mirror of
https://github.com/zammad/zammad
synced 2026-05-24 09:48:36 +00:00
92 lines
2.7 KiB
Ruby
92 lines
2.7 KiB
Ruby
# Copyright (C) 2012-2026 Zammad Foundation, https://zammad-foundation.org/
|
|
|
|
require 'rails_helper'
|
|
|
|
RSpec.describe 'User Access token', authenticated_as: :user, type: :request do
|
|
let(:user) { create(:agent) }
|
|
let(:token) { create(:token, user: user) }
|
|
let(:another_token) { create(:token) }
|
|
|
|
before do
|
|
token && another_token
|
|
end
|
|
|
|
describe 'GET /user_access_token' do
|
|
it 'returns user tokens and permissions' do
|
|
get '/api/v1/user_access_token'
|
|
|
|
expect(json_response)
|
|
.to include(
|
|
'tokens' => contain_exactly(include('id' => token.id)),
|
|
'permissions' => include(
|
|
include('name' => 'ticket.agent'),
|
|
include('name' => 'user_preferences'),
|
|
)
|
|
)
|
|
end
|
|
|
|
it 'uses tokens list service', aggregate_failures: true do
|
|
allow(Service::User::AccessToken::List)
|
|
.to receive(:execute)
|
|
.and_call_original
|
|
|
|
get '/api/v1/user_access_token'
|
|
|
|
expect(Service::User::AccessToken::List)
|
|
.to have_received(:execute)
|
|
end
|
|
end
|
|
|
|
describe 'POST /user_access_token' do
|
|
before { Setting.set('api_token_access', enabled) }
|
|
|
|
context 'when token access is enabled' do
|
|
let(:enabled) { true }
|
|
|
|
it 'checks if name is present' do
|
|
post '/api/v1/user_access_token', params: { name: '', permission: %w[ticket.agent] }, as: :json
|
|
expect(response).to have_http_status(:unprocessable_content)
|
|
end
|
|
|
|
it 'returns token value' do
|
|
post '/api/v1/user_access_token', params: { name: 'test', permission: %w[ticket.agent] }, as: :json
|
|
|
|
expect(json_response).to eq('token' => Token.last.token)
|
|
end
|
|
|
|
it 'users token create service', aggregate_failures: true do
|
|
allow(Service::User::AccessToken::Create)
|
|
.to receive(:execute)
|
|
.and_call_original
|
|
|
|
post '/api/v1/user_access_token', params: { name: 'test', permission: %w[ticket.agent] }, as: :json
|
|
|
|
expect(Service::User::AccessToken::Create)
|
|
.to have_received(:execute)
|
|
end
|
|
end
|
|
|
|
context 'when token access is disabled' do
|
|
let(:enabled) { false }
|
|
|
|
it 'throws error' do
|
|
post '/api/v1/user_access_token', params: {}, as: :json
|
|
expect(response).to have_http_status(:unprocessable_content)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'DELETE /user_access_token' do
|
|
it 'deletes token' do
|
|
expect { delete "/api/v1/user_access_token/#{token.id}", as: :json }
|
|
.to change { Token.exists? token.id }
|
|
.to false
|
|
end
|
|
|
|
it 'raises error if token is owned by another user' do
|
|
expect { delete "/api/v1/user_access_token/#{another_token.id}", as: :json }
|
|
.not_to change { Token.exists? token.id }
|
|
.from true
|
|
end
|
|
end
|
|
end
|