123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe Gql::Mutations::User::Current::Device::Delete, :aggregate_failures, type: :graphql do
- context 'when destroying user (session) device' do
- let(:mutation) do
- <<~MUTATION
- mutation userCurrentDeviceDelete($deviceId: ID!) {
- userCurrentDeviceDelete(deviceId: $deviceId) {
- success
- errors {
- message
- }
- }
- }
- MUTATION
- end
- let(:variables) { { deviceId: Gql::ZammadSchema.id_from_internal_id(UserDevice, device.id) } }
- def execute_graphql_query
- gql.execute(mutation, variables: variables)
- end
- context 'with authenticated user having one device and one related session', authenticated_as: :agent do
- let(:agent) { create(:agent) }
- let(:device) { create(:user_device, user_id: agent.id) }
- it 'destroys the device and the related session' do
- create(:session,
- data: {
- 'user_id' => agent.id,
- 'user_device_fingerprint' => device.fingerprint,
- 'persistent' => true
- })
- expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1)
- end
- end
- context 'with authenticated user having one device and multiple related session', authenticated_as: :agent do
- let(:agent) { create(:agent) }
- let(:device) { create(:user_device, user_id: agent.id) }
- it 'destroys the device and all the related session' do
- sessions = Faker::Number.within(range: 2..42) # rubocop:disable Zammad/FakerUnique
- create_list(:session, sessions,
- data: {
- 'user_id' => agent.id,
- 'user_device_fingerprint' => device.fingerprint,
- 'persistent' => true
- })
- expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1 * sessions)
- end
- end
- context 'with authenticated user having multiple devices and multiple related session', authenticated_as: :agent do
- let(:agent) { create(:agent) }
- let(:device) { create(:user_device, user_id: agent.id) }
- let(:agents) { create_list(:agent, Faker::Number.within(range: 2..42)) } # rubocop:disable Zammad/FakerUnique
- let(:devices) do
- agents.map do |agent|
- create(:user_device, user_id: agent.id)
- end
- end
- it 'destroys only the selected device and all the related session' do
- sessions = Faker::Number.within(range: 2..42) # rubocop:disable Zammad/FakerUnique
- create_list(:session, sessions,
- data: {
- 'user_id' => agent.id,
- 'user_device_fingerprint' => device.fingerprint,
- 'persistent' => true
- })
- devices.each do |device|
- create_list(:session, Faker::Number.within(range: 2..42), # rubocop:disable Zammad/FakerUnique
- data: {
- 'user_id' => device.user_id,
- 'user_device_fingerprint' => device.fingerprint,
- 'persistent' => true
- })
- end
- expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1 * sessions)
- end
- end
- context 'with multiple authenticated users having identical device (fingerprint) and multiple related session', authenticated_as: :agent do
- let(:agent) { create(:agent) }
- let(:device) { create(:user_device, user_id: agent.id) }
- let(:agents) { create_list(:agent, Faker::Number.within(range: 2..42)) } # rubocop:disable Zammad/FakerUnique
- let(:devices) do
- agents.map do |agent|
- create(:user_device, user_id: agent.id, fingerprint: device.fingerprint)
- end
- end
- it 'destroys only the selected device and all the related session' do
- sessions = Faker::Number.within(range: 2..42) # rubocop:disable Zammad/FakerUnique
- create_list(:session, sessions,
- data: {
- 'user_id' => agent.id,
- 'user_device_fingerprint' => device.fingerprint,
- 'persistent' => true
- })
- devices.each do |device|
- create_list(:session, Faker::Number.within(range: 2..42), # rubocop:disable Zammad/FakerUnique
- data: {
- 'user_id' => device.user_id,
- 'user_device_fingerprint' => device.fingerprint,
- 'persistent' => true
- })
- end
- expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1 * sessions)
- end
- end
- context 'when device is not owned from current user', authenticated_as: :agent do
- let(:agent) { create(:agent) }
- let(:agent_other) { create(:agent) }
- let(:device) { create(:user_device, user_id: agent_other.id) }
- before do
- execute_graphql_query
- end
- it 'returns an error' do
- expect(gql.result.error_type).to eq(Exceptions::Forbidden)
- end
- end
- end
- end
|