delete_spec.rb 2.4 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe Gql::Mutations::User::Current::AccessToken::Delete, type: :graphql do
  4. let(:user) { create(:agent) }
  5. let(:token) { create(:token, user:) }
  6. let(:token_id) { gql.id(token) }
  7. let(:mutation) do
  8. <<~GQL
  9. mutation userCurrentAccessTokenDelete($tokenId: ID!) {
  10. userCurrentAccessTokenDelete(tokenId: $tokenId) {
  11. success
  12. errors {
  13. message
  14. field
  15. }
  16. }
  17. }
  18. GQL
  19. end
  20. let(:variables) { { tokenId: token_id } }
  21. def execute_graphql_query
  22. gql.execute(mutation, variables: variables)
  23. end
  24. context 'when user is not authenticated' do
  25. it 'returns an error' do
  26. expect(execute_graphql_query.error_message).to eq('Authentication required')
  27. end
  28. end
  29. context 'when user is authenticated', authenticated_as: :user do
  30. context 'when token is given' do
  31. it 'deletes token' do
  32. expect { execute_graphql_query }
  33. .to change { Token.exists? token.id }
  34. .to false
  35. end
  36. it 'returns success' do
  37. execute_graphql_query
  38. expect(gql.result.data).to include('success' => true)
  39. end
  40. end
  41. context 'when nonexistant token is given' do
  42. let(:token_id) { Gql::ZammadSchema.id_from_internal_id(Token, 0) }
  43. it 'returns an error' do
  44. expect(execute_graphql_query.error_message).to include("Couldn't find Token ")
  45. end
  46. end
  47. context 'when given token is owned by another user' do
  48. let(:token) { create(:token) }
  49. it 'returns an error' do
  50. expect(execute_graphql_query.error_message).to eq('not allowed to TokenPolicy#destroy? this Token')
  51. end
  52. it 'does not delete token' do
  53. expect { execute_graphql_query }
  54. .not_to change { Token.exists? token.id }
  55. .from(true)
  56. end
  57. end
  58. context 'when given token is not persistent by another user' do
  59. let(:token) { create(:token, persistent: false, user: user) }
  60. it 'returns an error' do
  61. expect(execute_graphql_query.error_message).to eq('not allowed to TokenPolicy#destroy? this Token')
  62. end
  63. it 'does not delete token' do
  64. expect { execute_graphql_query }
  65. .not_to change { Token.exists? token.id }
  66. .from(true)
  67. end
  68. end
  69. end
  70. end