main
1# frozen_string_literal: true
2
3require 'rails_helper'
4
5RSpec.describe '/oauth/me' do
6 describe "GET /oauth/me" do
7 context "when the access_token is valid" do
8 let(:token) { create(:access_token) }
9 let(:headers) { { 'Authorization' => "Bearer #{token.to_jwt}" } }
10 let(:json) { JSON.parse(response.body, symbolize_names: true) }
11
12 before { get '/oauth/me', headers: headers }
13
14 specify { expect(response).to have_http_status(:ok) }
15 specify { expect(response['Content-Type']).to include('application/json') }
16 specify { expect(json[:sub]).to eql(token.claims[:sub]) }
17 specify { expect(json[:aud]).to eql(token.claims[:aud]) }
18 specify { expect(json[:iss]).to eql(token.claims[:iss]) }
19 specify { expect(json[:exp]).to eql(token.claims[:exp]) }
20 specify { expect(json[:iat]).to eql(token.claims[:iat]) }
21 end
22
23 context "when the token is revoked" do
24 let(:headers) { { 'Authorization' => "Bearer #{token.to_jwt}" } }
25 let(:json) { JSON.parse(response.body, symbolize_names: true) }
26 let(:token) { create(:access_token, :revoked) }
27
28 before { get '/oauth/me', headers: headers }
29
30 specify { expect(response).to have_http_status(:unauthorized) }
31 end
32
33 context "when the token is expired" do
34 let(:headers) { { 'Authorization' => "Bearer #{token.to_jwt}" } }
35 let(:json) { JSON.parse(response.body, symbolize_names: true) }
36 let(:token) { create(:access_token, :expired) }
37
38 before { get '/oauth/me', headers: headers }
39
40 specify { expect(response).to have_http_status(:unauthorized) }
41 end
42 end
43end