github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-05-30 07:11:34 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

correctly return access rights in auth redirect

Browse Source
This commit is contained in:
Sam
2016-08-26 13:12:38 +10:00
parent 4fe52c8cbe
commit a37db9448f
2 changed files with 32 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
spec/controllers/user_api_keys_controller_spec.rb
View File

@ -94,6 +94,35 @@ TXT
end
it "will not return p access if not yet configured" do
SiteSetting.min_trust_level_for_user_api_key = 0
SiteSetting.allowed_user_api_auth_redirects = args[:auth_redirect]
args[:access] = "pr"
args[:push_url] = "https://push.it/here"
user = Fabricate(:user, trust_level: 0)
log_in_user(user)
post :create, args
expect(response.code).to eq("302")
uri = URI.parse(response.redirect_url)
query = uri.query
payload = query.split("payload=")[1]
encrypted = Base64.decode64(CGI.unescape(payload))
key = OpenSSL::PKey::RSA.new(private_key)
parsed = JSON.parse(key.private_decrypt(encrypted))
expect(parsed["nonce"]).to eq(args[:nonce])
expect(parsed["access"].split('').sort).to eq(['r'])
end
it "will redirect correctly with valid token" do
SiteSetting.min_trust_level_for_user_api_key = 0
@ -122,6 +151,7 @@ TXT
parsed = JSON.parse(key.private_decrypt(encrypted))
expect(parsed["nonce"]).to eq(args[:nonce])
expect(parsed["access"].split('').sort).to eq(['p','r', 'w'])
api_key = UserApiKey.find_by(key: parsed["key"])