diff options
author | Eugen Rochko <eugen@zeonfederated.com> | 2018-05-19 21:05:08 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-05-19 21:05:08 +0200 |
commit | 8378b72ebacc51e5e090faa527462b801e4c2803 (patch) | |
tree | 92deefbf0e199119a486055ac18774d5a5b410f0 /spec/controllers/oauth | |
parent | 5910eb9b61da6eacf6b534d831da6e2f698e2703 (diff) |
Ensure push subscription is immediately removed when application is revoked (#7548)
* Ensure push subscription is immediately removed when application is revoked * When token is revoked from app, unsubscribe too
Diffstat (limited to 'spec/controllers/oauth')
-rw-r--r-- | spec/controllers/oauth/authorized_applications_controller_spec.rb | 20 | ||||
-rw-r--r-- | spec/controllers/oauth/tokens_controller_spec.rb | 23 |
2 files changed, 43 insertions, 0 deletions
diff --git a/spec/controllers/oauth/authorized_applications_controller_spec.rb b/spec/controllers/oauth/authorized_applications_controller_spec.rb index f967b507f..901e538e9 100644 --- a/spec/controllers/oauth/authorized_applications_controller_spec.rb +++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb @@ -39,4 +39,24 @@ describe Oauth::AuthorizedApplicationsController do include_examples 'stores location for user' end end + + describe 'DELETE #destroy' do + let!(:user) { Fabricate(:user) } + let!(:application) { Fabricate(:application) } + let!(:access_token) { Fabricate(:accessible_access_token, application: application, resource_owner_id: user.id) } + let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) } + + before do + sign_in user, scope: :user + post :destroy, params: { id: application.id } + end + + it 'revokes access tokens for the application' do + expect(Doorkeeper::AccessToken.where(application: application).first.revoked_at).to_not be_nil + end + + it 'removes subscriptions for the application\'s access tokens' do + expect(Web::PushSubscription.where(user: user).count).to eq 0 + end + end end diff --git a/spec/controllers/oauth/tokens_controller_spec.rb b/spec/controllers/oauth/tokens_controller_spec.rb new file mode 100644 index 000000000..ba8e367a6 --- /dev/null +++ b/spec/controllers/oauth/tokens_controller_spec.rb @@ -0,0 +1,23 @@ +# frozen_string_literal: true + +require 'rails_helper' + +RSpec.describe Oauth::TokensController, type: :controller do + describe 'POST #revoke' do + let!(:user) { Fabricate(:user) } + let!(:access_token) { Fabricate(:accessible_access_token, resource_owner_id: user.id) } + let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) } + + before do + post :revoke, params: { token: access_token.token } + end + + it 'revokes the token' do + expect(access_token.reload.revoked_at).to_not be_nil + end + + it 'removes web push subscription for token' do + expect(Web::PushSubscription.where(access_token: access_token).count).to eq 0 + end + end +end |