chore: Use Doorkeeper helper in UserinfoController, add specs

dza2000 · Oct 5, 2016 · b44c2b4 · b44c2b4
1 parent 496cca0
commit b44c2b4
Show file tree

Hide file tree

Showing 2 changed files with 40 additions and 10 deletions.
diff --git a/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb b/app/controllers/doorkeeper/openid_connect/userinfo_controller.rb
@@ -1,18 +1,12 @@
 module Doorkeeper
   module OpenidConnect
     class UserinfoController < ::Doorkeeper::ApplicationController
-      include Doorkeeper::Helpers::Controller
+      before_action -> { doorkeeper_authorize! :openid }
 
       def show
-        if doorkeeper_token && doorkeeper_token.accessible?
-          resource_owner = doorkeeper_token.instance_eval(&Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token)
-          user_info = Doorkeeper::OpenidConnect::Models::UserInfo.new(resource_owner)
-          render json: user_info, status: :ok
-        else
-          error = OAuth::ErrorResponse.new(name: :invalid_request)
-          response.headers.merge!(error.headers)
-          render json: error.body, status: error.status
-        end
+        resource_owner = doorkeeper_token.instance_eval(&Doorkeeper::OpenidConnect.configuration.resource_owner_from_access_token)
+        user_info = Doorkeeper::OpenidConnect::Models::UserInfo.new(resource_owner)
+        render json: user_info, status: :ok
       end
     end
   end

diff --git a/spec/controllers/doorkeeper/openid_connect/userinfo_controller_spec.rb b/spec/controllers/doorkeeper/openid_connect/userinfo_controller_spec.rb
@@ -0,0 +1,36 @@
+require 'rails_helper'
+
+describe Doorkeeper::OpenidConnect::UserinfoController, type: :controller do
+  let(:client) { create :application }
+  let(:user)   { User.create! name: 'Joe', password: 'sekret' }
+  let(:token)  { create :access_token, application: client, resource_owner_id: user.id }
+
+  describe '#show' do
+    context 'with a valid access token authorized for the openid scope' do
+      let(:token) { create :access_token, application: client, resource_owner_id: user.id, scopes: 'openid' }
+
+      it 'returns the user information as JSON' do
+        get :show, access_token: token.token
+
+        expect(response.status).to eq 200
+        expect(response.body).to eq %Q{{"sub":"#{user.id}"}}
+      end
+    end
+
+    context 'with a valid access token not authorized for the openid scope' do
+      it 'returns an error' do
+        get :show, access_token: token.token
+
+        expect(response.status).to eq 403
+      end
+    end
+
+    context 'without a valid access token' do
+      it 'returns an error' do
+        get :show, access_token: 'foobar'
+
+        expect(response.status).to eq 401
+      end
+    end
+  end
+end