DRY up auth spec

Combined 2 similar tests

Fixes PLAT-1210

Test Plan:
`rspec spec/apis/auth_spec.rb --example "API Authentication oauth2 web app flow"`

Change-Id: I549e0398961a7212fb3c42476125146581796c64
Reviewed-on: https://gerrit.instructure.com/61444
Reviewed-by: Brad Humphrey <brad@instructure.com>
Product-Review: August Thornton <august@instructure.com>
QA-Review: August Thornton <august@instructure.com>
Tested-by: Jenkins
This commit is contained in:
Brad Horrocks 2015-08-20 12:24:30 -06:00
parent 008cd38c32
commit d1d0fff027
1 changed files with 5 additions and 20 deletions

View File

@ -448,6 +448,11 @@ describe "API Authentication", type: :request do
get "/login/oauth2/auth", :response_type => 'code', :client_id => developer_key.id, :redirect_uri => "http://www.example.com/my_uri" get "/login/oauth2/auth", :response_type => 'code', :client_id => developer_key.id, :redirect_uri => "http://www.example.com/my_uri"
assert_status(401) assert_status(401)
@user.access_tokens.create!(developer_key: developer_key)
get "/login/oauth2/auth", :response_type => 'code', :client_id => developer_key.id, :redirect_uri => "http://www.example.com/my_uri"
assert_status(401)
end end
end end
end end
@ -499,27 +504,7 @@ describe "API Authentication", type: :request do
json = trusted_exchange(true) json = trusted_exchange(true)
expect(json['access_token']).to be_nil expect(json['access_token']).to be_nil
end end
it "Shouldn't allow an account level dev key to auth with other account's user" do
enable_forgery_protection do
enable_cache do
user_with_pseudonym(:active_user => true, :username => 'test1@example.com', :password => 'test123')
course_with_teacher(:user => @user)
# create the dev key on a different account
account2 = Account.create!
developer_key = DeveloperKey.create!(account: account2, redirect_uri: "http://www.example.com/my_uri")
@user.access_tokens.create!(developer_key: developer_key)
get "/login/oauth2/auth", :response_type => 'code', :client_id => developer_key.id, :redirect_uri => "http://www.example.com/my_uri"
assert_status(401)
end
end
end
end end
end end
end end