logout_spec.rb 1.6 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. # Login and logout work only via controller, so use type: request.
  4. RSpec.describe Gql::Mutations::Logout, type: :request do
  5. context 'when logging out' do
  6. let(:agent) { create(:agent) }
  7. let(:query) do
  8. <<~QUERY
  9. mutation logout {
  10. logout {
  11. success
  12. externalLogoutUrl
  13. }
  14. }
  15. QUERY
  16. end
  17. let(:graphql_response) do
  18. post '/graphql', params: { query: query }, as: :json
  19. json_response
  20. end
  21. context 'with authenticated session', authenticated_as: :agent do
  22. it 'logs out' do
  23. expect(graphql_response['data']['logout']).to eq('success' => true, 'externalLogoutUrl' => nil)
  24. end
  25. end
  26. context 'with authenticated session, but in maintenance_mode', authenticated_as: :agent do
  27. before do
  28. Setting.set('maintenance_mode', true)
  29. end
  30. it 'logs out' do
  31. expect(graphql_response['data']['logout']).to eq('success' => true, 'externalLogoutUrl' => nil)
  32. end
  33. end
  34. context 'without authenticated session', authenticated_as: false do
  35. it 'logs out' do
  36. expect(graphql_response['data']['logout']).to eq('success' => true, 'externalLogoutUrl' => nil)
  37. end
  38. end
  39. context 'without authenticated session and missing CSRF token', allow_forgery_protection: true do
  40. it 'logs out, does not fail not with CSRF validation failed' do
  41. expect(graphql_response['data']['logout']).to eq('success' => true, 'externalLogoutUrl' => nil)
  42. end
  43. end
  44. end
  45. end