Commit 7ed5403
Changed files (4)
app
controllers
views
oauths
config
locales
spec
requests
app/controllers/oauths_controller.rb
@@ -22,6 +22,10 @@ class OauthsController < ApplicationController
response.headers['Cache-Control'] = 'no-store'
response.headers['Pragma'] = 'no-cache'
Authorization.find_by!(code: params[:code]).revoke!
+ #@access_token, @refresh_token = Authorization.find_by!(code: params[:code]).exchange
render formats: :json
+ rescue StandardError => error
+ Rails.logger.error(error)
+ render "bad_request", formats: :json, status: :bad_request
end
end
app/views/oauths/bad_request.json.jbuilder
@@ -0,0 +1,1 @@
+json.error t('.invalid_request')
config/locales/en.yml
@@ -26,6 +26,8 @@ en:
cancel: Cancel
enable: Enable
oauths:
+ bad_request:
+ invalid_request: invalid_request
show:
authorize: Authorize
authorize_prompt_html: Do you authorize <strong>%{name}</strong> to access your data?
spec/requests/oauth_spec.rb
@@ -74,6 +74,18 @@ RSpec.describe '/oauth' do
specify { expect(json[:refresh_token]).to be_present }
specify { expect(authorization.reload).to be_revoked }
end
+
+ context "when the code is not known" do
+ before { post '/oauth/token', params: { grant_type: 'authorization_code', code: SecureRandom.hex(20) } }
+
+ specify { expect(response).to have_http_status(:bad_request) }
+ specify { expect(response.headers['Content-Type']).to include('application/json') }
+ specify { expect(response.headers['Cache-Control']).to include('no-store') }
+ specify { expect(response.headers['Pragma']).to eql('no-cache') }
+
+ let(:json) { JSON.parse(response.body, symbolize_names: true) }
+ specify { expect(json[:error]).to eql('invalid_request') }
+ end
end
end
end