Commit 32f5e5e

mo <mo@mokhan.ca>
2018-10-29 23:07:14
update client and return any errors.
main
1 parent 578b22a
Changed files (2)
app
controllers
oauth
clients_controller.rb
spec
requests
oauth
clients_spec.rb
app/controllers/oauth/clients_controller.rb
@@ -25,6 +25,12 @@ module Oauth
       @client = Client.find(params[:id])
       @client.update!(transform(secure_params))
       render status: :ok, formats: :json
+    rescue ActiveRecord::RecordInvalid => error
+      json = {
+        error: error_type_for(error.record.errors),
+        error_description: error.record.errors.full_messages.join(' ')
+      }
+      render json: json, status: :bad_request
     end
 
     private
spec/requests/oauth/clients_spec.rb
@@ -136,36 +136,59 @@ RSpec.describe "/oauth/clients" do
       let(:client) { create(:client) }
       let(:access_token) { create(:access_token, subject: client) }
 
-      let(:request_body) do
-        {
-          client_id: client.to_param,
-          client_name: FFaker::Name.name,
-          grant_types: [:authorization_code, :refresh_token],
-          jwks_uri: generate(:uri),
-          logo_uri: generate(:uri),
-          redirect_uris: [generate(:uri), generate(:uri)],
-          token_endpoint_auth_method: :client_secret_basic,
-        }
+      context "when the request body is valid" do
+        let(:request_body) do
+          {
+            client_id: client.to_param,
+            client_name: FFaker::Name.name,
+            grant_types: [:authorization_code, :refresh_token],
+            jwks_uri: generate(:uri),
+            logo_uri: generate(:uri),
+            redirect_uris: [generate(:uri), generate(:uri)],
+            token_endpoint_auth_method: :client_secret_basic,
+          }
+        end
+
+        before { put "/oauth/clients/#{client.to_param}", params: request_body, headers: headers }
+
+        specify { expect(response).to have_http_status(:ok) }
+        specify { expect(response.content_type).to eql('application/json') }
+        specify { expect(json[:client_id]).to eql(client.to_param) }
+        pending { expect(json[:client_secret]).to eql(client.password) }
+        specify { expect(json[:client_id_issued_at]).to eql(client.created_at.to_i) }
+        specify { expect(json[:client_secret_expires_at]).to be_zero }
+        specify { expect(json[:redirect_uris]).to match_array(request_body[:redirect_uris]) }
+        pending { expect(json[:grant_types]).to match_array(request_body[:grant_types].map(&:to_s)) }
+        specify { expect(json[:client_name]).to eql(request_body[:client_name]) }
+        specify { expect(json[:token_endpoint_auth_method]).to eql(request_body[:token_endpoint_auth_method].to_s) }
+        specify { expect(json[:logo_uri]).to eql(request_body[:logo_uri]) }
+        specify { expect(json[:jwks_uri]).to eql(request_body[:jwks_uri]) }
+
+        specify "Valid values of client metadata fields in this request MUST replace, not augment, the values previously associated with this client."
+        specify "Omitted fields MUST be treated as null or empty values by the server, indicating the client's request to delete them from the client's registration."
+        specify "The client MUST includes its 'client_id' field in the request, and it MUST be the same as its currently issued client identifier."
       end
 
-      before { put "/oauth/clients/#{client.to_param}", params: request_body, headers: headers }
-
-      specify { expect(response).to have_http_status(:ok) }
-      specify { expect(response.content_type).to eql('application/json') }
-      specify { expect(json[:client_id]).to eql(client.to_param) }
-      pending { expect(json[:client_secret]).to eql(client.password) }
-      specify { expect(json[:client_id_issued_at]).to eql(client.created_at.to_i) }
-      specify { expect(json[:client_secret_expires_at]).to be_zero }
-      specify { expect(json[:redirect_uris]).to match_array(request_body[:redirect_uris]) }
-      pending { expect(json[:grant_types]).to match_array(request_body[:grant_types].map(&:to_s)) }
-      specify { expect(json[:client_name]).to eql(request_body[:client_name]) }
-      specify { expect(json[:token_endpoint_auth_method]).to eql(request_body[:token_endpoint_auth_method].to_s) }
-      specify { expect(json[:logo_uri]).to eql(request_body[:logo_uri]) }
-      specify { expect(json[:jwks_uri]).to eql(request_body[:jwks_uri]) }
-
-      specify "Valid values of client metadata fields in this request MUST replace, not augment, the values previously associated with this client."
-      specify "Omitted fields MUST be treated as null or empty values by the server, indicating the client's request to delete them from the client's registration."
-      specify "The client MUST includes its 'client_id' field in the request, and it MUST be the same as its currently issued client identifier."
+      context "when the request body is invalid" do
+        let(:request_body) do
+          {
+            client_id: client.to_param,
+            client_name: "",
+            grant_types: [:authorization_code, :refresh_token],
+            jwks_uri: generate(:uri),
+            logo_uri: generate(:uri),
+            redirect_uris: [generate(:uri), generate(:uri)],
+            token_endpoint_auth_method: :client_secret_basic,
+          }
+        end
+
+        before { put "/oauth/clients/#{client.to_param}", params: request_body, headers: headers }
+
+        specify { expect(response).to have_http_status(:bad_request) }
+        specify { expect(response.content_type).to eql('application/json') }
+        specify { expect(json[:error]).to eql("invalid_client_metadata") }
+        specify { expect(json[:error_description]).to eql("Name can't be blank") }
+      end
     end
 
     specify "request MUST NOT include the 'registration_access_token'"