Commit f8fc829
Changed files (10)
app
controllers
javascript
packs
views
errors
mfas
oauths
registrations
sessions
spec
requests
app/controllers/oauth_controller.rb → app/controllers/oauths_controller.rb
@@ -1,8 +1,9 @@
# frozen_string_literal: true
-class OauthController < ApplicationController
+class OauthsController < ApplicationController
def show
- @client = Client.find_by!(uuid: params[:id])
+ return render_error(:not_found) unless params[:response_type] == 'code'
+ @client = Client.find_by!(uuid: params[:client_id])
end
def create
app/javascript/packs/application.js
@@ -10,7 +10,7 @@
import 'bootstrap/dist/js/bootstrap';
import { Application } from 'stimulus';
import { definitionsFromContext } from 'stimulus/webpack-helpers';
-import '../application.scss'
+import '../application.scss';
const application = Application.start();
const context = require.context('controllers', true, /.js$/);
app/views/errors/not_found.html.erb
@@ -0,0 +1,7 @@
+<div class="container">
+ <div class="row">
+ <div class="col">
+ <h1>404 - Not Found</h1>
+ </div>
+ </div>
+</div>
app/views/mfas/new.html.erb
@@ -6,7 +6,7 @@
<div class="form-group">
<%= form.number_field :code, class: 'form-control', autofocus: true, required: :required %>
</div>
- <%= form.button t('.login'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('.loading') } %>
+ <%= form.button t('.login'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('loading') } %>
<% end %>
</div>
</div>
app/views/oauth/show.html.erb → app/views/oauths/show.html.erb
@@ -1,13 +1,12 @@
<div class="container">
<div class="row">
<div class="col">
- <h1>Authorize</h1>
- <p>Do you authorize <strong><%= @client.name %></strong> to access your data?</p>
-
- <%= form_for :authorization, url: oauth_index_path, method: :post do |form| %>
+ <h1><%= t('.title') %></h1>
+ <p><%= t('.authorize_prompt_html', name: @client.name) %></p>
+ <%= form_for :authorization, url: oauth_path, method: :post do |form| %>
<%= hidden_field_tag :client_id, @client.to_param %>
<%= hidden_field_tag :state, params[:state] %>
- <%= form.button t('.authorize'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('.loading') } %>
+ <%= form.button t('.authorize'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('loading') } %>
<% end %>
</div>
</div>
app/views/registrations/new.html.erb
@@ -1,7 +1,7 @@
<div class="container">
<div class="row">
<div class="col">
- <h1>Register</h1>
+ <h1><%= t('.title') %></h1>
<%= form_for @user, url: registrations_path, method: :post do |form| %>
<div class="form-group">
@@ -10,7 +10,7 @@
<div class="form-group">
<%= form.password_field :password, class: 'form-control', placeholder: User.human_attribute_name(:password), required: :required %>
</div>
- <%= form.button t('.register'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('.loading') } %>
+ <%= form.button t('.register'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('loading') } %>
<%= link_to "Login", new_session_path %>
<% end %>
</div>
app/views/sessions/new.html.erb
@@ -9,7 +9,7 @@
<div class="form-group">
<%= form.password_field :password, class: 'form-control', placeholder: User.human_attribute_name(:password), required: :required, data: { target: 'sessions--new.password', action: "keyup->sessions--new#validate" } %>
</div>
- <%= form.button t('.login'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('.loading'), target: 'sessions--new.submit' } %>
+ <%= form.button t('.login'), type: 'submit', class: 'btn btn-primary', data: { disable_with: t('loading'), target: 'sessions--new.submit' } %>
<%= link_to "Register", new_registration_path %>
<% end %>
config/locales/en.yml
@@ -10,9 +10,9 @@ en:
layouts:
application:
title: Proof
+ loading: Loading…
mfas:
new:
- loading: Loading
login: Login
my:
clients:
@@ -25,15 +25,15 @@ en:
new:
cancel: Cancel
enable: Enable
- oauth:
+ oauths:
show:
authorize: Authorize
- loading: Loading
+ authorize_prompt_html: Do you authorize <strong>%{name}</strong> to access your data?
+ title: Authorize
registrations:
new:
- loading: Loading
register: Register
+ title: Register
sessions:
new:
- loading: Loading…
login: Login
config/routes.rb
@@ -6,7 +6,10 @@ Rails.application.routes.draw do
resource :mfa, only: [:new, :create]
resource :response, only: [:show]
resource :session, only: [:new, :create, :destroy]
- resources :oauth, only: [:show, :create]
+ resource :oauth, only: [:show, :create] do
+ get :authorize, to: "oauths#show"
+ end
+
resources :registrations, only: [:new, :create]
namespace :my do
spec/requests/oauth_spec.rb
@@ -6,12 +6,33 @@ RSpec.describe '/oauth' do
before { http_login(current_user) }
- describe "GET /oauth/:client_id" do
+ describe "GET /oauth" do
let(:state) { SecureRandom.uuid }
context "when the client id is known" do
let(:client) { create(:client) }
- before { get "/oauth/#{client.to_param}", params: { client_id: client.to_param, response_type: 'code', state: state } }
+
+ context "when the correct parameters are provided" do
+ before { get "/oauth", params: { client_id: client.to_param, response_type: 'code', state: state } }
+ specify { expect(response).to have_http_status(:ok) }
+ specify { expect(response.body).to include(client.name) }
+ specify { expect(response.body).to include(state) }
+ end
+
+ context "when an incorrect response_type is provided" do
+ before { get "/oauth", params: { client_id: client.to_param, response_type: 'invalid' } }
+
+ specify { expect(response).to have_http_status(:not_found) }
+ end
+ end
+ end
+
+ describe "GET /oauth/authorize" do
+ let(:state) { SecureRandom.uuid }
+
+ context "when the client id is known" do
+ let(:client) { create(:client) }
+ before { get "/oauth/authorize", params: { client_id: client.to_param, response_type: 'code', state: state } }
specify { expect(response).to have_http_status(:ok) }
specify { expect(response.body).to include(client.name) }