2023-02-22 00:55:31 +00:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2016-09-26 21:55:21 +00:00
|
|
|
require 'rails_helper'
|
|
|
|
|
2023-06-14 07:48:48 +00:00
|
|
|
RSpec.describe 'Apps' do
|
|
|
|
describe 'POST /api/v1/apps' do
|
|
|
|
subject do
|
|
|
|
post '/api/v1/apps', params: params
|
|
|
|
end
|
2016-09-26 21:55:21 +00:00
|
|
|
|
2023-06-14 07:48:48 +00:00
|
|
|
let(:client_name) { 'Test app' }
|
2024-05-17 13:46:12 +00:00
|
|
|
let(:scopes) { 'read write' }
|
|
|
|
let(:redirect_uri) { 'urn:ietf:wg:oauth:2.0:oob' }
|
|
|
|
let(:redirect_uris) { [redirect_uri] }
|
2023-06-14 07:48:48 +00:00
|
|
|
let(:website) { nil }
|
2021-04-15 14:28:43 +00:00
|
|
|
|
2023-06-14 07:48:48 +00:00
|
|
|
let(:params) do
|
2021-04-15 14:28:43 +00:00
|
|
|
{
|
|
|
|
client_name: client_name,
|
|
|
|
redirect_uris: redirect_uris,
|
|
|
|
scopes: scopes,
|
|
|
|
website: website,
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with valid params' do
|
2023-10-13 12:42:09 +00:00
|
|
|
it 'creates an OAuth app', :aggregate_failures do
|
2023-06-14 07:48:48 +00:00
|
|
|
subject
|
|
|
|
|
2024-05-17 13:46:12 +00:00
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
|
|
|
|
app = Doorkeeper::Application.find_by(name: client_name)
|
|
|
|
|
|
|
|
expect(app).to be_present
|
|
|
|
expect(app.scopes.to_s).to eq scopes
|
|
|
|
expect(app.redirect_uris).to eq redirect_uris
|
|
|
|
|
|
|
|
expect(body_as_json).to match(
|
|
|
|
a_hash_including(
|
|
|
|
id: app.id.to_s,
|
|
|
|
client_id: app.uid,
|
|
|
|
client_secret: app.secret,
|
|
|
|
name: client_name,
|
|
|
|
website: website,
|
|
|
|
scopes: ['read', 'write'],
|
|
|
|
redirect_uris: redirect_uris,
|
|
|
|
# Deprecated properties as of 4.3:
|
|
|
|
redirect_uri: redirect_uri,
|
|
|
|
vapid_key: Rails.configuration.x.vapid_public_key
|
|
|
|
)
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'without scopes being supplied' do
|
|
|
|
let(:scopes) { nil }
|
|
|
|
|
|
|
|
it 'creates an OAuth App with the default scope' do
|
|
|
|
subject
|
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
expect(response).to have_http_status(200)
|
2023-06-14 07:48:48 +00:00
|
|
|
expect(Doorkeeper::Application.find_by(name: client_name)).to be_present
|
2021-04-15 14:28:43 +00:00
|
|
|
|
2023-06-14 07:48:48 +00:00
|
|
|
body = body_as_json
|
|
|
|
|
2024-05-17 13:46:12 +00:00
|
|
|
expect(body[:scopes]).to eq Doorkeeper.config.default_scopes.to_a
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
# FIXME: This is a bug: https://github.com/mastodon/mastodon/issues/30152
|
|
|
|
context 'with scopes as an array' do
|
|
|
|
let(:scopes) { %w(read write follow) }
|
|
|
|
|
|
|
|
it 'creates an OAuth App with the default scope' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
|
|
|
|
app = Doorkeeper::Application.find_by(name: client_name)
|
|
|
|
|
|
|
|
expect(app).to be_present
|
|
|
|
expect(app.scopes.to_s).to eq 'read'
|
|
|
|
|
|
|
|
body = body_as_json
|
|
|
|
|
|
|
|
expect(body[:scopes]).to eq ['read']
|
2021-04-15 14:28:43 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with an unsupported scope' do
|
|
|
|
let(:scopes) { 'hoge' }
|
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
2023-06-14 07:48:48 +00:00
|
|
|
subject
|
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
2016-09-26 21:55:21 +00:00
|
|
|
end
|
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
context 'with many duplicate scopes' do
|
|
|
|
let(:scopes) { (%w(read) * 40).join(' ') }
|
|
|
|
|
2023-10-13 12:42:09 +00:00
|
|
|
it 'only saves the scope once', :aggregate_failures do
|
2023-06-14 07:48:48 +00:00
|
|
|
subject
|
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
expect(Doorkeeper::Application.find_by(name: client_name).scopes.to_s).to eq 'read'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a too-long name' do
|
|
|
|
let(:client_name) { 'hoge' * 20 }
|
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
2023-06-14 07:48:48 +00:00
|
|
|
subject
|
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a too-long website' do
|
2023-02-22 00:54:36 +00:00
|
|
|
let(:website) { "https://foo.bar/#{'hoge' * 2_000}" }
|
2021-04-15 14:28:43 +00:00
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
2023-06-14 07:48:48 +00:00
|
|
|
subject
|
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
2016-09-26 21:55:21 +00:00
|
|
|
end
|
|
|
|
|
2024-05-17 13:46:12 +00:00
|
|
|
context 'with a too-long redirect_uri' do
|
|
|
|
let(:redirect_uris) { "https://app.example/#{'hoge' * 2_000}" }
|
2016-09-26 21:55:21 +00:00
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
it 'returns http unprocessable entity' do
|
2023-06-14 07:48:48 +00:00
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2024-05-17 13:46:12 +00:00
|
|
|
# NOTE: This spec currently tests the same as the "with a too-long redirect_uri test case"
|
|
|
|
context 'with too many redirect_uris' do
|
|
|
|
let(:redirect_uris) { (0...500).map { |i| "https://app.example/#{i}/callback" } }
|
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with multiple redirect_uris as a string' do
|
|
|
|
let(:redirect_uris) { "https://redirect1.example/\napp://redirect2.example/" }
|
|
|
|
|
|
|
|
it 'creates an OAuth application with multiple redirect URIs' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
|
|
|
|
app = Doorkeeper::Application.find_by(name: client_name)
|
|
|
|
|
|
|
|
expect(app).to be_present
|
|
|
|
expect(app.redirect_uri).to eq redirect_uris
|
|
|
|
expect(app.redirect_uris).to eq redirect_uris.split
|
|
|
|
|
|
|
|
body = body_as_json
|
|
|
|
|
|
|
|
expect(body[:redirect_uri]).to eq redirect_uris
|
|
|
|
expect(body[:redirect_uris]).to eq redirect_uris.split
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with multiple redirect_uris as an array' do
|
|
|
|
let(:redirect_uris) { ['https://redirect1.example/', 'app://redirect2.example/'] }
|
|
|
|
|
|
|
|
it 'creates an OAuth application with multiple redirect URIs' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
|
|
|
|
app = Doorkeeper::Application.find_by(name: client_name)
|
|
|
|
|
|
|
|
expect(app).to be_present
|
|
|
|
expect(app.redirect_uri).to eq redirect_uris.join "\n"
|
|
|
|
expect(app.redirect_uris).to eq redirect_uris
|
|
|
|
|
|
|
|
body = body_as_json
|
|
|
|
|
|
|
|
expect(body[:redirect_uri]).to eq redirect_uris.join "\n"
|
|
|
|
expect(body[:redirect_uris]).to eq redirect_uris
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with an empty redirect_uris array' do
|
|
|
|
let(:redirect_uris) { [] }
|
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with just a newline as the redirect_uris string' do
|
|
|
|
let(:redirect_uris) { "\n" }
|
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with an empty redirect_uris string' do
|
2023-06-14 07:48:48 +00:00
|
|
|
let(:redirect_uris) { '' }
|
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
|
|
|
subject
|
|
|
|
|
2021-04-15 14:28:43 +00:00
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
2016-09-26 21:55:21 +00:00
|
|
|
end
|
2024-05-17 13:46:12 +00:00
|
|
|
|
|
|
|
context 'without a required param' do
|
|
|
|
let(:client_name) { '' }
|
|
|
|
|
|
|
|
it 'returns http unprocessable entity' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(422)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a website' do
|
|
|
|
let(:website) { 'https://app.example/' }
|
|
|
|
|
|
|
|
it 'creates an OAuth application with the website specified' do
|
|
|
|
subject
|
|
|
|
|
|
|
|
expect(response).to have_http_status(200)
|
|
|
|
|
|
|
|
app = Doorkeeper::Application.find_by(name: client_name)
|
|
|
|
|
|
|
|
expect(app).to be_present
|
|
|
|
expect(app.website).to eq website
|
|
|
|
end
|
|
|
|
end
|
2016-09-26 21:55:21 +00:00
|
|
|
end
|
|
|
|
end
|