, false) end def test_show_oauth1 @@ -94,7 +94,7 @@ def test_show_oauth1 assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, true) + check_xml_details(user, true, false) # check that we can fetch a different user's details as XML with read_prefs signed_get api_user_path(:id => other_user.id), :oauth => { :token => good_token } @@ -102,7 +102,7 @@ def test_show_oauth1 assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(other_user, false) + check_xml_details(other_user, false, false) # check that we can fetch our own details as XML without read_prefs signed_get api_user_path(:id => user.id), :oauth => { :token => bad_token } @@ -110,7 +110,7 @@ def test_show_oauth1 assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, false) + check_xml_details(user, false, false) # check that we can fetch our own details as JSON with read_prefs signed_get api_user_path(:id => user.id, :format => "json"), :oauth => { :token => good_token } @@ -122,7 +122,7 @@ def test_show_oauth1 assert_not_nil js # check the data that is returned - check_json_details(js, user, true) + check_json_details(js, user, true, false) # check that we can fetch a different user's details as JSON with read_prefs signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => good_token } @@ -134,7 +134,7 @@ def test_show_oauth1 assert_not_nil js # check the data that is returned - check_json_details(js, other_user, false) + check_json_details(js, other_user, false, false) # check that we can fetch our own details as JSON without read_prefs signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => bad_token } @@ -146,7 +146,7 @@ def test_show_oauth1 assert_not_nil js # check the data that is returned - check_json_details(js, other_user, false) + check_json_details(js, other_user, false, false) end def test_show_oauth2 @@ -169,7 +169,7 @@ def test_show_oauth2 assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, true) + check_xml_details(user, true, false) # check that we can fetch a different user's details as XML with read_prefs get api_user_path(:id => other_user.id), :headers => bearer_authorization_header(good_token.token) @@ -177,7 +177,7 @@ def test_show_oauth2 assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(other_user, false) + check_xml_details(other_user, false, false) # check that we can fetch our own details as XML without read_prefs get api_user_path(:id => user.id), :headers => bearer_authorization_header(bad_token.token) @@ -185,7 +185,7 @@ def test_show_oauth2 assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, false) + check_xml_details(user, false, false) # check that we can fetch our own details as JSON with read_prefs get api_user_path(:id => user.id, :format => "json"), :headers => bearer_authorization_header(good_token.token) @@ -197,7 +197,7 @@ def test_show_oauth2 assert_not_nil js # check the data that is returned - check_json_details(js, user, true) + check_json_details(js, user, true, false) # check that we can fetch a different user's details as JSON with read_prefs get api_user_path(:id => other_user.id, :format => "json"), :headers => bearer_authorization_header(good_token.token) @@ -209,7 +209,7 @@ def test_show_oauth2 assert_not_nil js # check the data that is returned - check_json_details(js, other_user, false) + check_json_details(js, other_user, false, false) # check that we can fetch our own details as JSON without read_prefs get api_user_path(:id => user.id, :format => "json"), :headers => bearer_authorization_header(bad_token.token) @@ -221,7 +221,7 @@ def test_show_oauth2 assert_not_nil js # check the data that is returned - check_json_details(js, user, false) + check_json_details(js, user, false, false) end def test_details @@ -244,7 +244,7 @@ def test_details assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, true) + check_xml_details(user, true, false) # check that data is returned properly in json auth_header = basic_authorization_header user.email, "test" @@ -257,7 +257,7 @@ def test_details assert_not_nil js # check the data that is returned - check_json_details(js, user, true) + check_json_details(js, user, true, false) end def test_details_oauth1 @@ -280,7 +280,7 @@ def test_details_oauth1 assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, true) + check_xml_details(user, true, false) # check that we can't fetch details as JSON without read_prefs signed_get user_details_path(:format => "json"), :oauth => { :token => bad_token } @@ -296,7 +296,7 @@ def test_details_oauth1 assert_not_nil js # check the data that is returned - check_json_details(js, user, true) + check_json_details(js, user, true, false) end def test_details_oauth2 @@ -308,24 +308,35 @@ def test_details_oauth2 :scopes => %w[read_prefs]) bad_token = create(:oauth_access_token, :resource_owner_id => user.id) + email_token = create(:oauth_access_token, + :resource_owner_id => user.id, + :scopes => %w[read_prefs read_email]) # check that we can't fetch details as XML without read_prefs get user_details_path, :headers => bearer_authorization_header(bad_token.token) assert_response :forbidden - # check that we can fetch details as XML + # check that we can fetch details as XML without read_email get user_details_path, :headers => bearer_authorization_header(good_token.token) assert_response :success assert_equal "application/xml", response.media_type # check the data that is returned - check_xml_details(user, true) + check_xml_details(user, true, false) + + # check that we can fetch details as XML with read_email + get user_details_path, :headers => bearer_authorization_header(email_token.token) + assert_response :success + assert_equal "application/xml", response.media_type + + # check the data that is returned + check_xml_details(user, true, true) # check that we can't fetch details as JSON without read_prefs get user_details_path(:format => "json"), :headers => bearer_authorization_header(bad_token.token) assert_response :forbidden - # check that we can fetch details as JSON + # check that we can fetch details as JSON without read_email get user_details_path(:format => "json"), :headers => bearer_authorization_header(good_token.token) assert_response :success assert_equal "application/json", response.media_type @@ -335,7 +346,19 @@ def test_details_oauth2 assert_not_nil js # check the data that is returned - check_json_details(js, user, true) + check_json_details(js, user, true, false) + + # check that we can fetch details as JSON with read_email + get user_details_path(:format => "json"), :headers => bearer_authorization_header(email_token.token) + assert_response :success + assert_equal "application/json", response.media_type + + # parse the response + js = ActiveSupport::JSON.decode(@response.body) + assert_not_nil js + + # check the data that is returned + check_json_details(js, user, true, true) end def test_index @@ -347,7 +370,7 @@ def test_index assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 1 do - check_xml_details(user1, false) + check_xml_details(user1, false, false) assert_select "user[id='#{user2.id}']", :count => 0 assert_select "user[id='#{user3.id}']", :count => 0 end @@ -357,7 +380,7 @@ def test_index assert_equal "application/xml", response.media_type assert_select "user", :count => 1 do assert_select "user[id='#{user1.id}']", :count => 0 - check_xml_details(user2, false) + check_xml_details(user2, false, false) assert_select "user[id='#{user3.id}']", :count => 0 end @@ -365,9 +388,9 @@ def test_index assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 2 do - check_xml_details(user1, false) + check_xml_details(user1, false, false) assert_select "user[id='#{user2.id}']", :count => 0 - check_xml_details(user3, false) + check_xml_details(user3, false, false) end get api_users_path, :params => { :users => user1.id, :format => "json" } @@ -376,7 +399,7 @@ def test_index js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 1, js["users"].count - check_json_details(js["users"][0], user1, false) + check_json_details(js["users"][0], user1, false, false) get api_users_path, :params => { :users => user2.id, :format => "json" } assert_response :success @@ -384,7 +407,7 @@ def test_index js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 1, js["users"].count - check_json_details(js["users"][0], user2, false) + check_json_details(js["users"][0], user2, false, false) get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" } assert_response :success @@ -392,8 +415,8 @@ def test_index js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 2, js["users"].count - check_json_details(js["users"][0], user1, false) - check_json_details(js["users"][1], user3, false) + check_json_details(js["users"][0], user1, false, false) + check_json_details(js["users"][1], user3, false, false) get api_users_path, :params => { :users => create(:user, :suspended).id } assert_response :not_found @@ -416,7 +439,7 @@ def test_index_oauth1 assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 1 do - check_xml_details(user1, true) + check_xml_details(user1, true, false) assert_select "user[id='#{user2.id}']", :count => 0 assert_select "user[id='#{user3.id}']", :count => 0 end @@ -426,7 +449,7 @@ def test_index_oauth1 assert_equal "application/xml", response.media_type assert_select "user", :count => 1 do assert_select "user[id='#{user1.id}']", :count => 0 - check_xml_details(user2, false) + check_xml_details(user2, false, false) assert_select "user[id='#{user3.id}']", :count => 0 end @@ -434,18 +457,18 @@ def test_index_oauth1 assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 2 do - check_xml_details(user1, true) + check_xml_details(user1, true, false) assert_select "user[id='#{user2.id}']", :count => 0 - check_xml_details(user3, false) + check_xml_details(user3, false, false) end signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :oauth => { :token => bad_token } assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 2 do - check_xml_details(user1, false) + check_xml_details(user1, false, false) assert_select "user[id='#{user2.id}']", :count => 0 - check_xml_details(user3, false) + check_xml_details(user3, false, false) end signed_get api_users_path, :params => { :users => user1.id, :format => "json" }, :oauth => { :token => good_token } @@ -454,7 +477,7 @@ def test_index_oauth1 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 1, js["users"].count - check_json_details(js["users"][0], user1, true) + check_json_details(js["users"][0], user1, true, false) signed_get api_users_path, :params => { :users => user2.id, :format => "json" }, :oauth => { :token => good_token } assert_response :success @@ -462,7 +485,7 @@ def test_index_oauth1 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 1, js["users"].count - check_json_details(js["users"][0], user2, false) + check_json_details(js["users"][0], user2, false, false) signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => good_token } assert_response :success @@ -470,8 +493,8 @@ def test_index_oauth1 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 2, js["users"].count - check_json_details(js["users"][0], user1, true) - check_json_details(js["users"][1], user3, false) + check_json_details(js["users"][0], user1, true, false) + check_json_details(js["users"][1], user3, false, false) signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => bad_token } assert_response :success @@ -479,8 +502,8 @@ def test_index_oauth1 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 2, js["users"].count - check_json_details(js["users"][0], user1, false) - check_json_details(js["users"][1], user3, false) + check_json_details(js["users"][0], user1, false, false) + check_json_details(js["users"][1], user3, false, false) signed_get api_users_path, :params => { :users => create(:user, :suspended).id }, :oauth => { :token => good_token } assert_response :not_found @@ -503,7 +526,7 @@ def test_index_oauth2 assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 1 do - check_xml_details(user1, true) + check_xml_details(user1, true, false) assert_select "user[id='#{user2.id}']", :count => 0 assert_select "user[id='#{user3.id}']", :count => 0 end @@ -513,7 +536,7 @@ def test_index_oauth2 assert_equal "application/xml", response.media_type assert_select "user", :count => 1 do assert_select "user[id='#{user1.id}']", :count => 0 - check_xml_details(user2, false) + check_xml_details(user2, false, false) assert_select "user[id='#{user3.id}']", :count => 0 end @@ -521,18 +544,18 @@ def test_index_oauth2 assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 2 do - check_xml_details(user1, true) + check_xml_details(user1, true, false) assert_select "user[id='#{user2.id}']", :count => 0 - check_xml_details(user3, false) + check_xml_details(user3, false, false) end get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :headers => bearer_authorization_header(bad_token.token) assert_response :success assert_equal "application/xml", response.media_type assert_select "user", :count => 2 do - check_xml_details(user1, false) + check_xml_details(user1, false, false) assert_select "user[id='#{user2.id}']", :count => 0 - check_xml_details(user3, false) + check_xml_details(user3, false, false) end get api_users_path, :params => { :users => user1.id, :format => "json" }, :headers => bearer_authorization_header(good_token.token) @@ -541,7 +564,7 @@ def test_index_oauth2 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 1, js["users"].count - check_json_details(js["users"][0], user1, true) + check_json_details(js["users"][0], user1, true, false) get api_users_path, :params => { :users => user2.id, :format => "json" }, :headers => bearer_authorization_header(good_token.token) assert_response :success @@ -549,7 +572,7 @@ def test_index_oauth2 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 1, js["users"].count - check_json_details(js["users"][0], user2, false) + check_json_details(js["users"][0], user2, false, false) get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :headers => bearer_authorization_header(good_token.token) assert_response :success @@ -557,8 +580,8 @@ def test_index_oauth2 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 2, js["users"].count - check_json_details(js["users"][0], user1, true) - check_json_details(js["users"][1], user3, false) + check_json_details(js["users"][0], user1, true, false) + check_json_details(js["users"][1], user3, false, false) get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :headers => bearer_authorization_header(bad_token.token) assert_response :success @@ -566,8 +589,8 @@ def test_index_oauth2 js = ActiveSupport::JSON.decode(@response.body) assert_not_nil js assert_equal 2, js["users"].count - check_json_details(js["users"][0], user1, false) - check_json_details(js["users"][1], user3, false) + check_json_details(js["users"][0], user1, false, false) + check_json_details(js["users"][1], user3, false, false) get api_users_path, :params => { :users => create(:user, :suspended).id }, :headers => bearer_authorization_header(good_token.token) assert_response :not_found @@ -608,7 +631,7 @@ def test_gpx_files private - def check_xml_details(user, include_private) + def check_xml_details(user, include_private, include_email) assert_select "user[id='#{user.id}']", :count => 1 do assert_select "description", :count => 1, :text => user.description @@ -678,10 +701,16 @@ def check_xml_details(user, include_private) assert_select "languages", :count => 0 assert_select "messages", :count => 0 end + + if include_email + assert_select "email", :count => 1, :text => user.email + else + assert_select "email", :count => 0 + end end end - def check_json_details(js, user, include_private) + def check_json_details(js, user, include_private, include_email) assert_equal user.id, js["user"]["id"] assert_equal user.description, js["user"]["description"] assert js["user"]["contributor_terms"]["agreed"] @@ -721,6 +750,12 @@ def check_json_details(js, user, include_private) else assert_nil js["user"]["messages"] end + + if include_email + assert_equal user.email, js["user"]["email"] + else + assert_nil js["user"]["email"] + end end end end diff --git a/test/controllers/oauth2_applications_controller_test.rb b/test/controllers/oauth2_applications_controller_test.rb index eec5e02ec9..149b6ee35e 100644 --- a/test/controllers/oauth2_applications_controller_test.rb +++ b/test/controllers/oauth2_applications_controller_test.rb @@ -67,11 +67,11 @@ def test_new assert_response :success assert_template "oauth2_applications/new" assert_select "form", 1 do - assert_select "input#doorkeeper_application_name", 1 - assert_select "textarea#doorkeeper_application_redirect_uri", 1 - assert_select "input#doorkeeper_application_confidential", 1 + assert_select "input#oauth2_application_name", 1 + assert_select "textarea#oauth2_application_redirect_uri", 1 + assert_select "input#oauth2_application_confidential", 1 Oauth.scopes.each do |scope| - assert_select "input#doorkeeper_application_scopes_#{scope.name}", 1 + assert_select "input#oauth2_application_scopes_#{scope.name}", 1 end end end @@ -87,7 +87,7 @@ def test_create session_for(user) assert_difference "Doorkeeper::Application.count", 0 do - post oauth_applications_path(:doorkeeper_application => { + post oauth_applications_path(:oauth2_application => { :name => "Test Application" }) end @@ -95,7 +95,7 @@ def test_create assert_template "oauth2_applications/new" assert_difference "Doorkeeper::Application.count", 0 do - post oauth_applications_path(:doorkeeper_application => { + post oauth_applications_path(:oauth2_application => { :name => "Test Application", :redirect_uri => "https://test.example.com/", :scopes => ["bad_scope"] @@ -105,7 +105,7 @@ def test_create assert_template "oauth2_applications/new" assert_difference "Doorkeeper::Application.count", 1 do - post oauth_applications_path(:doorkeeper_application => { + post oauth_applications_path(:oauth2_application => { :name => "Test Application", :redirect_uri => "https://test.example.com/", :scopes => ["read_prefs"] @@ -115,6 +115,32 @@ def test_create assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id) end + def test_create_privileged + session_for(create(:user)) + + assert_difference "Doorkeeper::Application.count", 0 do + post oauth_applications_path(:oauth2_application => { + :name => "Test Application", + :redirect_uri => "https://test.example.com/", + :scopes => ["read_email"] + }) + end + assert_response :success + assert_template "oauth2_applications/new" + + session_for(create(:administrator_user)) + + assert_difference "Doorkeeper::Application.count", 1 do + post oauth_applications_path(:oauth2_application => { + :name => "Test Application", + :redirect_uri => "https://test.example.com/", + :scopes => ["read_email"] + }) + end + assert_response :redirect + assert_redirected_to oauth_application_path(:id => Doorkeeper::Application.find_by(:name => "Test Application").id) + end + def test_show user = create(:user) client = create(:oauth_application, :owner => user) @@ -154,11 +180,11 @@ def test_edit assert_response :success assert_template "oauth2_applications/edit" assert_select "form", 1 do - assert_select "input#doorkeeper_application_name", 1 - assert_select "textarea#doorkeeper_application_redirect_uri", 1 - assert_select "input#doorkeeper_application_confidential", 1 + assert_select "input#oauth2_application_name", 1 + assert_select "textarea#oauth2_application_redirect_uri", 1 + assert_select "input#oauth2_application_confidential", 1 Oauth.scopes.each do |scope| - assert_select "input#doorkeeper_application_scopes_#{scope.name}", 1 + assert_select "input#oauth2_application_scopes_#{scope.name}", 1 end end end @@ -178,7 +204,7 @@ def test_update assert_template "oauth2_applications/not_found" put oauth_application_path(:id => client, - :doorkeeper_application => { + :oauth2_application => { :name => "New Name", :redirect_uri => nil }) @@ -186,7 +212,7 @@ def test_update assert_template "oauth2_applications/edit" put oauth_application_path(:id => client, - :doorkeeper_application => { + :oauth2_application => { :name => "New Name", :redirect_uri => "https://new.example.com/url" }) diff --git a/test/factories/oauth_applications.rb b/test/factories/oauth_applications.rb index a9b3b875da..1e62d2c973 100644 --- a/test/factories/oauth_applications.rb +++ b/test/factories/oauth_applications.rb @@ -1,5 +1,5 @@ FactoryBot.define do - factory :oauth_application, :class => "Doorkeeper::Application" do + factory :oauth_application, :class => "Oauth2Application" do sequence(:name) { |n| "OAuth application #{n}" } sequence(:redirect_uri) { |n| "https://example.com/app/#{n}" }