summaryrefslogtreecommitdiff
path: root/spec/migrations/migrate_forbidden_redirect_uris_spec.rb
blob: 0bc13a3974a2b0fd85e597a34ee20de0b1577c7e (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

# frozen_string_literal: true

require 'spec_helper'
require Rails.root.join('db', 'post_migrate', '20181026091631_migrate_forbidden_redirect_uris.rb')

describe MigrateForbiddenRedirectUris, :migration do
  let(:oauth_application) { table(:oauth_applications) }
  let(:oauth_access_grant) { table(:oauth_access_grants) }

  let!(:control_app) { oauth_application.create(random_params) }
  let!(:control_access_grant) { oauth_application.create(random_params) }
  let!(:forbidden_js_app) { oauth_application.create(random_params.merge(redirect_uri: 'javascript://alert()')) }
  let!(:forbidden_vb_app) { oauth_application.create(random_params.merge(redirect_uri: 'VBSCRIPT://alert()')) }
  let!(:forbidden_access_grant) { oauth_application.create(random_params.merge(redirect_uri: 'vbscript://alert()')) }

  context 'oauth application' do
    it 'migrates forbidden javascript URI' do
      expect { migrate! }.to change { forbidden_js_app.reload.redirect_uri }.to('http://forbidden-scheme-has-been-overwritten')
    end

    it 'migrates forbidden VBScript URI' do
      expect { migrate! }.to change { forbidden_vb_app.reload.redirect_uri }.to('http://forbidden-scheme-has-been-overwritten')
    end

    it 'does not migrate a valid URI' do
      expect { migrate! }.not_to change { control_app.reload.redirect_uri }
    end
  end

  context 'access grant' do
    it 'migrates forbidden VBScript URI' do
      expect { migrate! }.to change { forbidden_access_grant.reload.redirect_uri }.to('http://forbidden-scheme-has-been-overwritten')
    end

    it 'does not migrate a valid URI' do
      expect { migrate! }.not_to change { control_access_grant.reload.redirect_uri }
    end
  end

  def random_params
    {
      name: 'test',
      secret: 'test',
      uid: Doorkeeper::OAuth::Helpers::UniqueToken.generate,
      redirect_uri: 'http://valid.com'
    }
  end
end
View Lorry Controller Status