logout_spec.rb 1.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142
  1. # Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
  2. require 'rails_helper'
  3. # Login and logout work only via controller, so use type: request.
  4. RSpec.describe Gql::Mutations::Logout, type: :request do
  5. context 'when logging out' do
  6. let(:agent) { create(:agent) }
  7. let(:query) { File.read(Rails.root.join('app/frontend/common/graphql/mutations/logout.graphql')) }
  8. let(:graphql_response) do
  9. post '/graphql', params: { query: query }, as: :json
  10. json_response
  11. end
  12. context 'with authenticated session', authenticated_as: :agent do
  13. it 'logs out' do
  14. expect(graphql_response['data']['logout']).to eq('success' => true)
  15. end
  16. end
  17. context 'without authenticated session' do
  18. it 'fails with error message' do
  19. expect(graphql_response['errors'][0]).to include('message' => 'Authentication required')
  20. end
  21. it 'fails with error type' do
  22. expect(graphql_response['errors'][0]['extensions']).to include({ 'type' => 'Exceptions::NotAuthorized' })
  23. end
  24. end
  25. context 'without authenticated session and missing CSRF token', allow_forgery_protection: true do
  26. it 'fails with error message, not with CSRF validation failed' do
  27. expect(graphql_response['errors'][0]['message']).to eq('Authentication required')
  28. end
  29. it 'fails with error type, not with CSRF validation failed' do
  30. expect(graphql_response['errors'][0]['extensions']).to include({ 'type' => 'Exceptions::NotAuthorized' })
  31. end
  32. end
  33. end
  34. end