about summary refs log tree commit diff
path: root/spec/controllers/oauth
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2018-05-19 21:05:08 +0200
committerGitHub <noreply@github.com>2018-05-19 21:05:08 +0200
commit8378b72ebacc51e5e090faa527462b801e4c2803 (patch)
tree92deefbf0e199119a486055ac18774d5a5b410f0 /spec/controllers/oauth
parent5910eb9b61da6eacf6b534d831da6e2f698e2703 (diff)
Ensure push subscription is immediately removed when application is revoked (#7548)
* Ensure push subscription is immediately removed when application is revoked

* When token is revoked from app, unsubscribe too
Diffstat (limited to 'spec/controllers/oauth')
-rw-r--r--spec/controllers/oauth/authorized_applications_controller_spec.rb20
-rw-r--r--spec/controllers/oauth/tokens_controller_spec.rb23
2 files changed, 43 insertions, 0 deletions
diff --git a/spec/controllers/oauth/authorized_applications_controller_spec.rb b/spec/controllers/oauth/authorized_applications_controller_spec.rb
index f967b507f..901e538e9 100644
--- a/spec/controllers/oauth/authorized_applications_controller_spec.rb
+++ b/spec/controllers/oauth/authorized_applications_controller_spec.rb
@@ -39,4 +39,24 @@ describe Oauth::AuthorizedApplicationsController do
       include_examples 'stores location for user'
     end
   end
+
+  describe 'DELETE #destroy' do
+    let!(:user) { Fabricate(:user) }
+    let!(:application) { Fabricate(:application) }
+    let!(:access_token) { Fabricate(:accessible_access_token, application: application, resource_owner_id: user.id) }
+    let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
+
+    before do
+      sign_in user, scope: :user
+      post :destroy, params: { id: application.id }
+    end
+
+    it 'revokes access tokens for the application' do
+      expect(Doorkeeper::AccessToken.where(application: application).first.revoked_at).to_not be_nil
+    end
+
+    it 'removes subscriptions for the application\'s access tokens' do
+      expect(Web::PushSubscription.where(user: user).count).to eq 0
+    end
+  end
 end
diff --git a/spec/controllers/oauth/tokens_controller_spec.rb b/spec/controllers/oauth/tokens_controller_spec.rb
new file mode 100644
index 000000000..ba8e367a6
--- /dev/null
+++ b/spec/controllers/oauth/tokens_controller_spec.rb
@@ -0,0 +1,23 @@
+# frozen_string_literal: true
+
+require 'rails_helper'
+
+RSpec.describe Oauth::TokensController, type: :controller do
+  describe 'POST #revoke' do
+    let!(:user) { Fabricate(:user) }
+    let!(:access_token) { Fabricate(:accessible_access_token, resource_owner_id: user.id) }
+    let!(:web_push_subscription) { Fabricate(:web_push_subscription, user: user, access_token: access_token) }
+
+    before do
+      post :revoke, params: { token: access_token.token }
+    end
+
+    it 'revokes the token' do
+      expect(access_token.reload.revoked_at).to_not be_nil
+    end
+
+    it 'removes web push subscription for token' do
+      expect(Web::PushSubscription.where(access_token: access_token).count).to eq 0
+    end
+  end
+end