File: userinfo_controller_spec.rb

package info (click to toggle)
ruby-doorkeeper-openid-connect 1.7.4-2
  • links: PTS, VCS
  • area: main
  • in suites: bullseye
  • size: 648 kB
  • sloc: ruby: 2,915; makefile: 7; sh: 4
file content (65 lines) | stat: -rw-r--r-- 2,295 bytes parent folder | download | duplicates (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
# frozen_string_literal: true

require 'rails_helper'

describe Doorkeeper::OpenidConnect::UserinfoController, type: :controller do
  let(:client) { create :application }
  let(:user)   { create :user, name: 'Joe' }
  let(:token)  { create :access_token, application: client, resource_owner_id: user.id }

  describe '#show' do
    context 'with a valid access token authorized for the openid scope' do
      let(:token) { create :access_token, application: client, resource_owner_id: user.id, scopes: 'openid' }

      it 'returns the basic user information as JSON' do
        get :show, params: { access_token: token.token }

        expect(response.status).to eq 200
        expect(JSON.parse(response.body)).to eq({
          'sub'                => user.id.to_s,
          'variable_name'      => 'openid-name',
          'created_at'         => user.created_at.to_i,
          'token_id'           => token.id,
          'both_responses'     => 'both',
          'user_info_response' => 'user_info',
        })
      end
    end

    context 'with a valid access token authorized for the openid and profile scopes' do
      let(:token) { create :access_token, application: client, resource_owner_id: user.id, scopes: 'openid profile' }

      it 'returns the full user information as JSON' do
        get :show, params: { access_token: token.token }

        expect(response.status).to eq 200
        expect(JSON.parse(response.body)).to eq({
          'sub'                => user.id.to_s,
          'name'               => 'Joe',
          'variable_name'      => 'profile-name',
          'created_at'         => user.created_at.to_i,
          'updated_at'         => user.updated_at.to_i,
          'token_id'           => token.id,
          'both_responses'     => 'both',
          'user_info_response' => 'user_info',
        })
      end
    end

    context 'with a valid access token not authorized for the openid scope' do
      it 'returns an error' do
        get :show, params: { access_token: token.token }

        expect(response.status).to eq 403
      end
    end

    context 'without a valid access token' do
      it 'returns an error' do
        get :show, params: { access_token: 'foobar' }

        expect(response.status).to eq 401
      end
    end
  end
end