1
0

disabled_oauth_endpoints_spec.rb 2.2 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe 'Disabled OAuth routes' do
  4. # These routes are disabled via the doorkeeper configuration for
  5. # `admin_authenticator`, as these routes should only be accessible by server
  6. # administrators. For now, these routes are not properly designed and
  7. # integrated into Mastodon, so we're disabling them completely
  8. describe 'GET /oauth/applications' do
  9. it 'returns 403 forbidden' do
  10. get oauth_applications_path
  11. expect(response).to have_http_status(403)
  12. end
  13. end
  14. describe 'POST /oauth/applications' do
  15. it 'returns 403 forbidden' do
  16. post oauth_applications_path
  17. expect(response).to have_http_status(403)
  18. end
  19. end
  20. describe 'GET /oauth/applications/new' do
  21. it 'returns 403 forbidden' do
  22. get new_oauth_application_path
  23. expect(response).to have_http_status(403)
  24. end
  25. end
  26. describe 'GET /oauth/applications/:id' do
  27. let(:application) { Fabricate(:application, scopes: 'read') }
  28. it 'returns 403 forbidden' do
  29. get oauth_application_path(application)
  30. expect(response).to have_http_status(403)
  31. end
  32. end
  33. describe 'PATCH /oauth/applications/:id' do
  34. let(:application) { Fabricate(:application, scopes: 'read') }
  35. it 'returns 403 forbidden' do
  36. patch oauth_application_path(application)
  37. expect(response).to have_http_status(403)
  38. end
  39. end
  40. describe 'PUT /oauth/applications/:id' do
  41. let(:application) { Fabricate(:application, scopes: 'read') }
  42. it 'returns 403 forbidden' do
  43. put oauth_application_path(application)
  44. expect(response).to have_http_status(403)
  45. end
  46. end
  47. describe 'DELETE /oauth/applications/:id' do
  48. let(:application) { Fabricate(:application, scopes: 'read') }
  49. it 'returns 403 forbidden' do
  50. delete oauth_application_path(application)
  51. expect(response).to have_http_status(403)
  52. end
  53. end
  54. describe 'GET /oauth/applications/:id/edit' do
  55. let(:application) { Fabricate(:application, scopes: 'read') }
  56. it 'returns 403 forbidden' do
  57. get edit_oauth_application_path(application)
  58. expect(response).to have_http_status(403)
  59. end
  60. end
  61. end