view release on metacpan or  search on metacpan

t/unit/300-actionrole-grant-auth.t  view on Meta::CPAN

use strictures 1;
use Test::More;

use HTTP::Request::Common;
use lib 't/lib';
use Catalyst::Test 'AuthServer';


my $code =
  AuthServer->model('DB::Code')
  ->create( { client => { endpoint => '/client/foo' } } );

# try grant with invalid code and no approval param
# should display form
{
  my $uri = URI->new('/grant');
  $uri->query_form(
    { response_type => 'code',
      client_id     => 1,
      state         => 'bar',
      code          => 999999,
      redirect_uri  => '/client/foo',
    }
  );
  $code->discard_changes;
  ok(!$code->is_active);
  my ($res2, $c) = ctx_request($uri);
  $c->dispatch;
  is_deeply( $c->error, [], 'dispatches to request action cleanly' );
  is( $c->res->body, undef, q{doesn't produce warning} );
  ok( $c->req->can('oauth2'),
    "installs oauth2 accessors if request is valid" );
  ok( Moose::Util::does_role( $c->req, 'CatalystX::OAuth2::Request' ) );
  my $res    = $c->res;
  my $client = $c->controller->store->find_client(1);
  isa_ok( my $oauth2 = $c->req->oauth2,
    'CatalystX::OAuth2::Request::GrantAuth' );
  my $redirect = $c->req->oauth2->next_action_uri( $c->controller, $c );
  is_deeply(
    { $redirect->query_form },
    { error => 'server_error',
      error_description =>
        'the server encountered an unexpected error condition'
    },
    'prohibits access if the user denies access'
  );
  is( $res->status,   200 ); # should display form
}

# try grant with invalid code and a positive approval param
# should redirect with error
# this case should only ever be triggered if someone tries to circumvent
# the regular authorization flow
{
  my $uri = URI->new('/grant');
  $uri->query_form(
    { response_type => 'code',
      client_id     => 1,
      state         => 'bar',
      code          => 99999,
      redirect_uri  => '/client/foo',
      approved      => 1
    }
  );