diff options
Diffstat (limited to 'spec/controllers/oauth/token_info_controller_spec.rb')
-rw-r--r-- | spec/controllers/oauth/token_info_controller_spec.rb | 71 |
1 files changed, 71 insertions, 0 deletions
diff --git a/spec/controllers/oauth/token_info_controller_spec.rb b/spec/controllers/oauth/token_info_controller_spec.rb new file mode 100644 index 00000000000..35ad0dcf98c --- /dev/null +++ b/spec/controllers/oauth/token_info_controller_spec.rb @@ -0,0 +1,71 @@ +# frozen_string_literal: true + +require 'spec_helper' + +RSpec.describe Oauth::TokenInfoController do + describe '#show' do + context 'when the user is not authenticated' do + it 'responds with a 401' do + get :show + + expect(response.status).to eq 401 + expect(JSON.parse(response.body)).to include('error' => 'invalid_request') + end + end + + context 'when the request is valid' do + let(:application) { create(:oauth_application, scopes: 'api') } + let(:access_token) do + create(:oauth_access_token, expires_in: 5.minutes, application: application) + end + + it 'responds with the token info' do + get :show, params: { access_token: access_token.token } + + expect(response.status).to eq 200 + expect(JSON.parse(response.body)).to eq( + 'scope' => %w[api], + 'scopes' => %w[api], + 'created_at' => access_token.created_at.to_i, + 'expires_in' => access_token.expires_in, + 'application' => { 'uid' => application.uid }, + 'resource_owner_id' => access_token.resource_owner_id, + 'expires_in_seconds' => access_token.expires_in + ) + end + end + + context 'when the doorkeeper_token is not recognised' do + it 'responds with a 401' do + get :show, params: { access_token: 'unknown_token' } + + expect(response.status).to eq 401 + expect(JSON.parse(response.body)).to include('error' => 'invalid_request') + end + end + + context 'when the token is expired' do + let(:access_token) do + create(:oauth_access_token, created_at: 2.days.ago, expires_in: 10.minutes) + end + + it 'responds with a 401' do + get :show, params: { access_token: access_token.token } + + expect(response.status).to eq 401 + expect(JSON.parse(response.body)).to include('error' => 'invalid_request') + end + end + + context 'when the token is revoked' do + let(:access_token) { create(:oauth_access_token, revoked_at: 2.days.ago) } + + it 'responds with a 401' do + get :show, params: { access_token: access_token.token } + + expect(response.status).to eq 401 + expect(JSON.parse(response.body)).to include('error' => 'invalid_request') + end + end + end +end |