Make scope a requirement when authorizing a client
Change-Id: Id0ea27d90afdca08f76021bf17f1fda125147268
diff --git a/t/plugin/auth-oauth.t b/t/plugin/auth-oauth.t
index b07645e..ba1f95d 100644
--- a/t/plugin/auth-oauth.t
+++ b/t/plugin/auth-oauth.t
@@ -769,7 +769,16 @@
;
$t->get_ok('/settings/oauth/')
- ->text_is('div.notify-error', 'Some fields are invalid')
+ ->text_is('div.notify-error', 'Client ID required')
+ ;
+
+$t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=xyz'))
+ ->status_is(302)
+ ->header_is('location','/settings/oauth')
+ ;
+
+$t->get_ok('/settings/oauth/')
+ ->text_is('div.notify-error', 'Scope required')
;
# OAuth client authorization flow
@@ -779,6 +788,16 @@
;
$t->get_ok('/settings/oauth/')
+ ->text_is('div.notify-error', 'Scope required')
+ ;
+
+# OAuth client authorization flow
+$t->get_ok(Mojo::URL->new('/settings/oauth/authorize?client_id=abc&scope=match'))
+ ->status_is(302)
+ ->header_is('location','/settings/oauth')
+ ;
+
+$t->get_ok('/settings/oauth/')
->text_is('div.notify-error', 'Unknown client with abc.')
;