Home Explore Help
Sign In
SMusatov
/
zammad
mirror of https://github.com/zammad/zammad.git
1
0
Fork 0
Files
Tree: 9edee425a9
Branches Tags
zammad
/
spec
/
graphql
/
gql
/
mutations
/
user
/
current
/
access_token
/
delete_spec.rb

delete_spec.rb 2.4 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788 
  1. # Copyright (C) 2012-2024 Zammad Foundation, https://zammad-foundation.org/
    2. 

  2. 

  3. require 'rails_helper'
    4. 

  4. 

  5. RSpec.describe Gql::Mutations::User::Current::AccessToken::Delete, type: :graphql do
    6. 

  6.   let(:user)     { create(:agent) }
    7. 

  7.   let(:token)    { create(:token, user:) }
    8. 

  8.   let(:token_id) { gql.id(token) }
    9. 

  9. 

  10.   let(:mutation) do
    11. 

  11.     <<~GQL
    12. 

  12.       mutation userCurrentAccessTokenDelete($tokenId: ID!) {
    13. 

  13.         userCurrentAccessTokenDelete(tokenId: $tokenId) {
    14. 

  14.           success
    15. 

  15.           errors {
    16. 

  16.             message
    17. 

  17.             field
    18. 

  18.           }
    19. 

  19.         }
    20. 

  20.       }
    21. 

  21.     GQL
    22. 

  22.   end
    23. 

  23. 

  24.   let(:variables) { { tokenId: token_id } }
    25. 

  25. 

  26.   def execute_graphql_query
    27. 

  27.     gql.execute(mutation, variables: variables)
    28. 

  28.   end
    29. 

  29. 

  30.   context 'when user is not authenticated' do
    31. 

  31.     it 'returns an error' do
    32. 

  32.       expect(execute_graphql_query.error_message).to eq('Authentication required')
    33. 

  33.     end
    34. 

  34. 

  35.   end
    36. 

  36. 

  37.   context 'when user is authenticated', authenticated_as: :user do
    38. 

  38.     context 'when token is given' do
    39. 

  39.       it 'deletes token' do
    40. 

  40.         expect { execute_graphql_query }
    41. 

  41.           .to change { Token.exists? token.id }
    42. 

  42.           .to false
    43. 

  43.       end
    44. 

  44. 

  45.       it 'returns success' do
    46. 

  46.         execute_graphql_query
    47. 

  47. 

  48.         expect(gql.result.data).to include('success' => true)
    49. 

  49.       end
    50. 

  50.     end
    51. 

  51. 

  52.     context 'when nonexistant token is given' do
    53. 

  53.       let(:token_id) { Gql::ZammadSchema.id_from_internal_id(Token, 0) }
    54. 

  54. 

  55.       it 'returns an error' do
    56. 

  56.         expect(execute_graphql_query.error_message).to include("Couldn't find Token ")
    57. 

  57.       end
    58. 

  58.     end
    59. 

  59. 

  60.     context 'when given token is owned by another user' do
    61. 

  61.       let(:token) { create(:token) }
    62. 

  62. 

  63.       it 'returns an error' do
    64. 

  64.         expect(execute_graphql_query.error_message).to eq('not allowed to TokenPolicy#destroy? this Token')
    65. 

  65.       end
    66. 

  66. 

  67.       it 'does not delete token' do
    68. 

  68.         expect { execute_graphql_query }
    69. 

  69.           .not_to change { Token.exists? token.id }
    70. 

  70.           .from(true)
    71. 

  71.       end
    72. 

  72.     end
    73. 

  73. 

  74.     context 'when given token is not persistent by another user' do
    75. 

  75.       let(:token) { create(:token, persistent: false, user: user) }
    76. 

  76. 

  77.       it 'returns an error' do
    78. 

  78.         expect(execute_graphql_query.error_message).to eq('not allowed to TokenPolicy#destroy? this Token')
    79. 

  79.       end
    80. 

  80. 

  81.       it 'does not delete token' do
    82. 

  82.         expect { execute_graphql_query }
    83. 

  83.           .not_to change { Token.exists? token.id }
    84. 

  84.           .from(true)
    85. 

  85.       end
    86. 

  86.     end
    87. 

  87.   end
    88. 

  88. end
    89.