DRY up auth spec
Combined 2 similar tests Fixes PLAT-1210 Test Plan: `rspec spec/apis/auth_spec.rb --example "API Authentication oauth2 web app flow"` Change-Id: I549e0398961a7212fb3c42476125146581796c64 Reviewed-on: https://gerrit.instructure.com/61444 Reviewed-by: Brad Humphrey <brad@instructure.com> Product-Review: August Thornton <august@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins
This commit is contained in:
parent
008cd38c32
commit
d1d0fff027
|
@ -448,6 +448,11 @@ describe "API Authentication", type: :request do
|
|||
|
||||
get "/login/oauth2/auth", :response_type => 'code', :client_id => developer_key.id, :redirect_uri => "http://www.example.com/my_uri"
|
||||
assert_status(401)
|
||||
|
||||
@user.access_tokens.create!(developer_key: developer_key)
|
||||
|
||||
get "/login/oauth2/auth", :response_type => 'code', :client_id => developer_key.id, :redirect_uri => "http://www.example.com/my_uri"
|
||||
assert_status(401)
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -499,29 +504,9 @@ describe "API Authentication", type: :request do
|
|||
json = trusted_exchange(true)
|
||||
expect(json['access_token']).to be_nil
|
||||
end
|
||||
|
||||
it "Shouldn't allow an account level dev key to auth with other account's user" do
|
||||
enable_forgery_protection do
|
||||
enable_cache do
|
||||
|
||||
user_with_pseudonym(:active_user => true, :username => 'test1@example.com', :password => 'test123')
|
||||
course_with_teacher(:user => @user)
|
||||
|
||||
# create the dev key on a different account
|
||||
account2 = Account.create!
|
||||
developer_key = DeveloperKey.create!(account: account2, redirect_uri: "http://www.example.com/my_uri")
|
||||
|
||||
@user.access_tokens.create!(developer_key: developer_key)
|
||||
|
||||
get "/login/oauth2/auth", :response_type => 'code', :client_id => developer_key.id, :redirect_uri => "http://www.example.com/my_uri"
|
||||
assert_status(401)
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
end
|
||||
|
||||
describe "access token" do
|
||||
before :once do
|
||||
|
|
Loading…
Reference in New Issue