client_spec.rb

 1# frozen_string_literal: true
 2
 3require 'rails_helper'
 4
 5RSpec.describe Client do
 6  describe "#validation" do
 7    specify { expect(build(:client)).to be_valid }
 8    specify { expect(build(:client, redirect_uris: nil)).to be_invalid }
 9    specify { expect(build(:client, redirect_uris: [])).to be_invalid }
10    specify { expect(build(:client, redirect_uris: ['<script>alert("hi")</script>'])).to be_invalid }
11    specify { expect(build(:client, redirect_uris: ['invalid'])).to be_invalid }
12    specify { expect(build(:client, redirect_uris: 'invalid')).to be_invalid }
13    specify { expect(build(:client, name: nil)).to be_invalid }
14  end
15
16  describe "#redirect_url" do
17    subject { build(:client) }
18
19    let(:code) { SecureRandom.uuid }
20    let(:redirect_uri) { subject.redirect_uris[0] }
21
22    specify { expect(subject.redirect_url(code: code)).to eql("#{redirect_uri}#code=#{code}") }
23    specify { expect { subject.redirect_url(state: '<script>alert("hi");</script>') }.to raise_error(URI::InvalidURIError) }
24  end
25end