123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384 |
- # Copyright (C) 2012-2025 Zammad Foundation, https://zammad-foundation.org/
- require 'rails_helper'
- # Session handling works only via controller, so use type: request.
- RSpec.describe Gql::Mutations::User::SignupVerify, :aggregate_failures, type: :request do
- context 'when verifying signed up user' do
- let(:user) do
- create(:role, name: 'user_preferences_device', default_at_signup: true, permission_names: ['user_preferences.device'])
- create(:user, verified: false)
- end
- let(:query) do
- <<~QUERY
- mutation userSignupVerify($token: String!) {
- userSignupVerify(token: $token) {
- session {
- id
- afterAuth {
- type
- data
- }
- }
- errors {
- message
- }
- }
- }
- QUERY
- end
- let(:variables) { { token: token } }
- let(:headers) do
- {
- 'X-Browser-Fingerprint' => 'some-fingerprint',
- }
- end
- let(:graphql_response) do
- execute_graphql_query
- json_response
- end
- def execute_graphql_query
- post '/graphql', params: { query: query, variables: variables }, headers: headers, as: :json
- end
- shared_examples 'returning an error' do |message|
- it 'returns an error' do
- expect(graphql_response['data']['userSignupVerify']).to include({ 'errors' => include({ 'message' => message }) }).and include({ 'session' => nil })
- end
- end
- shared_examples 'returning a session' do
- it 'returns the session' do
- expect(graphql_response['data']['userSignupVerify']).to include({ 'session' => include({ 'id' => a_kind_of(String) }) }).and include({ 'errors' => nil })
- end
- end
- context 'with disabled user signup' do
- before do
- Setting.set('user_create_account', false)
- end
- let(:token) { SecureRandom.urlsafe_base64(48) }
- it 'raises an gql error' do
- expect(graphql_response['errors'].first['message']).to eq('This feature is not enabled.')
- end
- end
- context 'with a valid token' do
- let(:token) { User.signup_new_token(user)[:token].token } # NB: Don't ask!
- it_behaves_like 'returning a session'
- end
- context 'with an invalid token' do
- let(:token) { SecureRandom.urlsafe_base64(48) }
- it_behaves_like 'returning an error', 'The provided token is invalid.'
- end
- end
- end
|