delete_spec.rb 5.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe Gql::Mutations::User::Current::Device::Delete, :aggregate_failures, type: :graphql do
  4. context 'when destroying user (session) device' do
  5. let(:mutation) do
  6. <<~MUTATION
  7. mutation userCurrentDeviceDelete($deviceId: ID!) {
  8. userCurrentDeviceDelete(deviceId: $deviceId) {
  9. success
  10. errors {
  11. message
  12. }
  13. }
  14. }
  15. MUTATION
  16. end
  17. let(:variables) { { deviceId: Gql::ZammadSchema.id_from_internal_id(UserDevice, device.id) } }
  18. def execute_graphql_query
  19. gql.execute(mutation, variables: variables)
  20. end
  21. context 'with authenticated user having one device and one related session', authenticated_as: :agent do
  22. let(:agent) { create(:agent) }
  23. let(:device) { create(:user_device, user_id: agent.id) }
  24. it 'destroys the device and the related session' do
  25. create(:session,
  26. data: {
  27. 'user_id' => agent.id,
  28. 'user_device_fingerprint' => device.fingerprint,
  29. 'persistent' => true
  30. })
  31. expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1)
  32. end
  33. end
  34. context 'with authenticated user having one device and multiple related session', authenticated_as: :agent do
  35. let(:agent) { create(:agent) }
  36. let(:device) { create(:user_device, user_id: agent.id) }
  37. it 'destroys the device and all the related session' do
  38. sessions = Faker::Number.within(range: 2..42) # rubocop:disable Zammad/FakerUnique
  39. create_list(:session, sessions,
  40. data: {
  41. 'user_id' => agent.id,
  42. 'user_device_fingerprint' => device.fingerprint,
  43. 'persistent' => true
  44. })
  45. expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1 * sessions)
  46. end
  47. end
  48. context 'with authenticated user having multiple devices and multiple related session', authenticated_as: :agent do
  49. let(:agent) { create(:agent) }
  50. let(:device) { create(:user_device, user_id: agent.id) }
  51. let(:agents) { create_list(:agent, Faker::Number.within(range: 2..42)) } # rubocop:disable Zammad/FakerUnique
  52. let(:devices) do
  53. agents.map do |agent|
  54. create(:user_device, user_id: agent.id)
  55. end
  56. end
  57. it 'destroys only the selected device and all the related session' do
  58. sessions = Faker::Number.within(range: 2..42) # rubocop:disable Zammad/FakerUnique
  59. create_list(:session, sessions,
  60. data: {
  61. 'user_id' => agent.id,
  62. 'user_device_fingerprint' => device.fingerprint,
  63. 'persistent' => true
  64. })
  65. devices.each do |device|
  66. create_list(:session, Faker::Number.within(range: 2..42), # rubocop:disable Zammad/FakerUnique
  67. data: {
  68. 'user_id' => device.user_id,
  69. 'user_device_fingerprint' => device.fingerprint,
  70. 'persistent' => true
  71. })
  72. end
  73. expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1 * sessions)
  74. end
  75. end
  76. context 'with multiple authenticated users having identical device (fingerprint) and multiple related session', authenticated_as: :agent do
  77. let(:agent) { create(:agent) }
  78. let(:device) { create(:user_device, user_id: agent.id) }
  79. let(:agents) { create_list(:agent, Faker::Number.within(range: 2..42)) } # rubocop:disable Zammad/FakerUnique
  80. let(:devices) do
  81. agents.map do |agent|
  82. create(:user_device, user_id: agent.id, fingerprint: device.fingerprint)
  83. end
  84. end
  85. it 'destroys only the selected device and all the related session' do
  86. sessions = Faker::Number.within(range: 2..42) # rubocop:disable Zammad/FakerUnique
  87. create_list(:session, sessions,
  88. data: {
  89. 'user_id' => agent.id,
  90. 'user_device_fingerprint' => device.fingerprint,
  91. 'persistent' => true
  92. })
  93. devices.each do |device|
  94. create_list(:session, Faker::Number.within(range: 2..42), # rubocop:disable Zammad/FakerUnique
  95. data: {
  96. 'user_id' => device.user_id,
  97. 'user_device_fingerprint' => device.fingerprint,
  98. 'persistent' => true
  99. })
  100. end
  101. expect { execute_graphql_query }.to change(UserDevice, :count).by(-1).and change(Session, :count).by(-1 * sessions)
  102. end
  103. end
  104. context 'when device is not owned from current user', authenticated_as: :agent do
  105. let(:agent) { create(:agent) }
  106. let(:agent_other) { create(:agent) }
  107. let(:device) { create(:user_device, user_id: agent_other.id) }
  108. before do
  109. execute_graphql_query
  110. end
  111. it 'returns an error' do
  112. expect(gql.result.error_type).to eq(Exceptions::Forbidden)
  113. end
  114. end
  115. end
  116. end