Commit 608b44f

mo <mo@mokhan.ca>
2018-10-12 00:44:33
add spec for invalid request
main
1 parent af35858
Changed files (2)
app
controllers
oauths_controller.rb
spec
requests
oauth_spec.rb
app/controllers/oauths_controller.rb
@@ -10,10 +10,11 @@ class OauthsController < ApplicationController
       response_type: params[:response_type],
       state: params[:state],
     }
-
   end
 
   def create
+    return render_error(:not_found) if session[:oauth].nil?
+
     client = Client.find_by!(uuid: session[:oauth][:client_id])
     authorization = client.authorizations.create!(user: current_user)
spec/requests/oauth_spec.rb
@@ -67,10 +67,13 @@ RSpec.describe '/oauth' do
             post "/oauth"
           end
 
-          specify do
-            expected_url = "#{client.redirect_uri}#access_token=#{token}&token_type=Bearer&expires_in=300&scope=#{scope}&state=#{state}"
-            expect(response).to redirect_to(expected_url)
-          end
+          specify { expect(response).to redirect_to("#{client.redirect_uri}#access_token=#{token}&token_type=Bearer&expires_in=300&scope=#{scope}&state=#{state}") }
+        end
+
+        context "when the client did not make an appropriate request" do
+          before { post "/oauth" }
+
+          specify { expect(response).to have_http_status(:not_found) }
         end
       end
     end