Commit 8c53f6f

mo <mo.khan@gmail.com>
2018-09-05 02:36:57
save the authorization and redirect with the code.
main
1 parent c2225dd
Changed files (5)
app
controllers
oauth_controller.rb
models
client.rb
views
oauth
show.html.erb
config
routes.rb
spec
requests
oauth_spec.rb
app/controllers/oauth_controller.rb
@@ -3,6 +3,11 @@
 class OauthController < ApplicationController
   def show
     @client = Client.find_by!(uuid: params[:id])
-    @authorization = @client.authorizations.build(user: current_user)
+  end
+
+  def create
+    client = Client.find_by!(uuid: params[:client_id])
+    authorization = client.authorizations.create!(user: current_user)
+    redirect_to client.redirect_uri_path(code: authorization.code)
   end
 end
app/models/client.rb
@@ -12,4 +12,8 @@ class Client < ApplicationRecord
   def to_param
     uuid
   end
+
+  def redirect_uri_path(code:)
+    redirect_uri + '?code=' + code
+  end
 end
app/views/oauth/show.html.erb
@@ -3,7 +3,9 @@
     <div class="col">
       <h1>Authorize</h1>
       <p>Do you authorize <strong><%= @client.name %></strong> to access your data?</p>
-      <%= form_for @authorization, url: oauth_path, method: :post do |form| %>
+
+      <%= form_for :authorization, url: oauth_index_path, method: :post do |form| %>
+        <%= hidden_field_tag :client_id, @client.to_param %>
         <%= form.button t('.authorize'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('.loading') } %>
       <% end %>
     </div>
config/routes.rb
@@ -6,7 +6,7 @@ Rails.application.routes.draw do
   resource :mfa, only: [:new, :create]
   resource :response, only: [:show]
   resource :session, only: [:new, :create, :destroy]
-  resources :oauth, only: [:show]
+  resources :oauth, only: [:show, :create]
   resources :registrations, only: [:new, :create]
 
   namespace :my do
spec/requests/oauth_spec.rb
@@ -1,12 +1,12 @@
 require 'rails_helper'
 
 RSpec.describe '/oauth' do
-  describe "GET /oauth/:client_id" do
-    context "when the user is logged in" do
-      let(:current_user) { create(:user) }
+  context "when the user is logged in" do
+    let(:current_user) { create(:user) }
 
-      before { http_login(current_user) }
+    before { http_login(current_user) }
 
+    describe "GET /oauth/:client_id" do
       context "when the client id is known" do
         let(:client) { create(:client) }
         before { get "/oauth/#{client.to_param}" }
@@ -15,5 +15,14 @@ RSpec.describe '/oauth' do
         specify { expect(response.body).to include(client.name) }
       end
     end
+
+    describe "POST /oauth" do
+      context "when the client id is known" do
+        let(:client) { create(:client) }
+        before { post "/oauth", params: { client_id: client.to_param } }
+
+        specify { expect(response).to redirect_to(client.redirect_uri_path(code: Authorization.last.code)) }
+      end
+    end
   end
 end