146 lines
5.3 KiB
Ruby
146 lines
5.3 KiB
Ruby
require 'rails_helper'
|
|
|
|
describe SessionsController do
|
|
let(:consumer) { FactoryGirl.create(:consumer) }
|
|
|
|
describe 'POST #create' do
|
|
let(:password) { user_attributes[:password] }
|
|
let(:user) { InternalUser.create(user_attributes) }
|
|
let(:user_attributes) { FactoryGirl.attributes_for(:teacher) }
|
|
|
|
context 'with valid credentials' do
|
|
before(:each) do
|
|
user.activate!
|
|
post :create, email: user.email, password: password, remember_me: 1
|
|
end
|
|
|
|
expect_flash_message(:notice, :'sessions.create.success')
|
|
expect_redirect
|
|
end
|
|
|
|
context 'with invalid credentials' do
|
|
before(:each) { post :create, email: user.email, password: '', remember_me: 1 }
|
|
|
|
expect_flash_message(:danger, :'sessions.create.failure')
|
|
expect_template(:new)
|
|
end
|
|
end
|
|
|
|
describe 'POST #create_through_lti' do
|
|
let(:exercise) { FactoryGirl.create(:fibonacci) }
|
|
let(:nonce) { SecureRandom.hex }
|
|
|
|
context 'without OAuth parameters' do
|
|
it 'refuses the LTI launch' do
|
|
expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.missing_parameters')).and_call_original
|
|
post :create_through_lti
|
|
end
|
|
end
|
|
|
|
context 'without a valid consumer key' do
|
|
it 'refuses the LTI launch' do
|
|
expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.invalid_consumer')).and_call_original
|
|
post :create_through_lti, oauth_consumer_key: SecureRandom.hex, oauth_signature: SecureRandom.hex
|
|
end
|
|
end
|
|
|
|
context 'with an invalid OAuth signature' do
|
|
it 'refuses the LTI launch' do
|
|
expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.invalid_signature')).and_call_original
|
|
post :create_through_lti, oauth_consumer_key: consumer.oauth_key, oauth_signature: SecureRandom.hex
|
|
end
|
|
end
|
|
|
|
context 'without a unique OAuth nonce' do
|
|
it 'refuses the LTI launch' do
|
|
expect_any_instance_of(IMS::LTI::ToolProvider).to receive(:valid_request?).and_return(true)
|
|
expect(NonceStore).to receive(:has?).with(nonce).and_return(true)
|
|
expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.used_nonce')).and_call_original
|
|
post :create_through_lti, oauth_consumer_key: consumer.oauth_key, oauth_nonce: nonce, oauth_signature: SecureRandom.hex
|
|
end
|
|
end
|
|
|
|
context 'without a valid exercise token' do
|
|
it 'refuses the LTI launch' do
|
|
expect_any_instance_of(IMS::LTI::ToolProvider).to receive(:valid_request?).and_return(true)
|
|
expect(controller).to receive(:refuse_lti_launch).with(message: I18n.t('sessions.oauth.invalid_exercise_token')).and_call_original
|
|
post :create_through_lti, custom_token: '', oauth_consumer_key: consumer.oauth_key, oauth_nonce: nonce, oauth_signature: SecureRandom.hex
|
|
end
|
|
end
|
|
|
|
context 'with valid launch parameters' do
|
|
let(:request) { post :create_through_lti, custom_token: exercise.token, oauth_consumer_key: consumer.oauth_key, oauth_nonce: nonce, oauth_signature: SecureRandom.hex, user_id: user.external_id }
|
|
let(:user) { FactoryGirl.create(:external_user, consumer_id: consumer.id) }
|
|
before(:each) { expect_any_instance_of(IMS::LTI::ToolProvider).to receive(:valid_request?).and_return(true) }
|
|
|
|
it 'assigns the current user' do
|
|
request
|
|
expect(assigns(:current_user)).to be_an(ExternalUser)
|
|
expect(session[:external_user_id]).to eq(user.id)
|
|
end
|
|
|
|
it 'assigns the exercise' do
|
|
request
|
|
expect(assigns(:exercise)).to eq(exercise)
|
|
end
|
|
|
|
it 'stores LTI parameters in the session' do
|
|
expect(controller).to receive(:store_lti_session_data)
|
|
request
|
|
end
|
|
|
|
it 'stores the OAuth nonce' do
|
|
expect(controller).to receive(:store_nonce).with(nonce)
|
|
request
|
|
end
|
|
|
|
context 'when LTI outcomes are supported' do
|
|
before(:each) do
|
|
expect(controller).to receive(:lti_outcome_service?).and_return(true)
|
|
request
|
|
end
|
|
|
|
it 'displays a flash message' do
|
|
expect(flash[:notice]).to eq(I18n.t('sessions.create_through_lti.session_with_outcome', consumer: consumer))
|
|
end
|
|
end
|
|
|
|
context 'when LTI outcomes are not supported' do
|
|
before(:each) do
|
|
expect(controller).to receive(:lti_outcome_service?).and_return(false)
|
|
request
|
|
end
|
|
|
|
it 'displays a flash message' do
|
|
expect(flash[:notice]).to eq(I18n.t('sessions.create_through_lti.session_without_outcome', consumer: consumer))
|
|
end
|
|
end
|
|
|
|
it 'redirects to the requested exercise' do
|
|
request
|
|
expect(controller).to redirect_to(implement_exercise_path(exercise.id))
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'GET #destroy_through_lti' do
|
|
let(:request) { Proc.new { get :destroy_through_lti, consumer_id: consumer.id, submission_id: submission.id } }
|
|
let(:submission) { FactoryGirl.create(:submission) }
|
|
|
|
before(:each) do
|
|
session[:consumer_id] = consumer.id
|
|
session[:lti_parameters] = {}
|
|
end
|
|
|
|
before(:each) { request.call }
|
|
|
|
it 'clears the session' do
|
|
expect(controller).to receive(:clear_lti_session_data)
|
|
request.call
|
|
end
|
|
|
|
expect_status(200)
|
|
expect_template(:destroy_through_lti)
|
|
end
|
|
end
|