houdini/spec/lib/query/query_source_token_spec.rb

# frozen_string_literal: true

# License: AGPL-3.0-or-later WITH WTO-AP-3.0-or-later
# Full license explanation at https://github.com/houdiniproject/houdini/blob/master/LICENSE
require 'rails_helper'

describe QuerySourceToken do
  describe '.get_and_increment_source_token' do
    let(:our_uuid) { '7ab66a26-05e5-11e8-b4ef-8f19083c3cc7' } # random uuid I generated
    let(:not_our_uuid) { 'a96e3c2c-05e5-11e8-80cc-177b86bb74cd' } # ditto
    let(:fake_uuid) { '15c13da0-05e8-11e8-9cc0-e7ccb95e5f1f' } # ditto
    let(:expired_uuid) { '061124ca-05f1-11e8-8730-57558ad1064d' }
    let(:overused_uuid) { '0ac67006-05f1-11e8-902c-035df51dbc79' }

    let(:nonprofit) { force_create(:nm_justice) }
    let(:event) { force_create(:event, nonprofit: nonprofit) }
    let(:user) do
      u = force_create(:user)
      force_create(:role, name: :nonprofit_admin, host: nonprofit, user: u)
      u
    end

    let(:other_user) { force_create(:user) }

    let(:our_source_token) { force_create(:source_token, token: our_uuid, total_uses: 0, expiration: Time.now + 1.day, max_uses: 1, event: event) }
    let(:not_our_source_token) { force_create(:source_token, token: not_our_uuid, total_uses: 0, expiration: Time.now + 1.day, max_uses: 1) }

    let(:expired_source_token) { force_create(:source_token, token: expired_uuid, total_uses: 0, expiration: Time.now - 1.day) }
    let(:overused_source_token) { force_create(:source_token, token: overused_uuid, total_uses: 1, expiration: Time.now + 1.day, max_uses: 1) }

    before(:each) do
      our_source_token
      not_our_source_token
      expired_source_token
      overused_source_token
    end

    around(:each) do |example|
      Timecop.freeze(2020, 5, 4) do
        example.run
      end
    end

    describe 'param validation' do
      it 'basic validation' do
        expect { QuerySourceToken.get_and_increment_source_token(nil) }.to raise_error { |error|
          expect(error).to be_a ParamValidation::ValidationError
          expect_validation_errors(error.data, [
                                     { key: :token, name: :required },
                                     { key: :token, name: :format }
                                   ])
        }
      end

      it 'raises if source_token cant be found' do
        expect { QuerySourceToken.get_and_increment_source_token(fake_uuid) }.to raise_error { |error|
          expect(error).to be_a ParamValidation::ValidationError
          expect_validation_errors(error.data, [
                                     { key: :token }
                                   ])
          expect(error.message).to eq "#{fake_uuid} doesn't represent a valid source"
        }
      end

      it 'raises if token already used too much' do
        expect { QuerySourceToken.get_and_increment_source_token(overused_uuid) }.to raise_error { |error|
          expect(error).to be_a ExpiredTokenError
        }
      end

      it 'raises if token expired' do
        expect { QuerySourceToken.get_and_increment_source_token(expired_uuid) }.to raise_error { |error|
          expect(error).to be_a ExpiredTokenError
        }
      end

      it 'raises authentication error if event on it but user is nil' do
        expect { QuerySourceToken.get_and_increment_source_token(our_uuid) }.to raise_error { |error|
          expect(error).to be_a AuthenticationError
        }
      end

      it 'raises authentication error if event on it but user is not with nonprofit' do
        expect { QuerySourceToken.get_and_increment_source_token(our_uuid, other_user) }.to raise_error { |error|
          expect(error).to be_a AuthenticationError
        }
      end
    end

    it 'increments and returns source token' do
      result = QuerySourceToken.get_and_increment_source_token(our_uuid, user)
      expect(result).to be_a SourceToken

      expected = {
        total_uses: 1,
        max_uses: 1,
        created_at: Time.now,
        updated_at: Time.now,
        event_id: event.id,
        expiration: Time.now + 1.day,
        token: our_uuid,
        tokenizable_id: nil,
        tokenizable_type: nil
      }.with_indifferent_access

      expect(result.attributes).to eq expected

      reload_all_tokens
      expect(our_source_token.attributes).to eq expected
    end

    def reload_all_tokens
      our_source_token.reload
      not_our_source_token.reload
      expired_source_token.reload
      overused_source_token.reload
    end
  end
end