require 'spec_helper'
describe Travis::Api::App::Extensions::Scoping do
include Travis::Testing::Stubs
before do
mock_app do
register Travis::Api::App::Extensions::Scoping
get('/') { 'ok' }
get('/private', scope: :private) { 'ok' }
end
User.stubs(:find).with(user.id).returns(user)
end
def with_scopes(url, *scopes)
token = Travis::Api::App::AccessToken.create(user: user, scopes: scopes)
get(url, {}, 'travis.access_token' => token)
end
it 'uses the default scope if no token is given' do
get('/').should be_ok
headers['X-Accepted-OAuth-Scopes'].should == 'public'
headers['X-OAuth-Scopes'].should == 'public'
end
it 'allows overriding scopes for anonymous users' do
settings.set anonymous_scopes: [:foo]
get('/').should_not be_ok
headers['X-Accepted-OAuth-Scopes'].should == 'public'
headers['X-OAuth-Scopes'].should == 'foo'
end
it 'allows overriding default scope' do
settings.set default_scope: :foo
get('/').should_not be_ok
headers['X-Accepted-OAuth-Scopes'].should == 'foo'
headers['X-OAuth-Scopes'].should == 'public'
end
it 'allows overriding default scope and anonymous scope' do
settings.set default_scope: :foo, anonymous_scopes: [:foo, :bar]
get('/').should be_ok
headers['X-Accepted-OAuth-Scopes'].should == 'foo'
headers['X-OAuth-Scopes'].should == 'foo,bar'
end
it 'takes the scope from the access token' do
with_scopes('/', :foo).should_not be_ok
headers['X-Accepted-OAuth-Scopes'].should == 'public'
headers['X-OAuth-Scopes'].should == 'foo'
end
it 'accepts the scope from the condition' do
with_scopes('/private', :foo, :bar, :private).should be_ok
headers['X-Accepted-OAuth-Scopes'].should == 'private'
headers['X-OAuth-Scopes'].should == 'foo,bar,private'
end
it 'rejects if scope from condition is missing' do
with_scopes('/private', :foo, :bar).should_not be_ok
headers['X-Accepted-OAuth-Scopes'].should == 'private'
headers['X-OAuth-Scopes'].should == 'foo,bar'
end
end