kosmos/akkounts
8
1
Fork 0
Code Issues 22 Pull Requests 1 Actions Packages Releases 12 Activity

Only allow primary domain for RS

Browse Source 
Replace user addresses with usernames in the respective URLs
This commit is contained in:
Râu Cao
2023-11-01 21:46:38 +01:00
parent 5075fef616
commit 56c127ca0c
7 changed files with 65 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
spec/controllers/rs/oauth_controller_spec.rb
View File

@@ -3,7 +3,11 @@ require 'rails_helper'
RSpec.describe Rs::OauthController, type: :controller do
let(:user) { create :user }
describe "GET /rs/oauth/:useraddress" do
before do
allow_any_instance_of(AppCatalog::WebApp).to receive(:update_metadata).and_return(true)
end
describe "GET /rs/oauth/:username" do
context "when user is signed in" do
before do
sign_in user
@@ -14,7 +18,7 @@ RSpec.describe Rs::OauthController, type: :controller do
before do
get :new, params: {
useraddress: other_user.address,
username: other_user.cn,
redirect_uri: "https://example.com",
client_id: "example.com",
scope: "examples"
@@ -22,7 +26,7 @@ RSpec.describe Rs::OauthController, type: :controller do
end
it "logs out the users and repeats the request" do
url = new_rs_oauth_url other_user.address,
url = new_rs_oauth_url other_user.cn,
redirect_uri: "https://example.com",
client_id: "example.com",
scope: "examples"
@@ -34,7 +38,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "when no valid token exists" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
redirect_uri: "https://example.com",
client_id: "example.com",
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
@@ -61,7 +65,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "no redirect_uri" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
client_id: "https://example.com"
}
@@ -75,7 +79,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "no client_id" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
redirect_uri: "https://example.com"
}
@@ -89,7 +93,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "different host for client_id and redirect_uri" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
redirect_uri: "https://example.com/foobar",
client_id: "https://google.com"
@@ -116,7 +120,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "with same host for client_id and redirect_uri" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
redirect_uri: "https://example.com",
client_id: "https://example.com"
@@ -131,7 +135,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "with different host for client_id and redirect_uri" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
redirect_uri: "https://app.example.com",
client_id: "https://example.com"
@@ -146,7 +150,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "with different redirect_uri" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
redirect_uri: "https://example.com/a_new_route",
client_id: "https://example.com"
@@ -161,7 +165,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "with state param given" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,[photos], contacts:rw videos:r tasks/work/:r",
redirect_uri: "https://example.com",
client_id: "https://example.com",
@@ -178,7 +182,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "no scope" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
redirect_uri: "https://example.com",
client_id: "https://example.com",
state: "foobar123"
@@ -193,7 +197,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "empty scope" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "",
redirect_uri: "https://example.com",
client_id: "https://example.com",
@@ -210,7 +214,7 @@ RSpec.describe Rs::OauthController, type: :controller do
context "when user is not signed in" do
it "redirects to the signin page with username pre-filled" do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "documents,photos",
redirect_uri: "https://example.com"
}
@@ -227,7 +231,7 @@ RSpec.describe Rs::OauthController, type: :controller do
describe "full" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "*:rw",
redirect_uri: "https://example.com",
client_id: "example.com"
@@ -243,7 +247,7 @@ RSpec.describe Rs::OauthController, type: :controller do
describe "read-only" do
before do
get :new, params: {
useraddress: user.address,
username: user.cn,
scope: "*:r",
redirect_uri: "https://example.com",
client_id: "example.com"
@@ -258,7 +262,7 @@ RSpec.describe Rs::OauthController, type: :controller do
end
end
describe "POST /rs/oauth/:useraddress" do
describe "POST /rs/oauth/:username" do
context "when user is signed in" do
before do
sign_in user

8
spec/features/rs/oauth_spec.rb
View File

@@ -10,7 +10,7 @@ RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
context "with normal permissions" do
before do
visit new_rs_oauth_path(useraddress: user.address,
visit new_rs_oauth_path(username: user.cn,
redirect_uri: "http://example.com",
client_id: "http://example.com",
scope: "documents,[photos], contacts:r")
@@ -36,7 +36,7 @@ RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
context "root access" do
context "full" do
before do
visit new_rs_oauth_path(useraddress: user.address,
visit new_rs_oauth_path(username: user.cn,
redirect_uri: "http://example.com",
client_id: "http://example.com",
scope: ":rw")
@@ -60,7 +60,7 @@ RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
end
it "prefills the username field in the signin form" do
visit new_rs_oauth_path(useraddress: user.address,
visit new_rs_oauth_path(username: user.cn,
redirect_uri: "http://example.com",
client_id: "http://example.com",
scope: "documents,[photos], contacts:r")
@@ -69,7 +69,7 @@ RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
end
it "redirects to the OAuth dialog after sign-in" do
auth_url = new_rs_oauth_url(useraddress: user.address,
auth_url = new_rs_oauth_url(username: user.cn,
redirect_uri: "http://example.com",
client_id: "http://example.com",
scope: "documents,[photos], contacts:r")

4
spec/requests/webfinger_spec.rb
View File

@@ -15,10 +15,10 @@ RSpec.describe "WebFinger", type: :request do
res = JSON.parse(response.body)
rs_link = res["links"].find {|l| l["rel"] == "http://tools.ietf.org/id/draft-dejong-remotestorage"}
expect(rs_link["href"]).to eql("https://storage.kosmos.org/tony@kosmos.org")
expect(rs_link["href"]).to eql("https://storage.kosmos.org/tony")
oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"]
expect(oauth_url).to eql("https://example.com/rs/oauth")
expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony@kosmos.org")
end
end