mirror of
https://github.com/we-promise/sure.git
synced 2026-04-07 14:31:25 +00:00
5706280dd7
* Replace Maybe for Sure in select code areas * Make sure passwords are consistent * Remove (admin|member) from demo data first name * Database and schema names finally to `sure` * Fix broken test * Another (benchmarking) database name to `sure_*` * More rebranding to Sure * Missed this Maybe mention in the same page * Random nitpicks and more Maybes * Demo data accounts and more Maybes * Test data account updates * Impersonation test accounts * Consistency with `compose.example.yml`
76 lines
2.0 KiB
Ruby
76 lines
2.0 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require "test_helper"
|
|
|
|
class OauthMobileTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
@user = users(:empty)
|
|
sign_in(@user)
|
|
|
|
@oauth_app = Doorkeeper::Application.create!(
|
|
name: "Sure Mobile App",
|
|
redirect_uri: "sureapp://oauth/callback",
|
|
scopes: "read"
|
|
)
|
|
end
|
|
|
|
test "mobile oauth authorization with custom scheme redirect" do
|
|
get "/oauth/authorize", params: {
|
|
client_id: @oauth_app.uid,
|
|
redirect_uri: @oauth_app.redirect_uri,
|
|
response_type: "code",
|
|
scope: "read",
|
|
display: "mobile"
|
|
}
|
|
|
|
assert_response :success
|
|
|
|
# Check that Turbo is disabled in the form
|
|
assert_match(/data-turbo="false"/, response.body)
|
|
assert_match(/sureapp:\/\/oauth\/callback/, response.body)
|
|
end
|
|
|
|
test "mobile oauth detects custom scheme in redirect_uri" do
|
|
get "/oauth/authorize", params: {
|
|
client_id: @oauth_app.uid,
|
|
redirect_uri: "sureapp://oauth/callback",
|
|
response_type: "code",
|
|
scope: "read"
|
|
}
|
|
|
|
assert_response :success
|
|
|
|
# Should detect mobile flow from redirect_uri
|
|
assert_match(/data-turbo="false"/, response.body)
|
|
end
|
|
|
|
test "mobile oauth authorization flow completes successfully" do
|
|
post "/oauth/authorize", params: {
|
|
client_id: @oauth_app.uid,
|
|
redirect_uri: @oauth_app.redirect_uri,
|
|
response_type: "code",
|
|
scope: "read",
|
|
display: "mobile"
|
|
}
|
|
|
|
# Should redirect to the custom scheme
|
|
assert_response :redirect
|
|
assert response.location.start_with?("sureapp://oauth/callback")
|
|
end
|
|
|
|
test "mobile oauth preserves display parameter through forms" do
|
|
get "/oauth/authorize", params: {
|
|
client_id: @oauth_app.uid,
|
|
redirect_uri: @oauth_app.redirect_uri,
|
|
response_type: "code",
|
|
scope: "read",
|
|
display: "mobile"
|
|
}
|
|
|
|
assert_response :success
|
|
|
|
# Check that display parameter is preserved in hidden fields
|
|
assert_match(/<input[^>]*name="display"[^>]*value="mobile"/, response.body)
|
|
end
|
|
end
|