Add feature spec for RS OAuth dialog

app/controllers/rs/oauth_controller.rb

@@ -1,5 +1,5 @@
 class Rs::OauthController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :require_signed_in_with_username
 
   def new
     username, org  = params[:useraddress].split("@")
@@ -97,6 +97,13 @@ class Rs::OauthController < ApplicationController
 
   private
 
+  def require_signed_in_with_username
+    unless user_signed_in?
+      username, org = params[:useraddress].split("@")
+      redirect_to new_user_session_path(cn: username, ou: org)
+    end
+  end
+
   def app_auth_url(auth)
     url = "#{auth.url}#remotestorage=#{current_user.address}"
     url += "&access_token=#{auth.token}"

app/views/devise/sessions/new.html.erb

@@ -12,7 +12,8 @@
     <div class="mb-6">
       <%= f.label :cn, 'User', class: 'block mb-2 font-bold' %>
       <p class="flex gap-2 items-center">
-        <%= f.text_field :cn, autofocus: true, autocomplete: "username",
+        <%= f.text_field :cn, value: h(params[:cn]),
+              autofocus: params[:cn].blank?, autocomplete: "username",
               required: true, class: "relative grow", tabindex: "1" %>
         <span class="relative shrink-0 text-gray-500">@ <%= Setting.primary_domain %></span>
       </p>
@@ -20,7 +21,8 @@
     <p class="mb-8">
       <%= f.label :password, class: 'block mb-2 font-bold' %>
       <%= f.password_field :password, autocomplete: "current-password",
-            required: true, class: "w-full", tabindex: "2" %>
+            autofocus: params[:cn].present?, required: true,
+            class: "w-full", tabindex: "2" %>
     </p>
 
     <%= tag.div class: "flex items-center mb-8 gap-x-3", data: {

app/views/rs/oauth/new.html.erb

@@ -1,7 +1,7 @@
 <%= render HeaderCompactComponent.new(title: "Storage") %>
 
 <%= render MainCompactComponent.new do %>
-  <section>
+  <section class="permissions">
     <p class="mb-8">
       The app on
       <%= link_to @client_id, "https://#{@client_id}", class: "ks-text-link" %>
@@ -9,7 +9,7 @@
     </p>
 
     <% if @root_access_requested %>
-    <p class="text-lg">
+    <p class="scope text-lg">
       <span class="text-red-700">
         <%= render partial: "icons/alert-triangle",
               locals: { custom_class: "inline-block align-bottom mr-1.5" } %>
@@ -21,7 +21,7 @@
     </p>
     <% else %>
       <% @scopes.each do |scope| %>
-      <p class="text-gray-600">
+      <p class="scope text-gray-600">
         <span class="text-lg">
           <%= render partial: "icons/folder",
             locals: { custom_class: "inline-block align-bottom mr-1.5" } %>

spec/features/rs/oauth_spec.rb

@@ -0,0 +1,66 @@
+require 'rails_helper'
+
+RSpec.describe 'remoteStorage OAuth Dialog', type: :feature do
+  context "when signed in" do
+    let(:user) { create :user }
+
+    before do
+      login_as user, :scope => :user
+    end
+
+    context "with normal permissions" do
+      before do
+        visit new_rs_oauth_path(useraddress: user.address,
+                                redirect_uri: "http://example.com",
+                                client_id: "http://example.com",
+                                scope: "documents,[photos], contacts:r")
+      end
+
+      it "shows the permissions in a list" do
+        within ".permissions" do
+          expect(page).to have_content("documents")
+          expect(page).to have_content("photos")
+          expect(page).to have_content("contacts")
+        end
+
+        within ".scope:first-of-type" do
+          expect(page).not_to have_content("read only")
+        end
+
+        within ".scope:last-of-type" do
+          expect(page).to have_content("read only")
+        end
+      end
+    end
+
+    context "root access" do
+      context "full" do
+        before do
+          visit new_rs_oauth_path(useraddress: user.address,
+                                  redirect_uri: "http://example.com",
+                                  client_id: "http://example.com",
+                                  scope: ":rw")
+        end
+
+        it "shows a special permission for all files and dirs" do
+          within ".scope" do
+            expect(page).to have_content("All files and directories")
+          end
+        end
+      end
+    end
+  end
+
+  context "when signed out" do
+    let(:user) { create :user }
+
+    it "prefills the username field in the signin form" do
+      visit new_rs_oauth_path(useraddress: user.address,
+                              redirect_uri: "http://example.com",
+                              client_id: "http://example.com",
+                              scope: "documents,[photos], contacts:r")
+
+      expect(find("#user_cn").value).to eq(user.cn)
+    end
+  end
+end