123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- RSpec.describe 'User Access token', authenticated_as: :user, type: :request do
- let(:user) { create(:agent) }
- let(:token) { create(:token, user: user) }
- let(:another_token) { create(:token) }
- before do
- token && another_token
- end
- describe 'GET /user_access_token' do
- it 'returns user tokens and permissions' do
- get '/api/v1/user_access_token'
- expect(json_response)
- .to include(
- 'tokens' => contain_exactly(include('id' => token.id)),
- 'permissions' => include(
- include('name' => 'ticket.agent'),
- include('name' => 'user_preferences'),
- )
- )
- end
- it 'uses tokens list service', aggregate_failures: true do
- allow(Service::User::AccessToken::List)
- .to receive(:new)
- .and_call_original
- expect_any_instance_of(Service::User::AccessToken::List)
- .to receive(:execute)
- .and_call_original
- get '/api/v1/user_access_token'
- expect(Service::User::AccessToken::List)
- .to have_received(:new)
- end
- end
- describe 'POST /user_access_token' do
- before { Setting.set('api_token_access', enabled) }
- context 'when token access is enabled' do
- let(:enabled) { true }
- it 'checks if name is present' do
- post '/api/v1/user_access_token', params: { name: '', permission: %w[ticket.agent] }, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- end
- it 'returns token value' do
- post '/api/v1/user_access_token', params: { name: 'test', permission: %w[ticket.agent] }, as: :json
- expect(json_response).to eq('token' => Token.last.token)
- end
- it 'users token create service', aggregate_failures: true do
- allow(Service::User::AccessToken::Create)
- .to receive(:new)
- .and_call_original
- expect_any_instance_of(Service::User::AccessToken::Create)
- .to receive(:execute)
- .and_call_original
- post '/api/v1/user_access_token', params: { name: 'test', permission: %w[ticket.agent] }, as: :json
- expect(Service::User::AccessToken::Create)
- .to have_received(:new)
- end
- end
- context 'when token access is disabled' do
- let(:enabled) { false }
- it 'throws error' do
- post '/api/v1/user_access_token', params: {}, as: :json
- expect(response).to have_http_status(:unprocessable_entity)
- end
- end
- end
- describe 'DELETE /user_access_token' do
- it 'deletes token' do
- expect { delete "/api/v1/user_access_token/#{token.id}", as: :json }
- .to change { Token.exists? token.id }
- .to false
- end
- it 'raises error if token is owned by another user' do
- expect { delete "/api/v1/user_access_token/#{another_token.id}", as: :json }
- .not_to change { Token.exists? token.id }
- .from true
- end
- end
- end
|