From 94fd9a080a22ab8446ae06e3737cc548b52228cf Mon Sep 17 00:00:00 2001
From: James Mead <james.mead@digital.cabinet-office.gov.uk>
Date: Tue, 24 Oct 2023 17:38:21 +0100
Subject: [PATCH] Add tests for SSO Push jobs for retired apps

This covers the scenario where an app is retired *after* the job is
enqueued but *before* it is executed.

The behaviour being tested was actually introduced when we added the
`not_retired` scope to the default scope for `Doorkeeper::Application`
in this commit [1] in #2446. This is because both jobs call
`Doorkeeper::Application.find_by` in their `#perform` methods which will
include the default scope and so if the app is retired will return `nil`
and be caught by the guard condition.

[1]: 9a9cd02d8574529b19f572a8352f031c3f07455e
---
 test/jobs/permission_updater_test.rb |  8 ++++++++
 test/jobs/reauth_enforcer_test.rb    | 10 ++++++++++
 2 files changed, 18 insertions(+)

diff --git a/test/jobs/permission_updater_test.rb b/test/jobs/permission_updater_test.rb
index 8b4c34247..4d5be3bea 100644
--- a/test/jobs/permission_updater_test.rb
+++ b/test/jobs/permission_updater_test.rb
@@ -61,6 +61,14 @@ def users_url(application)
         PermissionUpdater.new.perform(@user.uid, @application.id + 42)
       end
 
+      should "do nothing if the application is retired" do
+        @application = create(:application, retired: true)
+
+        SSOPushClient.expects(:new).never
+
+        PermissionUpdater.new.perform(@user.uid, @application.id)
+      end
+
       should "do nothing if the application doesn't support push updates" do
         @application = create(:application, supports_push_updates: false)
 
diff --git a/test/jobs/reauth_enforcer_test.rb b/test/jobs/reauth_enforcer_test.rb
index ee6bdf6ed..c36ee326d 100644
--- a/test/jobs/reauth_enforcer_test.rb
+++ b/test/jobs/reauth_enforcer_test.rb
@@ -28,5 +28,15 @@ class ReauthEnforcerTest < ActiveSupport::TestCase
 
       ReauthEnforcer.new.perform("a-uid", app.id)
     end
+
+    should "do nothing if the application is retired" do
+      app = create(:application, retired: true)
+
+      mock_client = mock("sso_push_client")
+      SSOPushClient.stubs(:new).returns(mock_client)
+      mock_client.expects(:reauth_user).never
+
+      ReauthEnforcer.new.perform("a-uid", app.id)
+    end
   end
 end