gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-11-27 10:00:50 +00:00
Code Issues Actions 17 Packages Projects Releases Wiki Activity

Ensure the asserted scopes are the ones in the access grant

Browse Source
This commit is contained in:
Emelia Smith 2025-07-23 21:32:17 +02:00
parent 3c077e5fc8
commit 514540d52e
No known key found for this signature in database
1 changed files with 3 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
spec/requests/oauth/token_spec.rb
View File

@ -25,17 +25,15 @@ RSpec.describe 'Managing OAuth Tokens' do
}
end
let(:code) do
access_grant = Fabricate(:access_grant, application: application, redirect_uri: 'urn:ietf:wg:oauth:2.0:oob', scopes: 'read write')
access_grant.plaintext_token
end
let(:access_grant) { Fabricate(:access_grant, application: application, redirect_uri: 'urn:ietf:wg:oauth:2.0:oob', scopes: 'read write') }
let(:code) { access_grant.plaintext_token }
shared_examples 'returns a correctly scoped access token' do
it 'returns the scopes requested by the authorization code' do
subject
expect(response).to have_http_status(200)
expect(response.parsed_body[:scope]).to eq 'read write'
expect(response.parsed_body[:scope]).to eq access_grant.scopes.to_s
end
context 'with additional parameters not used by the grant type' do