mirror of
https://github.com/mastodon/mastodon.git
synced 2024-10-18 16:51:23 +09:00
Support POST requests to userinfo endpoint
This commit is contained in:
parent
d01391c358
commit
928c78ff4a
@ -23,7 +23,7 @@ Rails.application.config.middleware.insert_before 0, Rack::Cors do
|
||||
methods: %i(post put delete get patch options)
|
||||
resource '/oauth/token', methods: [:post]
|
||||
resource '/oauth/revoke', methods: [:post]
|
||||
resource '/oauth/userinfo', methods: [:get]
|
||||
resource '/oauth/userinfo', methods: [:get, :post]
|
||||
end
|
||||
end
|
||||
end
|
||||
|
@ -66,6 +66,10 @@ Rails.application.routes.draw do
|
||||
|
||||
namespace :oauth do
|
||||
get 'userinfo', to: 'userinfo#show', defaults: { format: 'json' }
|
||||
# As this is borrowed from OpenID, the specification says we must also support
|
||||
# POST for the userinfo endpoint:
|
||||
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
|
||||
post 'userinfo', to: 'userinfo#show', defaults: { format: 'json' }
|
||||
end
|
||||
|
||||
scope path: '.well-known' do
|
||||
|
@ -5,19 +5,13 @@ require 'rails_helper'
|
||||
RSpec.describe 'Oauth Userinfo Endpoint' do
|
||||
include RoutingHelper
|
||||
|
||||
describe 'GET /oauth/userinfo' do
|
||||
subject do
|
||||
get '/oauth/userinfo', headers: headers
|
||||
end
|
||||
|
||||
let(:user) { Fabricate(:user) }
|
||||
let(:account) { user.account }
|
||||
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
|
||||
let(:scopes) { 'profile' }
|
||||
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
|
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
|
||||
let(:user) { Fabricate(:user) }
|
||||
let(:account) { user.account }
|
||||
let(:token) { Fabricate(:accessible_access_token, resource_owner_id: user.id, scopes: scopes) }
|
||||
let(:scopes) { 'profile' }
|
||||
let(:headers) { { 'Authorization' => "Bearer #{token.token}" } }
|
||||
|
||||
shared_examples 'returns successfully' do
|
||||
it 'returns http success' do
|
||||
subject
|
||||
|
||||
@ -33,4 +27,25 @@ RSpec.describe 'Oauth Userinfo Endpoint' do
|
||||
})
|
||||
end
|
||||
end
|
||||
|
||||
describe 'GET /oauth/userinfo' do
|
||||
subject do
|
||||
get '/oauth/userinfo', headers: headers
|
||||
end
|
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
|
||||
it_behaves_like 'returns successfully'
|
||||
end
|
||||
|
||||
# As this is borrowed from OpenID, the specification says we must also support
|
||||
# POST for the userinfo endpoint:
|
||||
# https://openid.net/specs/openid-connect-core-1_0.html#UserInfo
|
||||
describe 'POST /oauth/userinfo' do
|
||||
subject do
|
||||
post '/oauth/userinfo', headers: headers
|
||||
end
|
||||
|
||||
it_behaves_like 'forbidden for wrong scope', 'read:accounts'
|
||||
it_behaves_like 'returns successfully'
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user