Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Handle Twitter user denying OAuth access

  • Loading branch information...
commit 6c6a6c202401a4ca7ae5a70905e96bcb457556e5 1 parent 8ded5df
@jasonm jasonm authored
View
2  TODO
@@ -1,4 +1,4 @@
-* Deny access scenario
* Right now, send_confirmation_email sends even for twitter users; it's okay since they don't have an email, but we still shouldn't send one.
* Make it easy to not use WebMock
* Clean up TODOs
+* Scenario: Signed in user connects their Twitter account
View
3  app/controllers/clearance_twitter/twitter_users_controller.rb
@@ -27,7 +27,6 @@ def oauth_callback
session[:request_token_secret] = nil
@user = User.identify_or_create_from_access_token(@access_token)
-
sign_in(@user)
# TODO: What to do here?
@@ -42,6 +41,8 @@ def oauth_callback
else
deny_access('There was a problem trying to authenticate you. Please try again.') and return
end
+ rescue OAuth::Unauthorized => e
+ deny_access('There was a problem trying to authenticate you. Please try again.') and return
end
private
View
8 generators/clearance_twitter_features/templates/features/step_definitions/clearance_twitter_steps.rb
@@ -34,13 +34,17 @@
end
When 'I grant access to the Twitter application for Twitter user "$twitter_username" with ID $twitter_id' do |twitter_username, twitter_id|
+ FakeTwitter.stub_twitter_successful_access_token
FakeTwitter.stub_verify_credentials_for(:twitter_username => twitter_username, :twitter_id => twitter_id)
+
visit oauth_callback_twitter_users_url(:oauth_token => 'this_need_not_be_real', :oauth_verifier => 'verifier')
end
When 'I deny access to the Twitter application' do
+ FakeTwitter.stub_twitter_denied_access_token
+ visit oauth_callback_twitter_users_url(:denied => 'denied_token')
end
-Given /^Twitter OAuth is faked$/ do
- FakeTwitter.stub_oauth
+Given /^the Twitter OAuth request is successful$/ do
+ FakeTwitter.stub_twitter_request_token
end
View
2  generators/clearance_twitter_features/templates/features/twitter_sign_in.feature
@@ -5,7 +5,7 @@ Feature: Sign in with Twitter OAuth
Scenario: User signs in with Twitter
Given there are no users
- And Twitter OAuth is faked
+ And the Twitter OAuth request is successful
And the following user exists:
| twitter_username | twitter_id |
| jerkcity | 999 |
View
26 generators/clearance_twitter_features/templates/features/twitter_sign_up.feature
@@ -5,7 +5,7 @@ Feature: Sign up with Twitter OAuth
Scenario: User successfully signs up with Twitter OAuth
Given there are no users
- And Twitter OAuth is faked
+ And the Twitter OAuth request is successful
And I go to the sign up page
And I click the Sign in with Twitter button
Then I should be directed to sign in with Twitter
@@ -14,19 +14,13 @@ Feature: Sign up with Twitter OAuth
And there should be 1 user in the system
And I should be signed in as Twitter user "jerkcity" with ID 999
- # Deny access
- # http://beerfire.heroku.com/oauth_callback?denied=gDvIISsUyVIKEsMZSmMCWPUOy3VwMU5xcRfc52GzMqk
-
- # Allow access
- # http://beerfire.heroku.com/oauth_callback?oauth_token=HGvvHmjk94vmNM5sz8ny2wYIYQCpOewvxAmXaCs9Y8U&oauth_verifier=R8vGQeATOFW5BZXH65FCzMdj1uvpadFy4ENEuZvS1fs
-
-# Given /^I am signed in as "@(.*)"$/ do |twitter_username|
-# @twitter_username = twitter_username
-# stub_post('https://twitter.com/oauth/request_token', 'access_token')
-# stub_post('https://twitter.com/oauth/access_token', 'access_token')
-# stub_get('https://twitter.com/account/verify_credentials.json', 'verify_credentials.json')
-# visit path_to('the login page')
-# visit path_to('the oauth callback page')
-# end
-
Scenario: User goes to sign up with Twitter but denies access
+ Given there are no users
+ And the Twitter OAuth request is successful
+ And I go to the sign up page
+ And I click the Sign in with Twitter button
+ Then I should be directed to sign in with Twitter
+ When I deny access to the Twitter application
+ Then I should see "There was a problem trying to authenticate you. Please try again."
+ And there should be 0 users in the system
+ And I should be signed out
View
50 lib/clearance_twitter/fake_twitter.rb
@@ -43,52 +43,26 @@ def stub_verify_credentials_for(options)
})
end
- # From: http://bkocik.net/2009/05/07/testing-twitter-oauth-with-cucumber-webrat-and-fakeweb/
- # module FakewebHelpers
- # # Make sure nothing gets out (IMPORTANT)
- # FakeWeb.allow_net_connect = false
- #
- # # Turns a fixture file name into a full path
- # def fixture_file(filename)
- # return '' if filename == ''
- # File.expand_path(RAILS_ROOT + '/test/fixtures/' + filename)
- # end
- #
- # # Convenience methods for stubbing URLs to fixtures
- # def stub_get(url, filename)
- # FakeWeb.register_uri(:get, url, :response => fixture_file(filename))
- # end
- #
- # def stub_post(url, filename)
- # FakeWeb.register_uri(:post, url, :response => fixture_file(filename))
- # end
- #
- # def stub_any(url, filename)
- # FakeWeb.register_uri(:any, url, :response => fixture_file(filename))
- # end
- # end
-
- def stub_oauth
- # From: http://bkocik.net/2009/05/07/testing-twitter-oauth-with-cucumber-webrat-and-fakeweb/
- stub_request(:any, "#{ClearanceTwitter.base_url}/oauth/access_token", {
+ def stub_twitter_request_token
+ stub_request(:any, "#{ClearanceTwitter.base_url}/oauth/request_token", {
:status => 200,
:body => "oauth_token=this_need_not_be_real&oauth_token_secret=same_for_this"
})
- stub_request(:any, "#{ClearanceTwitter.base_url}/oauth/request_token", {
+ end
+
+ def stub_twitter_successful_access_token
+ stub_request(:any, "#{ClearanceTwitter.base_url}/oauth/access_token", {
:status => 200,
:body => "oauth_token=this_need_not_be_real&oauth_token_secret=same_for_this"
})
-
- # stub_get('http://twitter.com/account/verify_credentials.json', 'verify_credentials.json')
end
-
- # def oauth_paths_to_stub
- # [ClearanceTwitter.config['authorize_path'],
- # '/oauth/request_token',
- # '/oauth/authorize',
- # '/oauth/access_token']
- # end
+ def stub_twitter_denied_access_token
+ stub_request(:any, "#{ClearanceTwitter.base_url}/oauth/access_token", {
+ :status => 401,
+ :body => ''
+ })
+ end
end
end
Please sign in to comment.
Something went wrong with that request. Please try again.