graphql_devise/spec/requests/mutations/login_spec.rb at ec97af15ca3eacc9a1723aeb8031276f2d3df535 · graphql-devise/graphql_devise · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
require 'rails_helper'

RSpec.describe 'Login Requests' do
  include_context 'with graphql query request'

  let(:password) { '12345678' }

  context 'when using the user model' do
    let(:user) { create(:user, :confirmed, password: password) }
    let(:query) do
      <<-GRAPHQL
        mutation {
          userLogin(
            email: "#{user.email}",
            password: "#{password}"
          ) {
            user { email name signInCount }
          }
        }
      GRAPHQL
    end

    before { post_request }

    context 'when user is able to login' do
      context 'when credentials are valid' do
        it 'return credentials in headers and user information' do
          expect(response).to include_auth_headers
          expect(user.reload.tokens.keys).to include(response.headers['client'])
          expect(json_response[:data][:userLogin]).to match(
            user: { email: user.email, name: user.name, signInCount: 1 }
          )
          expect(json_response[:errors]).to be_nil
        end
      end

      context 'when credentials are invalid' do
        let(:user) { create(:user, :confirmed, password: 'not guessing it ;)') }

        it 'returns bad credentials error' do
          expect(response).not_to include_auth_headers
          expect(json_response[:data][:userLogin]).to be_nil
          expect(json_response[:errors]).to contain_exactly(
            hash_including(message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' })
          )
        end
      end
    end

    context 'when user is not confirmed' do
      let(:user) { create(:user, password: password) }

      it 'returns a must confirm account message' do
        expect(response).not_to include_auth_headers
        expect(json_response[:data][:userLogin]).to be_nil
        expect(json_response[:errors]).to contain_exactly(
          hash_including(
            message:    "A confirmation email was sent to your account at '#{user.email}'. You must follow the " \
                        "instructions in the email before your account can be activated",
            extensions: { code: 'USER_ERROR' }
          )
        )
      end
    end

    context 'when user is locked' do
      let(:user) { create(:user, :confirmed, :locked, password: password) }

      it 'returns a must confirm account message' do
        expect(response).not_to include_auth_headers
        expect(json_response[:data][:userLogin]).to be_nil
        expect(json_response[:errors]).to contain_exactly(
          hash_including(
            message:    'Your account has been locked due to an excessive number of unsuccessful sign in attempts.',
            extensions: { code: 'USER_ERROR' }
          )
        )
      end
    end

    context 'when invalid for authentication' do
      let(:user) { create(:user, :confirmed, :auth_unavailable, password: password) }

      it 'returns a must confirm account message' do
        expect(response).not_to include_auth_headers
        expect(json_response[:data][:userLogin]).to be_nil
        expect(json_response[:errors]).to contain_exactly(
          hash_including(message: 'Invalid login credentials. Please try again.', extensions: { code: 'USER_ERROR' })
        )
      end
    end
  end

  context 'when using the admin model' do
    let(:admin) { create(:admin, :confirmed, password: password) }
    let(:query) do
      <<-GRAPHQL
        mutation {
          adminLogin(
            email: "#{admin.email}",
            password: "#{password}"
          ) {
            authenticable { email customField }
          }
        }
      GRAPHQL
    end

    before { post_request('/api/v1/admin/graphql_auth') }

    it 'works alongside the user mount point' do
      expect(json_response[:data][:adminLogin]).to include(
        authenticable: { email: admin.email, customField: "email: #{admin.email}" }
      )
    end
  end

  context 'when using the guest model' do
    let(:guest) { create(:guest, :confirmed, password: password) }
    let(:query) do
      <<-GRAPHQL
        mutation {
          guestLogin(
            email: "#{guest.email}",
            password: "#{password}"
          ) {
            authenticable { email }
          }
        }
      GRAPHQL
    end

    before { post_request }

    it 'works alongside the user mount point' do
      expect(json_response[:data][:guestLogin]).to include(
        authenticable: { email: guest.email }
      )
    end
  end
end