mastodon/spec/controllers/oauth/authorized_applications_con...

# frozen_string_literal: true

require 'rails_helper'

RSpec.describe Oauth::AuthorizedApplicationsController do
  render_views

  describe 'GET #index' do
    subject do
      get :index
    end

    context 'when signed in' do
      before do
        sign_in Fabricate(:user), scope: :user
      end

      it 'returns http success with private cache control headers' do
        subject
        expect(response)
          .to have_http_status(200)
        expect(response.headers['Cache-Control'])
          .to include('private, no-store')
        expect(controller.stored_location_for(:user))
          .to eq '/oauth/authorized_applications'
      end
    end

    context 'when not signed in' do
      it 'redirects' do
        subject

        expect(response)
          .to redirect_to '/auth/sign_in'
        expect(controller.stored_location_for(:user))
          .to eq '/oauth/authorized_applications'
      end
    end
  end

  describe 'DELETE #destroy' do
    let!(:user) { Fabricate(:user) }
    let!(:application) { Fabricate(:application) }
    let!(:access_token) { Fabricate(:accessible_access_token, application: application, resource_owner_id: user.id) }
    let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
    let(:redis_pipeline_stub) { instance_double(Redis::Namespace, publish: nil) }

    before do
      sign_in user, scope: :user
      allow(redis).to receive(:pipelined).and_yield(redis_pipeline_stub)
    end

    it 'revokes access tokens for the application and removes subscriptions and sends kill payload to streaming' do
      post :destroy, params: { id: application.id }

      expect(Doorkeeper::AccessToken.where(application: application).first.revoked_at)
        .to_not be_nil
      expect(Web::PushSubscription.where(user: user).count)
        .to eq(0)
      expect { web_push_subscription.reload }
        .to raise_error(ActiveRecord::RecordNotFound)
      expect(redis_pipeline_stub)
        .to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')
    end
  end
end
Fix flashes partial render error for controllers which don't inherit from application controller (#2400) * Add failing spec for oauth/authorized_applications controller * Use explicit reference to flashes partial from admin layout Because some of the controllers which use the admin layout do not inherit from application controller, this partial is not in their view path. 2017-04-24 17:30:30 +02:00			`# frozen_string_literal: true`

			`require 'rails_helper'`

Enable "zero monkey patching" mode in RSpec (#31614) 2024-09-04 07:12:25 +02:00			`RSpec.describe Oauth::AuthorizedApplicationsController do`
Fix flashes partial render error for controllers which don't inherit from application controller (#2400) * Add failing spec for oauth/authorized_applications controller * Use explicit reference to flashes partial from admin layout Because some of the controllers which use the admin layout do not inherit from application controller, this partial is not in their view path. 2017-04-24 17:30:30 +02:00			`render_views`

			`describe 'GET #index' do`
Cover Oauth::AuthorizedApplicationsController (#3359) 2017-05-29 18:08:05 +02:00			`subject do`
Fix flashes partial render error for controllers which don't inherit from application controller (#2400) * Add failing spec for oauth/authorized_applications controller * Use explicit reference to flashes partial from admin layout Because some of the controllers which use the admin layout do not inherit from application controller, this partial is not in their view path. 2017-04-24 17:30:30 +02:00			`get :index`
			`end`

Cover Oauth::AuthorizedApplicationsController (#3359) 2017-05-29 18:08:05 +02:00			`context 'when signed in' do`
			`before do`
			`sign_in Fabricate(:user), scope: :user`
			`end`

Reduce factory creation (36 -> 12) in `spec/controllers/oauth/*` area (#32045) 2024-09-25 09:56:08 +02:00			`it 'returns http success with private cache control headers' do`
Cover Oauth::AuthorizedApplicationsController (#3359) 2017-05-29 18:08:05 +02:00			`subject`
Reduce factory creation (36 -> 12) in `spec/controllers/oauth/*` area (#32045) 2024-09-25 09:56:08 +02:00			`expect(response)`
			`.to have_http_status(200)`
			`expect(response.headers['Cache-Control'])`
			`.to include('private, no-store')`
			`expect(controller.stored_location_for(:user))`
			`.to eq '/oauth/authorized_applications'`
Cover Oauth::AuthorizedApplicationsController (#3359) 2017-05-29 18:08:05 +02:00			`end`
			`end`

			`context 'when not signed in' do`
			`it 'redirects' do`
			`subject`

Reduce factory creation (36 -> 12) in `spec/controllers/oauth/*` area (#32045) 2024-09-25 09:56:08 +02:00			`expect(response)`
			`.to redirect_to '/auth/sign_in'`
			`expect(controller.stored_location_for(:user))`
			`.to eq '/oauth/authorized_applications'`
			`end`
Fix flashes partial render error for controllers which don't inherit from application controller (#2400) * Add failing spec for oauth/authorized_applications controller * Use explicit reference to flashes partial from admin layout Because some of the controllers which use the admin layout do not inherit from application controller, this partial is not in their view path. 2017-04-24 17:30:30 +02:00			`end`
			`end`
Ensure push subscription is immediately removed when application is revoked (#7548) * Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe too 2018-05-19 21:05:08 +02:00
			`describe 'DELETE #destroy' do`
			`let!(:user) { Fabricate(:user) }`
			`let!(:application) { Fabricate(:application) }`
			`let!(:access_token) { Fabricate(:accessible_access_token, application: application, resource_owner_id: user.id) }`
			`let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }`
Merge pull request from GHSA-vp5r-5pgw-jwqx * Fix streaming sessions not being closed when revoking access to an app * Add tests for GHSA-7w3c-p9j8-mq3x 2024-07-04 16:11:28 +02:00			`let(:redis_pipeline_stub) { instance_double(Redis::Namespace, publish: nil) }`
Ensure push subscription is immediately removed when application is revoked (#7548) * Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe too 2018-05-19 21:05:08 +02:00
			`before do`
			`sign_in user, scope: :user`
Merge pull request from GHSA-vp5r-5pgw-jwqx * Fix streaming sessions not being closed when revoking access to an app * Add tests for GHSA-7w3c-p9j8-mq3x 2024-07-04 16:11:28 +02:00			`allow(redis).to receive(:pipelined).and_yield(redis_pipeline_stub)`
Ensure push subscription is immediately removed when application is revoked (#7548) * Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe too 2018-05-19 21:05:08 +02:00			`end`

Reduce factory creation (36 -> 12) in `spec/controllers/oauth/*` area (#32045) 2024-09-25 09:56:08 +02:00			`it 'revokes access tokens for the application and removes subscriptions and sends kill payload to streaming' do`
			`post :destroy, params: { id: application.id }`
Merge pull request from GHSA-vp5r-5pgw-jwqx * Fix streaming sessions not being closed when revoking access to an app * Add tests for GHSA-7w3c-p9j8-mq3x 2024-07-04 16:11:28 +02:00
Reduce factory creation (36 -> 12) in `spec/controllers/oauth/*` area (#32045) 2024-09-25 09:56:08 +02:00			`expect(Doorkeeper::AccessToken.where(application: application).first.revoked_at)`
			`.to_not be_nil`
			`expect(Web::PushSubscription.where(user: user).count)`
			`.to eq(0)`
			`expect { web_push_subscription.reload }`
			`.to raise_error(ActiveRecord::RecordNotFound)`
			`expect(redis_pipeline_stub)`
			`.to have_received(:publish).with("timeline:access_token:#{access_token.id}", '{"event":"kill"}')`
Merge pull request from GHSA-vp5r-5pgw-jwqx * Fix streaming sessions not being closed when revoking access to an app * Add tests for GHSA-7w3c-p9j8-mq3x 2024-07-04 16:11:28 +02:00			`end`
Ensure push subscription is immediately removed when application is revoked (#7548) * Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe too 2018-05-19 21:05:08 +02:00			`end`
Fix flashes partial render error for controllers which don't inherit from application controller (#2400) * Add failing spec for oauth/authorized_applications controller * Use explicit reference to flashes partial from admin layout Because some of the controllers which use the admin layout do not inherit from application controller, this partial is not in their view path. 2017-04-24 17:30:30 +02:00			`end`