@@ -124,7 +124,7 @@ my $code =
124124 my $uri = URI-> new(' /grant'
125125 $uri -> query_form(
126126 { response_type => ' code'
127- client_id => 1 ,
127+ client_id => $code -> client_id ,
128128 state => ' bar'
129129 redirect_uri => ' /client/foo'
130130 code => $code -> as_string,
@@ -157,13 +157,52 @@ my $code =
157157 is( $res -> status, 302 );
158158}
159159
160+ # try a grant with an incorrect client id
161+ # should redirect with access_denied
162+ {
163+ my $uri = URI-> new(' /grant'
164+ $uri -> query_form(
165+ { response_type => ' code'
166+ client_id => 9999999,
167+ state => ' bar'
168+ redirect_uri => ' /client/foo'
169+ code => $code -> as_string,
170+ approved => 0
171+ }
172+ );
173+ $code -> discard_changes;
174+ ok(!$code -> is_active);
175+ my $c = $mock -> ( GET $uri );
176+ $c -> dispatch;
177+ is_deeply( $c -> error, [], ' dispatches to request action cleanly'
178+ is( $c -> res-> body, undef , q{ doesn't produce warning}
179+ ok( $c -> req-> can(' oauth2'
180+ " installs oauth2 accessors if request is valid"
181+ ok( Moose::Util::does_role( $c -> req, ' CatalystX::OAuth2::Request'
182+ my $res = $c -> res;
183+ isa_ok( my $oauth2 = $c -> req-> oauth2,
184+ ' CatalystX::OAuth2::Request::GrantAuth'
185+ my $redirect = $c -> req-> oauth2-> next_action_uri( $c -> controller, $c );
186+ is_deeply(
187+ { $redirect -> query_form },
188+ { error => ' unauthorized_client'
189+ error_description =>
190+ ' the client identified by 9999999 is not authorized to access this resource'
191+ },
192+ " deny access to incorrect clients"
193+ );
194+ is( $res -> location, $redirect );
195+ is( $res -> status, 302 );
196+ }
197+
198+
160199# try a grant with a valid code and approval
161200# should activate code and redirect
162201{
163202 my $uri = URI-> new(' /grant'
164203 $uri -> query_form(
165204 { response_type => ' code'
166- client_id => 1 ,
205+ client_id => $code -> client_id ,
167206 state => ' bar'
168207 redirect_uri => ' /client/foo'
169208 code => $code -> as_string,
0 commit comments