graphql_devise/spec/requests/mutations/login_spec.rb at 16984dcdc7dff305778df4c139a8a2b951e485b9 · graphql-devise/graphql_devise · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
require 'rails_helper'

RSpec.describe 'Login Requests' do
  include_context 'with graphql query request'

  let(:password) { '12345678' }
  let(:user)     { create(:user, :confirmed, password: password) }
  let(:query) do
    <<-GRAPHQL
      mutation {
        userLogin(
          email: "#{user.email}",
          password: "#{password}"
        ) {
          user { email name signInCount }
        }
      }
    GRAPHQL
  end

  before { post '/api/v1/graphql_auth', *graphql_params }

  context 'when user is able to login' do
    context 'when credentials are valid' do
      it 'return credentials in headers and user information' do
        expect(response).to include_auth_headers
        expect(user.reload.tokens.keys).to include(response.headers['client'])
        expect(json_response[:data][:userLogin]).to match(
          user: { email: user.email, name: user.name, signInCount: 1 }
        )
        expect(json_response[:errors]).to be_nil
      end
    end

    context 'when credentials are invalid' do
      let(:user) { create(:user, :confirmed, password: 'not guessing it ;)') }

      it 'returns bad credentials error' do
        expect(response).not_to include_auth_headers
        expect(json_response[:data][:userLogin]).to be_nil
        expect(json_response[:errors]).to contain_exactly(
          hash_including(message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' })
        )
      end
    end
  end

  context 'when user is not confirmed' do
    let(:user) { create(:user, password: password) }

    it 'returns a must confirm account message' do
      expect(response).not_to include_auth_headers
      expect(json_response[:data][:userLogin]).to be_nil
      expect(json_response[:errors]).to contain_exactly(
        hash_including(
          message:    "A confirmation email was sent to your account at '#{user.email}'. You must follow the " \
                      "instructions in the email before your account can be activated",
          extensions: { code: 'USER_ERROR' }
        )
      )
    end
  end

  context 'when user is locked' do
    let(:user) { create(:user, :confirmed, :locked, password: password) }

    it 'returns a must confirm account message' do
      expect(response).not_to include_auth_headers
      expect(json_response[:data][:userLogin]).to be_nil
      expect(json_response[:errors]).to contain_exactly(
        hash_including(
          message:    'Your account has been locked due to an excessive number of unsuccessful sign in attempts.',
          extensions: { code: 'USER_ERROR' }
        )
      )
    end
  end

  context 'when invalid for authentication' do
    let(:user) { create(:user, :confirmed, :auth_unavailable, password: password) }

    it 'returns a must confirm account message' do
      expect(response).not_to include_auth_headers
      expect(json_response[:data][:userLogin]).to be_nil
      expect(json_response[:errors]).to contain_exactly(
        hash_including(message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' })
      )
    end
  end
end