0007-oauth-adds-system-test-to-test-the-oauth-provider-ca.patch

Jens Krämer, 2020-07-21 13:05

Download (4.68 KB)

View differences:

Gemfile
93 93
  gem 'rubocop', '~> 0.81.0'
94 94
  gem 'rubocop-performance', '~> 1.5.0'
95 95
  gem 'rubocop-rails', '~> 2.5.0'
96
  # for testing oauth provider capabilities
97
  gem 'oauth2'
98
  gem 'rest-client'
96 99
end
97 100

  
98 101
local_gemfile = File.join(File.dirname(__FILE__), "Gemfile.local")
test/system/oauth_provider_test.rb
1
# frozen_string_literal: true
2

  
3
require File.expand_path('../../application_system_test_case', __FILE__)
4
require 'oauth2'
5

  
6
class OauthProviderSystemTest < ApplicationSystemTestCase
7

  
8
  fixtures :projects, :users, :email_addresses, :roles, :members, :member_roles,
9
           :trackers, :projects_trackers, :enabled_modules, :issue_statuses, :issues,
10
           :enumerations, :custom_fields, :custom_values, :custom_fields_trackers,
11
           :watchers, :journals, :journal_details, :versions,
12
           :workflows
13

  
14

  
15
  test 'application creation and authorization' do
16
    # admin creates the application, granting permissions and generating a uuid
17
    # and secret.
18
    log_user 'admin', 'admin'
19
    with_settings rest_api_enabled: 1 do
20
      visit '/admin'
21
      within 'div#admin-menu ul' do
22
        click_link 'Applications'
23
      end
24
      click_link 'New Application'
25
      fill_in 'Name', with: 'Oauth Test'
26
      fill_in 'Redirect URI', with: 'urn:ietf:wg:oauth:2.0:oob'
27
      find('#doorkeeper_application_scopes_view_issues').set(true)
28
      click_button 'Create'
29
    end
30

  
31
    assert app = Doorkeeper::Application.find_by_name('Oauth Test')
32

  
33
    find 'h2', visible: true, text: /Oauth Test/
34
    find 'p code', visible: true, text: app.uid
35
    find 'p code', visible: true, text: app.secret
36
    find 'p code', visible: true, text: /View Issues/
37
    click_link 'Sign out'
38

  
39
    # regular user authorizes the application to act on his behalf
40

  
41
    client = OAuth2::Client.new(app.uid, app.secret, site: "http://localhost:#{test_port}/")
42

  
43
    log_user 'jsmith', 'jsmith'
44
    with_settings rest_api_enabled: 1 do
45
      visit '/my/account'
46
      click_link 'Your applications'
47
      find 'p.nodata', visible: true
48

  
49
      # an oauth client would send the user to this url for him to grant
50
      # permission:
51
      url = client.auth_code.authorize_url redirect_uri: 'urn:ietf:wg:oauth:2.0:oob', scope: 'view_issues view_project'
52
      uri = URI.parse url
53
      visit uri.path+'?'+uri.query
54

  
55
      find 'h2', visible: true, text: 'Authorization required'
56
      find 'p', visible: true, text: /Authorize Oauth Test/
57
      find '.oauth-permissions', visible: true, text: /View Issues/
58
      find '.oauth-permissions', visible: true, text: /View project/
59

  
60
      click_button 'Authorize'
61
      assert grant = app.access_grants.last
62
      assert_equal 'view_issues view_project', grant.scopes.to_s
63

  
64
      find 'p', visible: true, text: /Authorization code/
65
      find 'p', visible: true, text: grant.token
66

  
67
      # exchange the code for an access token
68
      token = client.auth_code.get_token(grant.token, redirect_uri: 'urn:ietf:wg:oauth:2.0:oob')
69

  
70
      visit '/my/account'
71
      click_link 'Your applications'
72
      find 'td', visible: true, text: /Oauth Test/
73
      click_link 'Sign out'
74

  
75
      # Now, use the token for some API requests
76
      assert_raise(RestClient::Unauthorized) do
77
        RestClient.get "http://localhost:#{test_port}/projects/onlinestore/issues.json"
78
      end
79

  
80
      headers = { 'Authorization' => "Bearer #{token.token}" }
81
      r = RestClient.get "http://localhost:#{test_port}/projects/onlinestore/issues.json", headers
82
      issues = JSON.parse(r.body)['issues']
83
      assert issues.any?
84

  
85
      # time entries access is not part of the granted scopes
86
      assert_raise(RestClient::Forbidden) do
87
        RestClient.get "http://localhost:#{test_port}/projects/onlinestore/time_entries.json", headers
88
      end
89
    end
90
  end
91

  
92
  private
93

  
94
  def test_port
95
    Capybara.current_session.server.port
96
  end
97
end
98

  
0
-