add_spec.rb 2.0 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe Gql::Mutations::User::Current::AccessToken::Add, type: :graphql do
  4. let(:user) { create(:agent) }
  5. let(:permission) { %w[ticket.agent] }
  6. let(:expires_at) { nil }
  7. let(:name) { Faker::Lorem.word }
  8. let(:mutation) do
  9. <<~GQL
  10. mutation userCurrentAccessTokenAdd($input: UserAccessTokenInput!) {
  11. userCurrentAccessTokenAdd(input: $input) {
  12. token {
  13. id
  14. }
  15. tokenValue
  16. errors {
  17. message
  18. field
  19. }
  20. }
  21. }
  22. GQL
  23. end
  24. let(:variables) { { input: { name:, permission:, expiresAt: expires_at&.iso8601 } } }
  25. def execute_graphql_query
  26. gql.execute(mutation, variables: variables)
  27. end
  28. context 'when user is not authenticated' do
  29. it 'returns an error' do
  30. expect(execute_graphql_query.error_message).to eq('Authentication required')
  31. end
  32. end
  33. context 'when user is authenticated', authenticated_as: :user do
  34. context 'when user has insufficient permissions' do
  35. let(:user) { create(:customer) }
  36. it 'returns an error' do
  37. expect(execute_graphql_query.error_message)
  38. .to include("Failed Gql::EntryPoints::Mutations's authorization check")
  39. end
  40. end
  41. context 'with valid parameters' do
  42. it 'returns token and token value' do
  43. execute_graphql_query
  44. new_token = Token.last
  45. expect(gql.result.data)
  46. .to include(
  47. 'token' => include('id' => gql.id(new_token)),
  48. 'tokenValue' => new_token.token,
  49. )
  50. end
  51. end
  52. context 'with expiration date' do
  53. let(:expires_at) { 1.day.from_now.to_date }
  54. it 'returns token with expiration date and token value' do
  55. execute_graphql_query
  56. expect(Token.last).to have_attributes(
  57. name: name,
  58. preferences: include(permission: permission),
  59. expires_at: expires_at
  60. )
  61. end
  62. end
  63. end
  64. end