mastodon/spec/requests/oauth/authorizations_spec.rb

# frozen_string_literal: true

require 'rails_helper'

RSpec.describe 'OAuth Authorizations' do
  let(:application) { Fabricate :application, name: 'test', redirect_uri: 'http://localhost/', scopes: 'read' }
  let(:params) { { client_id: application.uid, response_type: 'code', redirect_uri: 'http://localhost/', scope: 'read' } }

  describe 'GET #new' do
    subject { get oauth_authorization_path(params) }

    context 'when signed in' do
      let(:user) { Fabricate(:user) }

      before { sign_in user }

      it 'returns http success and private cache control headers' do
        subject

        expect(response)
          .to have_http_status(:success)
        expect(response.headers['Cache-Control'])
          .to include('private, no-store')
        expect(response.parsed_body.at('body.modal-layout'))
          .to be_present
        expect(controller.stored_location_for(:user))
          .to eq authorize_path_for(application)
      end

      context 'when app is already authorized' do
        before do
          Doorkeeper::AccessToken.find_or_create_for(
            application: application,
            resource_owner: user.id,
            scopes: application.scopes,
            expires_in: Doorkeeper.configuration.access_token_expires_in,
            use_refresh_token: Doorkeeper.configuration.refresh_token_enabled?
          )
        end

        it 'redirects to callback' do
          subject

          expect(response)
            .to redirect_to(/\A#{application.redirect_uri}/)
        end

        context 'with `force_login` param true' do
          subject do
            get oauth_authorization_path(params.merge(force_login: 'true'))
          end

          it 'renders new page with success status' do
            subject

            expect(response)
              .to have_http_status(:success)
            expect(response.parsed_body.title)
              .to match(I18n.t('doorkeeper.authorizations.new.title'))
          end
        end
      end
    end

    context 'when not signed in' do
      it 'redirects' do
        subject

        expect(response)
          .to redirect_to(new_user_session_path)
        expect(controller.stored_location_for(:user))
          .to eq authorize_path_for(application)
      end
    end

    def authorize_path_for(application)
      "/oauth/authorize?client_id=#{application.uid}&redirect_uri=http%3A%2F%2Flocalhost%2F&response_type=code&scope=read"
    end
  end
end