49 lines
1.8 KiB
Ruby
49 lines
1.8 KiB
Ruby
# frozen_string_literal: true
|
|
|
|
require 'spec_helper'
|
|
require Rails.root.join('db', 'post_migrate', '20181026091631_migrate_forbidden_redirect_uris.rb')
|
|
|
|
describe MigrateForbiddenRedirectUris, :migration do
|
|
let(:oauth_application) { table(:oauth_applications) }
|
|
let(:oauth_access_grant) { table(:oauth_access_grants) }
|
|
|
|
let!(:control_app) { oauth_application.create(random_params) }
|
|
let!(:control_access_grant) { oauth_application.create(random_params) }
|
|
let!(:forbidden_js_app) { oauth_application.create(random_params.merge(redirect_uri: 'javascript://alert()')) }
|
|
let!(:forbidden_vb_app) { oauth_application.create(random_params.merge(redirect_uri: 'VBSCRIPT://alert()')) }
|
|
let!(:forbidden_access_grant) { oauth_application.create(random_params.merge(redirect_uri: 'vbscript://alert()')) }
|
|
|
|
context 'oauth application' do
|
|
it 'migrates forbidden javascript URI' do
|
|
expect { migrate! }.to change { forbidden_js_app.reload.redirect_uri }.to('http://forbidden-scheme-has-been-overwritten')
|
|
end
|
|
|
|
it 'migrates forbidden VBScript URI' do
|
|
expect { migrate! }.to change { forbidden_vb_app.reload.redirect_uri }.to('http://forbidden-scheme-has-been-overwritten')
|
|
end
|
|
|
|
it 'does not migrate a valid URI' do
|
|
expect { migrate! }.not_to change { control_app.reload.redirect_uri }
|
|
end
|
|
end
|
|
|
|
context 'access grant' do
|
|
it 'migrates forbidden VBScript URI' do
|
|
expect { migrate! }.to change { forbidden_access_grant.reload.redirect_uri }.to('http://forbidden-scheme-has-been-overwritten')
|
|
end
|
|
|
|
it 'does not migrate a valid URI' do
|
|
expect { migrate! }.not_to change { control_access_grant.reload.redirect_uri }
|
|
end
|
|
end
|
|
|
|
def random_params
|
|
{
|
|
name: 'test',
|
|
secret: 'test',
|
|
uid: Doorkeeper::OAuth::Helpers::UniqueToken.generate,
|
|
redirect_uri: 'http://valid.com'
|
|
}
|
|
end
|
|
end
|