1
0

userinfo_spec.rb 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe 'Oauth Userinfo Endpoint' do
  4. include RoutingHelper
  5. let(:user) { Fabricate(:user) }
  6. let(:account) { user.account }
  7. let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
  8. let(:scopes) { 'profile' }
  9. let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
  10. shared_examples 'returns successfully' do
  11. it 'returns http success' do
  12. subject
  13. expect(response).to have_http_status(:success)
  14. expect(response.content_type).to start_with('application/json')
  15. expect(response.parsed_body).to include({
  16. iss: root_url,
  17. sub: account_url(account),
  18. name: account.display_name,
  19. preferred_username: account.username,
  20. profile: short_account_url(account),
  21. picture: full_asset_url(account.avatar_original_url),
  22. })
  23. end
  24. end
  25. describe 'GET /oauth/userinfo' do
  26. subject do
  27. get '/oauth/userinfo', headers: headers
  28. end
  29. it_behaves_like 'forbidden for wrong scope', 'read:accounts'
  30. it_behaves_like 'returns successfully'
  31. end
  32. # As this is borrowed from OpenID, the specification says we must also support
  33. # POST for the userinfo endpoint:
  34. # https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
  35. describe 'POST /oauth/userinfo' do
  36. subject do
  37. post '/oauth/userinfo', headers: headers
  38. end
  39. it_behaves_like 'forbidden for wrong scope', 'read:accounts'
  40. it_behaves_like 'returns successfully'
  41. end
  42. end