diff --git a/app/components/rs_auth_component.html.erb b/app/components/rs_auth_component.html.erb
index cf5e97d..8a40970 100644
--- a/app/components/rs_auth_component.html.erb
+++ b/app/components/rs_auth_component.html.erb
@@ -10,13 +10,10 @@
<%= @auth.client_id %>
-
-
-
-
-
<%= render DropdownComponent.new do %>
- <%= render DropdownLinkComponent.new(href: "#") do %>
+ <%= render DropdownLinkComponent.new(
+ href: launch_app_services_storage_rs_auth_url(@auth)
+ ) do %>
Launch app
<% end %>
<%= render DropdownLinkComponent.new(
diff --git a/app/controllers/rs/oauth_controller.rb b/app/controllers/rs/oauth_controller.rb
index 6d9d537..48a5739 100644
--- a/app/controllers/rs/oauth_controller.rb
+++ b/app/controllers/rs/oauth_controller.rb
@@ -95,13 +95,6 @@ class Rs::OauthController < ApplicationController
allow_other_host: true
end
- # GET /rs/oauth/token/:id/launch_app
- def launch_app
- auth = current_user.remote_storage_authorizations.find(params[:id])
-
- redirect_to app_auth_url(auth), allow_other_host: true
- end
-
private
def require_signed_in_with_username
@@ -111,12 +104,6 @@ class Rs::OauthController < ApplicationController
end
end
- def app_auth_url(auth)
- url = "#{auth.url}#remotestorage=#{current_user.address}"
- url += "&access_token=#{auth.token}"
- url
- end
-
def hostname_of(uri)
uri.gsub(/http(s)?:\/\//, "").split(":")[0].split("/")[0]
end
diff --git a/app/controllers/services/rs_auths_controller.rb b/app/controllers/services/rs_auths_controller.rb
index 4d7d5d2..091ce7b 100644
--- a/app/controllers/services/rs_auths_controller.rb
+++ b/app/controllers/services/rs_auths_controller.rb
@@ -5,8 +5,8 @@ class Services::RsAuthsController < Services::BaseController
# before_action :require_service_enabled
def destroy
- if @rs_auth = current_user.remote_storage_authorizations.find(params[:id])
- @rs_auth.destroy!
+ if auth = current_user.remote_storage_authorizations.find(params[:id])
+ auth.destroy!
else
http_status :not_found
end
@@ -20,6 +20,13 @@ class Services::RsAuthsController < Services::BaseController
end
end
+ def launch_app
+ auth = current_user.remote_storage_authorizations.find(params[:id])
+ launch_url = "#{auth.url}#remotestorage=#{current_user.address}&access_token=#{auth.token}"
+
+ redirect_to launch_url, allow_other_host: true
+ end
+
private
def require_feature_enabled
diff --git a/app/models/remote_storage_authorization.rb b/app/models/remote_storage_authorization.rb
index 2d62e65..e5f2ec0 100644
--- a/app/models/remote_storage_authorization.rb
+++ b/app/models/remote_storage_authorization.rb
@@ -23,7 +23,7 @@ class RemoteStorageAuthorization < ApplicationRecord
after_destroy :remove_token_expiry_job
def url
- # TODO use web app scope in addition to host
+ # TODO use web app scope in addition to host/client_id
uri = URI.parse self.redirect_uri
"#{uri.scheme}://#{client_id}"
end
diff --git a/config/routes.rb b/config/routes.rb
index ee7259d..c9f4281 100644
--- a/config/routes.rb
+++ b/config/routes.rb
@@ -33,7 +33,8 @@ Rails.application.routes.draw do
resource :storage, controller: 'remotestorage', only: [:show] do
resources :rs_auths, only: [:destroy] do
member do
- get 'revoke', to: 'rs_auths#destroy'
+ get :revoke, to: 'rs_auths#destroy'
+ get :launch_app
end
end
end
@@ -86,7 +87,6 @@ Rails.application.routes.draw do
resource :oauth, only: [:new, :create], path_names: {
new: ':username', create: ':username'
}, controller: 'oauth'
- get 'oauth/token/:id/launch_app' => 'oauth#launch_app', as: :launch_app
end
get '.well-known/webfinger', to: 'webfinger#show'
diff --git a/spec/controllers/rs/oauth_controller_spec.rb b/spec/controllers/rs/oauth_controller_spec.rb
index c80e427..09b0750 100644
--- a/spec/controllers/rs/oauth_controller_spec.rb
+++ b/spec/controllers/rs/oauth_controller_spec.rb
@@ -437,33 +437,4 @@ RSpec.describe Rs::OauthController, type: :controller do
end
end
end
-
- describe "GET /rs/oauth/token/:id/launch_app" do
- context "when user is signed in" do
- before do
- sign_in user
- end
-
- context "token exists" do
- before do
- @auth = user.remote_storage_authorizations.create!(
- permissions: %w(documents), client_id: "app.example.com",
- redirect_uri: "https://app.example.com",
- expire_at: 2.days.from_now
- )
-
- get :launch_app, params: { id: @auth.id }
- end
-
- after do
- @auth.destroy
- end
-
- it "redirects to the given URL with the correct RS URL fragment params" do
- launch_url = "https://app.example.com#remotestorage=#{user.address}&access_token=#{@auth.token}"
- expect(response).to redirect_to(launch_url)
- end
- end
- end
- end
end
diff --git a/spec/controllers/services/rs_auths_controller_spec.rb b/spec/controllers/services/rs_auths_controller_spec.rb
new file mode 100644
index 0000000..44bcdc0
--- /dev/null
+++ b/spec/controllers/services/rs_auths_controller_spec.rb
@@ -0,0 +1,39 @@
+require 'rails_helper'
+
+RSpec.describe Services::RsAuthsController, type: :controller do
+ let(:user) { create :user }
+
+ before do
+ allow_any_instance_of(AppCatalog::WebApp).to receive(:update_metadata).and_return(true)
+ allow_any_instance_of(Flipper).to receive(:enabled?).and_return(true)
+ end
+
+ describe "GET /services/storage/rs_auths/:id/launch_app" do
+ context "when user is signed in" do
+ before do
+ sign_in user
+ end
+
+ context "token exists" do
+ before do
+ @auth = user.remote_storage_authorizations.create!(
+ permissions: %w(documents), client_id: "app.example.com",
+ redirect_uri: "https://app.example.com",
+ expire_at: 2.days.from_now
+ )
+
+ get :launch_app, params: { id: @auth.id }
+ end
+
+ after do
+ @auth.destroy
+ end
+
+ it "redirects to the given URL with the correct RS URL fragment params" do
+ launch_url = "https://app.example.com#remotestorage=#{user.address}&access_token=#{@auth.token}"
+ expect(response).to redirect_to(launch_url)
+ end
+ end
+ end
+ end
+end