signup_verify_spec.rb 2.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384
  1. # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
  2. require 'rails_helper'
  3. # Session handling works only via controller, so use type: request.
  4. RSpec.describe Gql::Mutations::User::SignupVerify, :aggregate_failures, type: :request do
  5. context 'when verifying signed up user' do
  6. let(:user) do
  7. create(:role, name: 'user_preferences_device', default_at_signup: true, permission_names: ['user_preferences.device'])
  8. create(:user, verified: false)
  9. end
  10. let(:query) do
  11. <<~QUERY
  12. mutation userSignupVerify($token: String!) {
  13. userSignupVerify(token: $token) {
  14. session {
  15. id
  16. afterAuth {
  17. type
  18. data
  19. }
  20. }
  21. errors {
  22. message
  23. }
  24. }
  25. }
  26. QUERY
  27. end
  28. let(:variables) { { token: token } }
  29. let(:headers) do
  30. {
  31. 'X-Browser-Fingerprint' => 'some-fingerprint',
  32. }
  33. end
  34. let(:graphql_response) do
  35. execute_graphql_query
  36. json_response
  37. end
  38. def execute_graphql_query
  39. post '/graphql', params: { query: query, variables: variables }, headers: headers, as: :json
  40. end
  41. shared_examples 'returning an error' do |message|
  42. it 'returns an error' do
  43. expect(graphql_response['data']['userSignupVerify']).to include({ 'errors' => include({ 'message' => message }) }).and include({ 'session' => nil })
  44. end
  45. end
  46. shared_examples 'returning a session' do
  47. it 'returns the session' do
  48. expect(graphql_response['data']['userSignupVerify']).to include({ 'session' => include({ 'id' => a_kind_of(String) }) }).and include({ 'errors' => nil })
  49. end
  50. end
  51. context 'with disabled user signup' do
  52. before do
  53. Setting.set('user_create_account', false)
  54. end
  55. let(:token) { SecureRandom.urlsafe_base64(48) }
  56. it 'raises an gql error' do
  57. expect(graphql_response['errors'].first['message']).to eq('This feature is not enabled.')
  58. end
  59. end
  60. context 'with a valid token' do
  61. let(:token) { User.signup_new_token(user)[:token].token } # NB: Don't ask!
  62. it_behaves_like 'returning a session'
  63. end
  64. context 'with an invalid token' do
  65. let(:token) { SecureRandom.urlsafe_base64(48) }
  66. it_behaves_like 'returning an error', 'The provided token is invalid.'
  67. end
  68. end
  69. end