Merge remote-tracking branch 'parent/main' into upstream-20240824

2024-08-24 09:39:11 +09:00 · 2024-08-24 09:39:11 +09:00 · a5bbc3f93b
commit a5bbc3f93b
parent a41946d11a 97f6baf977
164 changed files with 1913 additions and 1534 deletions
--- a/spec/helpers/application_helper_spec.rb
+++ b/spec/helpers/application_helper_spec.rb
@ -292,33 +292,4 @@ describe ApplicationHelper do
      end
    end
  end
-
-  describe 'favicon' do
-    context 'when an icon exists' do
-      let!(:favicon) { Fabricate(:site_upload, var: 'favicon') }
-      let!(:app_icon) { Fabricate(:site_upload, var: 'app_icon') }
-
-      it 'returns the URL of the icon' do
-        expect(helper.favicon_path).to eq(favicon.file.url('48'))
-        expect(helper.app_icon_path).to eq(app_icon.file.url('48'))
-      end
-
-      it 'returns the URL of the icon with size parameter' do
-        expect(helper.favicon_path(16)).to eq(favicon.file.url('16'))
-        expect(helper.app_icon_path(16)).to eq(app_icon.file.url('16'))
-      end
-    end
-
-    context 'when an icon does not exist' do
-      it 'returns nil' do
-        expect(helper.favicon_path).to be_nil
-        expect(helper.app_icon_path).to be_nil
-      end
-
-      it 'returns nil with size parameter' do
-        expect(helper.favicon_path(16)).to be_nil
-        expect(helper.app_icon_path(16)).to be_nil
-      end
-    end
-  end
 end
--- a/spec/helpers/instance_helper_spec.rb
+++ b/spec/helpers/instance_helper_spec.rb
@ -24,4 +24,33 @@ describe InstanceHelper do
      expect(helper.site_hostname).to eq 'example.com'
    end
  end
+
+  describe 'favicon' do
+    context 'when an icon exists' do
+      let!(:favicon) { Fabricate(:site_upload, var: 'favicon') }
+      let!(:app_icon) { Fabricate(:site_upload, var: 'app_icon') }
+
+      it 'returns the URL of the icon' do
+        expect(helper.favicon_path).to eq(favicon.file.url('48'))
+        expect(helper.app_icon_path).to eq(app_icon.file.url('48'))
+      end
+
+      it 'returns the URL of the icon with size parameter' do
+        expect(helper.favicon_path(16)).to eq(favicon.file.url('16'))
+        expect(helper.app_icon_path(16)).to eq(app_icon.file.url('16'))
+      end
+    end
+
+    context 'when an icon does not exist' do
+      it 'returns nil' do
+        expect(helper.favicon_path).to be_nil
+        expect(helper.app_icon_path).to be_nil
+      end
+
+      it 'returns nil with size parameter' do
+        expect(helper.favicon_path(16)).to be_nil
+        expect(helper.app_icon_path(16)).to be_nil
+      end
+    end
+  end
 end
--- a/spec/requests/oauth/token_spec.rb
+++ b/spec/requests/oauth/token_spec.rb
@ -0,0 +1,107 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe 'Obtaining OAuth Tokens' do
+  describe 'POST /oauth/token' do
+    subject do
+      post '/oauth/token', params: params
+    end
+
+    let(:application) do
+      Fabricate(:application, scopes: 'read write follow', redirect_uri: 'urn:ietf:wg:oauth:2.0:oob')
+    end
+    let(:params) do
+      {
+        grant_type: grant_type,
+        client_id: application.uid,
+        client_secret: application.secret,
+        redirect_uri: 'urn:ietf:wg:oauth:2.0:oob',
+        code: code,
+        scope: scope,
+      }
+    end
+
+    context "with grant_type 'authorization_code'" do
+      let(:grant_type) { 'authorization_code' }
+      let(:code) do
+        access_grant = Fabricate(:access_grant, application: application, redirect_uri: 'urn:ietf:wg:oauth:2.0:oob', scopes: 'read write')
+        access_grant.plaintext_token
+      end
+
+      shared_examples 'returns originally requested scopes' do
+        it 'returns all scopes requested for the given code' do
+          subject
+
+          expect(response).to have_http_status(200)
+          expect(body_as_json[:scope]).to eq 'read write'
+        end
+      end
+
+      context 'with no scopes specified' do
+        let(:scope) { nil }
+
+        include_examples 'returns originally requested scopes'
+      end
+
+      context 'with scopes specified' do
+        context 'when the scopes were requested for this code' do
+          let(:scope) { 'write' }
+
+          include_examples 'returns originally requested scopes'
+        end
+
+        context 'when the scope was not requested for the code' do
+          let(:scope) { 'follow' }
+
+          include_examples 'returns originally requested scopes'
+        end
+
+        context 'when the scope does not belong to the application' do
+          let(:scope) { 'push' }
+
+          include_examples 'returns originally requested scopes'
+        end
+      end
+    end
+
+    context "with grant_type 'client_credentials'" do
+      let(:grant_type) { 'client_credentials' }
+      let(:code) { nil }
+
+      context 'with no scopes specified' do
+        let(:scope) { nil }
+
+        it 'returns only the default scope' do
+          subject
+
+          expect(response).to have_http_status(200)
+          expect(body_as_json[:scope]).to eq('read')
+        end
+      end
+
+      context 'with scopes specified' do
+        context 'when the scopes belong to the application' do
+          let(:scope) { 'read write' }
+
+          it 'returns all the requested scopes' do
+            subject
+
+            expect(response).to have_http_status(200)
+            expect(body_as_json[:scope]).to eq 'read write'
+          end
+        end
+
+        context 'when some scopes do not belong to the application' do
+          let(:scope) { 'read write push' }
+
+          it 'returns an error' do
+            subject
+
+            expect(response).to have_http_status(400)
+          end
+        end
+      end
+    end
+  end
+end