cst1/openstreetmap-website
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Drop support for OAuth 1

Browse source
This commit is contained in:
Tom Hughes 2024-07-24 19:12:14 +01:00 committed by Anton Khorev
parent cee9818dfc
commit 17bc0853a0
48 changed files with 52 additions and 2395 deletions
Download patch file Download diff file Expand all files Collapse all files

27
test/controllers/api/permissions_controller_test.rb
View file

@ -37,9 +37,9 @@ module Api
get permissions_path, :headers => auth_header
assert_response :success
assert_select "osm > permissions", :count => 1 do
assert_select "permission", :count => ClientApplication.all_permissions.size
ClientApplication.all_permissions.each do |p|
assert_select "permission[name='#{p}']", :count => 1
assert_select "permission", :count => Oauth.scopes.size
Oauth.scopes.each do |p|
assert_select "permission[name='allow_#{p.name}']", :count => 1
end
end
@ -50,24 +50,9 @@ module Api
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal ClientApplication.all_permissions.size, js["permissions"].count
ClientApplication.all_permissions.each do |p|
assert_includes js["permissions"], p.to_s
end
end
def test_permissions_oauth1
token = create(:access_token,
:allow_read_prefs => true,
:allow_write_api => true,
:allow_read_gpx => false)
signed_get permissions_path, :oauth => { :token => token }
assert_response :success
assert_select "osm > permissions", :count => 1 do
assert_select "permission", :count => 2
assert_select "permission[name='allow_read_prefs']", :count => 1
assert_select "permission[name='allow_write_api']", :count => 1
assert_select "permission[name='allow_read_gpx']", :count => 0
assert_equal Oauth.scopes.size, js["permissions"].count
Oauth.scopes.each do |p|
assert_includes js["permissions"], "allow_#{p.name}"
end
end

206
test/controllers/api/users_controller_test.rb
View file

@ -75,80 +75,6 @@ module Api
check_json_details(js, user, false, false)
end
def test_show_oauth1
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
:languages => ["en"])
good_token = create(:access_token,
:user => user,
:allow_read_prefs => true)
bad_token = create(:access_token,
:user => user)
other_user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
:languages => ["en"])
# check that we can fetch our own details as XML with read_prefs
signed_get api_user_path(:id => user.id), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(user, true, false)
# check that we can fetch a different user's details as XML with read_prefs
signed_get api_user_path(:id => other_user.id), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(other_user, false, false)
# check that we can fetch our own details as XML without read_prefs
signed_get api_user_path(:id => user.id), :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(user, false, false)
# check that we can fetch our own details as JSON with read_prefs
signed_get api_user_path(:id => user.id, :format => "json"), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, user, true, false)
# check that we can fetch a different user's details as JSON with read_prefs
signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, other_user, false, false)
# check that we can fetch our own details as JSON without read_prefs
signed_get api_user_path(:id => other_user.id, :format => "json"), :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, other_user, false, false)
end
def test_show_oauth2
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
@ -260,45 +186,6 @@ module Api
check_json_details(js, user, true, false)
end
def test_details_oauth1
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
:languages => ["en"])
good_token = create(:access_token,
:user => user,
:allow_read_prefs => true)
bad_token = create(:access_token,
:user => user)
# check that we can't fetch details as XML without read_prefs
signed_get user_details_path, :oauth => { :token => bad_token }
assert_response :forbidden
# check that we can fetch details as XML
signed_get user_details_path, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
# check the data that is returned
check_xml_details(user, true, false)
# check that we can't fetch details as JSON without read_prefs
signed_get user_details_path(:format => "json"), :oauth => { :token => bad_token }
assert_response :forbidden
# check that we can fetch details as JSON
signed_get user_details_path(:format => "json"), :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
# parse the response
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
# check the data that is returned
check_json_details(js, user, true, false)
end
def test_details_oauth2
user = create(:user,
:home_lat => 12.1, :home_lon => 23.4,
@ -434,99 +321,6 @@ module Api
assert_select "user", :count => 0
end
def test_index_oauth1
user1 = create(:user, :description => "test1", :terms_agreed => Date.yesterday)
user2 = create(:user, :description => "test2", :terms_agreed => Date.yesterday)
user3 = create(:user, :description => "test3", :terms_agreed => Date.yesterday)
good_token = create(:access_token, :user => user1, :allow_read_prefs => true)
bad_token = create(:access_token, :user => user1)
signed_get api_users_path, :params => { :users => user1.id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 1 do
check_xml_details(user1, true, false)
assert_select "user[id='#{user2.id}']", :count => 0
assert_select "user[id='#{user3.id}']", :count => 0
end
signed_get api_users_path, :params => { :users => user2.id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 1 do
assert_select "user[id='#{user1.id}']", :count => 0
check_xml_details(user2, false, false)
assert_select "user[id='#{user3.id}']", :count => 0
end
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 2 do
check_xml_details(user1, true, false)
assert_select "user[id='#{user2.id}']", :count => 0
check_xml_details(user3, false, false)
end
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}" }, :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 2 do
check_xml_details(user1, false, false)
assert_select "user[id='#{user2.id}']", :count => 0
check_xml_details(user3, false, false)
end
signed_get api_users_path, :params => { :users => user1.id, :format => "json" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 1, js["users"].count
check_json_details(js["users"][0], user1, true, false)
signed_get api_users_path, :params => { :users => user2.id, :format => "json" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 1, js["users"].count
check_json_details(js["users"][0], user2, false, false)
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 2, js["users"].count
check_json_details(js["users"][0], user1, true, false)
check_json_details(js["users"][1], user3, false, false)
signed_get api_users_path, :params => { :users => "#{user1.id},#{user3.id}", :format => "json" }, :oauth => { :token => bad_token }
assert_response :success
assert_equal "application/json", response.media_type
js = ActiveSupport::JSON.decode(@response.body)
assert_not_nil js
assert_equal 2, js["users"].count
check_json_details(js["users"][0], user1, false, false)
check_json_details(js["users"][1], user3, false, false)
signed_get api_users_path, :params => { :users => create(:user, :suspended).id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 0
signed_get api_users_path, :params => { :users => create(:user, :deleted).id }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 0
signed_get api_users_path, :params => { :users => 0 }, :oauth => { :token => good_token }
assert_response :success
assert_equal "application/xml", response.media_type
assert_select "user", :count => 0
end
def test_index_oauth2
user1 = create(:user, :description => "test1", :terms_agreed => Date.yesterday)
user2 = create(:user, :description => "test2", :terms_agreed => Date.yesterday)

204
test/controllers/oauth_clients_controller_test.rb
View file

@ -1,204 +0,0 @@
require "test_helper"
class OauthClientsControllerTest < ActionDispatch::IntegrationTest
##
# test all routes which lead to this controller
def test_routes
assert_routing(
{ :path => "/user/username/oauth_clients", :method => :get },
{ :controller => "oauth_clients", :action => "index", :display_name => "username" }
)
assert_routing(
{ :path => "/user/username/oauth_clients/new", :method => :get },
{ :controller => "oauth_clients", :action => "new", :display_name => "username" }
)
assert_routing(
{ :path => "/user/username/oauth_clients", :method => :post },
{ :controller => "oauth_clients", :action => "create", :display_name => "username" }
)
assert_routing(
{ :path => "/user/username/oauth_clients/1", :method => :get },
{ :controller => "oauth_clients", :action => "show", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/oauth_clients/1/edit", :method => :get },
{ :controller => "oauth_clients", :action => "edit", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/oauth_clients/1", :method => :put },
{ :controller => "oauth_clients", :action => "update", :display_name => "username", :id => "1" }
)
assert_routing(
{ :path => "/user/username/oauth_clients/1", :method => :delete },
{ :controller => "oauth_clients", :action => "destroy", :display_name => "username", :id => "1" }
)
end
def test_index
user = create(:user)
create_list(:client_application, 2, :user => user)
create_list(:access_token, 2, :user => user)
get oauth_clients_path(user)
assert_redirected_to login_path(:referer => oauth_clients_path(user))
session_for(user)
get oauth_clients_path(user)
assert_response :success
assert_template "index"
assert_select "li.client_application", 2
end
def test_new
user = create(:user)
get new_oauth_client_path(user)
assert_redirected_to login_path(:referer => new_oauth_client_path(user))
session_for(user)
get new_oauth_client_path(user)
assert_response :success
assert_template "new"
assert_select "form", 1 do
assert_select "input#client_application_name", 1
assert_select "input#client_application_url", 1
assert_select "input#client_application_callback_url", 1
assert_select "input#client_application_support_url", 1
ClientApplication.all_permissions.each do |perm|
assert_select "input#client_application_#{perm}", 1
end
end
end
def test_new_disabled
user = create(:user)
with_settings(:oauth_10_registration => false) do
get new_oauth_client_path(user)
assert_redirected_to login_path(:referer => new_oauth_client_path(user))
session_for(user)
get new_oauth_client_path(user)
assert_redirected_to oauth_clients_path(user)
end
end
def test_create
user = create(:user)
assert_difference "ClientApplication.count", 0 do
post oauth_clients_path(user)
end
assert_response :forbidden
session_for(user)
assert_difference "ClientApplication.count", 0 do
post oauth_clients_path(user, :client_application => { :name => "Test Application" })
end
assert_response :success
assert_template "new"
assert_difference "ClientApplication.count", 1 do
post oauth_clients_path(user, :client_application => { :name => "Test Application",
:url => "http://test.example.com/" })
end
assert_redirected_to oauth_client_path(:id => ClientApplication.find_by(:name => "Test Application").id)
end
def test_show
user = create(:user)
client = create(:client_application, :user => user)
other_client = create(:client_application)
get oauth_client_path(user, client)
assert_redirected_to login_path(:referer => oauth_client_path(user, client.id))
session_for(user)
get oauth_client_path(user, other_client)
assert_response :not_found
assert_template "not_found"
get oauth_client_path(user, client)
assert_response :success
assert_template "show"
end
def test_edit
user = create(:user)
client = create(:client_application, :user => user)
other_client = create(:client_application)
get edit_oauth_client_path(user, client)
assert_redirected_to login_path(:referer => edit_oauth_client_path(user, client.id))
session_for(user)
get edit_oauth_client_path(user, other_client)
assert_response :not_found
assert_template "not_found"
get edit_oauth_client_path(user, client)
assert_response :success
assert_template "edit"
assert_select "form", 1 do
assert_select "input#client_application_name", 1
assert_select "input#client_application_url", 1
assert_select "input#client_application_callback_url", 1
assert_select "input#client_application_support_url", 1
ClientApplication.all_permissions.each do |perm|
assert_select "input#client_application_#{perm}", 1
end
end
end
def test_update
user = create(:user)
client = create(:client_application, :user => user)
other_client = create(:client_application)
put oauth_client_path(user, client)
assert_response :forbidden
session_for(user)
put oauth_client_path(user, other_client)
assert_response :not_found
assert_template "not_found"
put oauth_client_path(user, client, :client_application => { :name => "New Name", :url => nil })
assert_response :success
assert_template "edit"
put oauth_client_path(user, client, :client_application => { :name => "New Name", :url => "http://new.example.com/url" })
assert_redirected_to oauth_client_path(:id => client.id)
end
def test_destroy
user = create(:user)
client = create(:client_application, :user => user)
other_client = create(:client_application)
assert_difference "ClientApplication.count", 0 do
delete oauth_client_path(user, client)
end
assert_response :forbidden
session_for(user)
assert_difference "ClientApplication.count", 0 do
delete oauth_client_path(user, other_client)
end
assert_response :not_found
assert_template "not_found"
assert_difference "ClientApplication.count", -1 do
delete oauth_client_path(user, client)
end
assert_redirected_to oauth_clients_path(user)
end
end

48
test/controllers/oauth_controller_test.rb
View file

@ -1,48 +0,0 @@
require "test_helper"
class OauthControllerTest < ActionDispatch::IntegrationTest
##
# test all routes which lead to this controller
def test_routes
assert_routing(
{ :path => "/oauth/revoke", :method => :get },
{ :controller => "oauth", :action => "revoke" }
)
assert_routing(
{ :path => "/oauth/revoke", :method => :post },
{ :controller => "oauth", :action => "revoke" }
)
assert_routing(
{ :path => "/oauth/authorize", :method => :get },
{ :controller => "oauth", :action => "authorize" }
)
assert_routing(
{ :path => "/oauth/authorize", :method => :post },
{ :controller => "oauth", :action => "authorize" }
)
assert_routing(
{ :path => "/oauth/token", :method => :get },
{ :controller => "oauth", :action => "token" }
)
assert_routing(
{ :path => "/oauth/request_token", :method => :get },
{ :controller => "oauth", :action => "request_token" }
)
assert_routing(
{ :path => "/oauth/request_token", :method => :post },
{ :controller => "oauth", :action => "request_token" }
)
assert_routing(
{ :path => "/oauth/access_token", :method => :get },
{ :controller => "oauth", :action => "access_token" }
)
assert_routing(
{ :path => "/oauth/access_token", :method => :post },
{ :controller => "oauth", :action => "access_token" }
)
assert_routing(
{ :path => "/oauth/test_request", :method => :get },
{ :controller => "oauth", :action => "test_request" }
)
end
end