canvas-lms/spec/integration/oauth_token_spec.rb at beta · csseditor/canvas-lms · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
#
# Copyright (C) 2011 Instructure, Inc.
#
# This file is part of Canvas.
#
# Canvas is free software: you can redistribute it and/or modify it under
# the terms of the GNU Affero General Public License as published by the Free
# Software Foundation, version 3 of the License.
#
# Canvas is distributed in the hope that it will be useful, but WITHOUT ANY
# WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
# A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
# details.
#
# You should have received a copy of the GNU Affero General Public License along
# with this program. If not, see <http://www.gnu.org/licenses/>.
#

require File.expand_path(File.dirname(__FILE__) + '/../spec_helper')

%w{ Twitter LinkedIn }.each do |integration|
describe integration do
  before do
    course_with_student_logged_in(:active_all => true)
  end

  def oauth_start(integration)
    UsersController.any_instance.expects(:feature_and_service_enabled?).with(integration.underscore).returns(true)
    if integration == "LinkedIn"
      LinkedIn::Connection.expects(:config).at_least_once.returns({})
    elsif integration == "Twitter"
      Twitter::Connection.expects(:config).at_least_once.returns({})
    else
      integration.constantize.expects(:config).at_least_once.returns({})
    end

    # mock up the response from the 3rd party service, so we don't actually contact it
    OAuth::Consumer.any_instance.expects(:token_request).returns({:oauth_token => "test_token", :oauth_token_secret => "test_secret", :authorize_url => "http://oauth.example.com/start"})
    OAuth::RequestToken.any_instance.expects(:authorize_url).returns("http://oauth.example.com/start")
    get "/oauth?service=#{integration.underscore}"
  end

  it "should error if the service isn't enabled" do
    UsersController.any_instance.expects(:feature_and_service_enabled?).with(integration.underscore).returns(false)
    get "/oauth?service=#{integration.underscore}"
    expect(response).to redirect_to(user_profile_url(@user))
    expect(flash[:error]).to be_present
  end

  it "should redirect to the service for auth" do
    oauth_start(integration)
    expect(response).to redirect_to("http://oauth.example.com/start")

    oreq = OauthRequest.last
    expect(oreq).to be_present
    expect(oreq.service).to eq integration.underscore
    expect(oreq.token).to eq "test_token"
    expect(oreq.secret).to eq "test_secret"
    expect(oreq.user).to eq @user
    expect(oreq.return_url).to eq user_profile_url(@user)
  end

  describe "oauth_success" do
    before do
      OauthRequest.create!({
        :service => integration.underscore,
        :token => "test_token",
        :secret => "test_secret",
        :return_url => user_profile_url(@user),
        :user => @user,
        :original_host_with_port => "www.example.com",
      })
    end

    it "should fail without a valid token" do
      get "/oauth_success?service=#{integration.underscore}&oauth_token=wrong&oauth_verifier=test_verifier"
      expect(response).to redirect_to(user_profile_url(@user))
      expect(flash[:error]).to be_present
    end

    it "should fail with the wrong user" do
      OauthRequest.last.update_attribute(:user, User.create!)
      get "/oauth_success?service=#{integration.underscore}&oauth_token=test_token&oauth_verifier=test_verifier"
      expect(response).to redirect_to(user_profile_url(@user))
      expect(flash[:error]).to be_present
    end

    it "should redirect to the original host if a different host is returned to" do
      get "http://otherschool.example.com/oauth_success?service=#{integration.underscore}&oauth_token=test_token&oauth_verifier=test_verifier"
      expect(response).to redirect_to("http://www.example.com/oauth_success?oauth_token=test_token&oauth_verifier=test_verifier&service=#{integration.underscore}")
    end

    it "should create the UserService on successful auth" do
      oauth_start(integration)

      if integration == "LinkedIn"
        LinkedIn::Connection.expects(:from_request_token).returns(stub("LinkedInConnection",
          access_token: stub("AccessToken", token: 'test_token', secret: 'test_secret'),
          service_user_id: "test_user_id",
          service_user_name: "test_user_name",
          service_user_url: "test_user_url"
        ))
      elsif integration == "Twitter"
        Twitter::Connection.expects(:from_request_token).returns(stub("TwitterConnection",
          access_token: stub("AccessToken", token: 'test_token', secret: 'test_secret'),
          service_user_id: "test_user_id",
          service_user_name: "test_user_name"
        ))
      end

      get "/oauth_success?oauth_token=test_token&oauth_verifier=test_verifier&service=#{integration.underscore}"
      expect(response).to redirect_to(user_profile_url(@user))
      expect(flash[:error]).to be_blank
      expect(flash[:notice]).to be_present
      us = UserService.where(service: integration.underscore, user_id: @user).first
      expect(us).to be_present
      expect(us.service_user_id).to eq "test_user_id"
      expect(us.service_user_name).to eq "test_user_name"
      expect(us.token).to eq "test_token"
      expect(us.secret).to eq "test_secret"
    end

    it "should fail creating the UserService if getting the initial user info fails" do
      oauth_start(integration)

      # pretend that somehow we think we got a valid auth token, but we actually didn't
      if integration == "LinkedIn"
        # mock up the response from the 3rd party service, so we don't actually contact it
        LinkedIn::Connection.expects(:from_request_token).
          raises(RuntimeError, "Third-party service totally like, failed")
      elsif integration == "Twitter"
        Twitter::Connection.expects(:from_request_token).
          raises(RuntimeError, "Third-party service totally like, failed")
      end

      get "/oauth_success?oauth_token=test_token&oauth_verifier=test_verifier&service=#{integration.underscore}"
      expect(response).to redirect_to(user_profile_url(@user))
      expect(flash[:error]).to be_present
      expect(flash[:notice]).to be_blank
      us = UserService.where(service: integration.underscore, user_id: @user).first
      expect(us).not_to be_present
    end
  end
end
end