8ee2d7d65f
* Add JSON response format to access token creation Allows programmatic clients (e.g., CLI) to create access tokens via the API by returning the token, description, and permission as JSON instead of redirecting to the HTML show page. * Add JSON response format to access token creation Allows programmatic clients (e.g., CLI) to create access tokens via the API by returning the token, description, and permission as JSON instead of redirecting to the HTML show page. * Style --------- Co-authored-by: David Heinemeier Hansson <david@hey.com>
66 lines
2.4 KiB
Ruby
66 lines
2.4 KiB
Ruby
require "test_helper"
|
|
|
|
class My::AccessTokensControllerTest < ActionDispatch::IntegrationTest
|
|
setup do
|
|
sign_in_as :kevin
|
|
end
|
|
|
|
test "create new token" do
|
|
get my_access_tokens_path
|
|
assert_response :success
|
|
|
|
get new_my_access_token_path
|
|
assert_response :success
|
|
|
|
assert_changes -> { identities(:kevin).access_tokens.count }, +1 do
|
|
post my_access_tokens_path, params: { access_token: { description: "GitHub", permission: "read" } }
|
|
follow_redirect!
|
|
assert_in_body identities(:kevin).access_tokens.last.token
|
|
end
|
|
end
|
|
|
|
test "create new token via JSON with session" do
|
|
assert_difference -> { identities(:kevin).access_tokens.count }, +1 do
|
|
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "write" } }, as: :json
|
|
end
|
|
assert_response :created
|
|
body = @response.parsed_body
|
|
assert body["token"].present?
|
|
assert_equal "Fizzy CLI", body["description"]
|
|
assert_equal "write", body["permission"]
|
|
end
|
|
|
|
test "create new token via JSON with bearer token" do
|
|
sign_out
|
|
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:davids_api_token).token}" }
|
|
|
|
assert_difference -> { identities(:david).access_tokens.count }, +1 do
|
|
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "read" } }, env: bearer_token, as: :json
|
|
end
|
|
assert_response :created
|
|
body = @response.parsed_body
|
|
assert body["token"].present?
|
|
assert_equal "Fizzy CLI", body["description"]
|
|
assert_equal "read", body["permission"]
|
|
end
|
|
|
|
test "cannot create new token via JSON with read-only bearer token" do
|
|
sign_out
|
|
bearer_token = { "HTTP_AUTHORIZATION" => "Bearer #{identity_access_tokens(:jasons_api_token).token}" }
|
|
|
|
assert_no_difference -> { identities(:jason).access_tokens.count } do
|
|
post my_access_tokens_path, params: { access_token: { description: "Fizzy CLI", permission: "read" } }, env: bearer_token, as: :json
|
|
end
|
|
assert_response :unauthorized
|
|
end
|
|
|
|
test "accessing new token after reveal window redirects to index" do
|
|
assert_changes -> { identities(:kevin).access_tokens.count }, +1 do
|
|
post my_access_tokens_path, params: { access_token: { description: "GitHub", permission: "read" } }
|
|
travel_to 15.seconds.from_now
|
|
follow_redirect!
|
|
assert_equal "Token is no longer visible", flash[:alert]
|
|
end
|
|
end
|
|
end
|