update_spec.rb 3.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. RSpec.describe Gql::Mutations::User::PasswordReset::Update, type: :graphql do
  4. context 'when updating a password for a user' do
  5. let(:user) { create(:user) }
  6. let(:token) { User.password_reset_new_token(user.login)[:token].token }
  7. let(:password) { 'q48X9cV2IR' }
  8. let(:query) do
  9. <<~QUERY
  10. mutation userPasswordResetUpdate($token: String!, $password: String!) {
  11. userPasswordResetUpdate(token: $token, password: $password) {
  12. success
  13. errors {
  14. message
  15. field
  16. }
  17. }
  18. }
  19. QUERY
  20. end
  21. let(:variables) do
  22. {
  23. token: token,
  24. password: password,
  25. }
  26. end
  27. def execute_graphql_query
  28. gql.execute(query, variables: variables)
  29. end
  30. shared_examples 'not updating user password' do
  31. it 'does not update user password' do
  32. expect { execute_graphql_query }.to not_change { user.reload.password }
  33. end
  34. end
  35. shared_examples 'raising an error' do |message:|
  36. it 'raises an error' do
  37. execute_graphql_query
  38. expect(gql.result.error_message).to eq(message)
  39. end
  40. it_behaves_like 'not updating user password'
  41. end
  42. shared_examples 'updating user password' do
  43. it 'returns success' do
  44. execute_graphql_query
  45. expect(gql.result.data).to eq({ 'success' => true, 'errors' => nil })
  46. end
  47. it 'updates user password' do
  48. expect { execute_graphql_query }.to change { user.reload.password }
  49. end
  50. it 'sends an email notification to the user' do
  51. message = nil
  52. allow(NotificationFactory::Mailer).to receive(:deliver) do |params|
  53. message = params[:body]
  54. end
  55. execute_graphql_query
  56. expect(message).to include('This activity is not known to you? If not, contact your system administrator.')
  57. end
  58. end
  59. shared_examples 'returning an error' do |message:, field: nil|
  60. it 'returns an error', :aggregate_failures do
  61. execute_graphql_query
  62. errors = gql.result.data[:errors].first
  63. expect(errors.keys).to include('message', 'field')
  64. expect(errors['message']).to include(message)
  65. expect(errors['field']).to eq(field)
  66. end
  67. it_behaves_like 'not updating user password'
  68. end
  69. context 'with disabled lost password feature' do
  70. before do
  71. Setting.set('user_lost_password', false)
  72. end
  73. it_behaves_like 'raising an error', message: 'This feature is not enabled.'
  74. end
  75. context 'with valid token and password' do
  76. it_behaves_like 'updating user password'
  77. end
  78. context 'with an invalid token' do
  79. let(:token) { SecureRandom.urlsafe_base64(48) }
  80. it_behaves_like 'returning an error', message: 'The provided token is invalid.'
  81. end
  82. context 'with an invalid password' do
  83. let(:password) { 'foobar9' }
  84. it_behaves_like 'returning an error', message: 'Invalid password', field: 'password'
  85. end
  86. end
  87. end