mirror of
https://github.com/lingble/chatwoot.git
synced 2025-10-30 18:47:51 +00:00
873cfa08d8
Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com> Co-authored-by: Sivin Varghese <64252451+iamsivin@users.noreply.github.com> Co-authored-by: iamsivin <iamsivin@gmail.com> Co-authored-by: Shivam Mishra <scm.mymail@gmail.com>
317 lines
12 KiB
Ruby
317 lines
12 KiB
Ruby
require 'rails_helper'
|
|
|
|
RSpec.describe 'Agent Bot API', type: :request do
|
|
let!(:account) { create(:account) }
|
|
let!(:agent_bot) { create(:agent_bot, account: account) }
|
|
let(:admin) { create(:user, account: account, role: :administrator) }
|
|
let(:agent) { create(:user, account: account, role: :agent) }
|
|
|
|
describe 'GET /api/v1/accounts/{account.id}/agent_bots' do
|
|
context 'when it is an unauthenticated user' do
|
|
it 'returns unauthorized' do
|
|
get "/api/v1/accounts/#{account.id}/agent_bots"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
|
|
context 'when it is an authenticated user' do
|
|
it 'returns all the agent_bots in account along with global agent bots' do
|
|
global_bot = create(:agent_bot)
|
|
get "/api/v1/accounts/#{account.id}/agent_bots",
|
|
headers: agent.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:success)
|
|
expect(response.body).to include(agent_bot.name)
|
|
expect(response.body).to include(global_bot.name)
|
|
expect(response.body).to include(agent_bot.access_token.token)
|
|
expect(response.body).not_to include(global_bot.access_token.token)
|
|
end
|
|
|
|
it 'properly differentiates between system bots and account bots' do
|
|
global_bot = create(:agent_bot)
|
|
get "/api/v1/accounts/#{account.id}/agent_bots",
|
|
headers: agent.create_new_auth_token,
|
|
as: :json
|
|
|
|
response_data = response.parsed_body
|
|
# Find the global bot in the response
|
|
global_bot_response = response_data.find { |bot| bot['id'] == global_bot.id }
|
|
# Find the account bot in the response
|
|
account_bot_response = response_data.find { |bot| bot['id'] == agent_bot.id }
|
|
|
|
# Verify system_bot attribute and outgoing_url for global bot
|
|
expect(global_bot_response['system_bot']).to be(true)
|
|
expect(global_bot_response).not_to include('outgoing_url')
|
|
|
|
# Verify account bot has system_bot attribute false and includes outgoing_url
|
|
expect(account_bot_response['system_bot']).to be(false)
|
|
expect(account_bot_response).to include('outgoing_url')
|
|
|
|
# Verify both bots have thumbnail field
|
|
expect(global_bot_response).to include('thumbnail')
|
|
expect(account_bot_response).to include('thumbnail')
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'GET /api/v1/accounts/{account.id}/agent_bots/:id' do
|
|
context 'when it is an unauthenticated user' do
|
|
it 'returns unauthorized' do
|
|
get "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
|
|
context 'when it is an authenticated user' do
|
|
it 'shows the agent bot' do
|
|
get "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
headers: agent.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:success)
|
|
expect(response.body).to include(agent_bot.name)
|
|
expect(response.body).to include(agent_bot.access_token.token)
|
|
end
|
|
|
|
it 'will show a global agent bot' do
|
|
global_bot = create(:agent_bot)
|
|
get "/api/v1/accounts/#{account.id}/agent_bots/#{global_bot.id}",
|
|
headers: agent.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:success)
|
|
expect(response.body).to include(global_bot.name)
|
|
expect(response.body).not_to include(global_bot.access_token.token)
|
|
|
|
# Test for system_bot attribute and webhook URL not being exposed
|
|
expect(response.parsed_body['system_bot']).to be(true)
|
|
expect(response.parsed_body).not_to include('outgoing_url')
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'POST /api/v1/accounts/{account.id}/agent_bots' do
|
|
let(:valid_params) { { name: 'test' } }
|
|
|
|
context 'when it is an unauthenticated user' do
|
|
it 'returns unauthorized' do
|
|
expect { post "/api/v1/accounts/#{account.id}/agent_bots", params: valid_params }.not_to change(Label, :count)
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
|
|
context 'when it is an authenticated user' do
|
|
it 'creates the agent bot when administrator' do
|
|
expect do
|
|
post "/api/v1/accounts/#{account.id}/agent_bots", headers: admin.create_new_auth_token,
|
|
params: valid_params
|
|
end.to change(AgentBot, :count).by(1)
|
|
|
|
expect(response).to have_http_status(:success)
|
|
end
|
|
|
|
it 'would not create the agent bot when agent' do
|
|
expect do
|
|
post "/api/v1/accounts/#{account.id}/agent_bots", headers: agent.create_new_auth_token,
|
|
params: valid_params
|
|
end.not_to change(AgentBot, :count)
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'PATCH /api/v1/accounts/{account.id}/agent_bots/:id' do
|
|
let(:valid_params) { { name: 'test_updated' } }
|
|
|
|
context 'when it is an unauthenticated user' do
|
|
it 'returns unauthorized' do
|
|
patch "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
params: valid_params
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
|
|
context 'when it is an authenticated user' do
|
|
it 'updates the agent bot' do
|
|
patch "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
headers: admin.create_new_auth_token,
|
|
params: valid_params,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:success)
|
|
expect(agent_bot.reload.name).to eq('test_updated')
|
|
expect(response.body).to include(agent_bot.access_token.token)
|
|
end
|
|
|
|
it 'would not update the agent bot when agent' do
|
|
patch "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
headers: agent.create_new_auth_token,
|
|
params: valid_params,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
expect(agent_bot.reload.name).not_to eq('test_updated')
|
|
end
|
|
|
|
it 'would not update a global agent bot' do
|
|
global_bot = create(:agent_bot)
|
|
patch "/api/v1/accounts/#{account.id}/agent_bots/#{global_bot.id}",
|
|
headers: admin.create_new_auth_token,
|
|
params: valid_params,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
expect(agent_bot.reload.name).not_to eq('test_updated')
|
|
expect(response.body).not_to include(global_bot.access_token.token)
|
|
end
|
|
|
|
it 'updates avatar and includes thumbnail in response' do
|
|
# no avatar before upload
|
|
expect(agent_bot.avatar.attached?).to be(false)
|
|
file = fixture_file_upload(Rails.root.join('spec/assets/avatar.png'), 'image/png')
|
|
patch "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
headers: admin.create_new_auth_token,
|
|
params: valid_params.merge(avatar: file)
|
|
|
|
expect(response).to have_http_status(:success)
|
|
agent_bot.reload
|
|
expect(agent_bot.avatar.attached?).to be(true)
|
|
|
|
# Verify thumbnail is included in the response
|
|
expect(response.parsed_body).to include('thumbnail')
|
|
end
|
|
|
|
it 'updated avatar with avatar_url' do
|
|
patch "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
headers: admin.create_new_auth_token,
|
|
params: valid_params.merge(avatar_url: 'http://example.com/avatar.png'),
|
|
as: :json
|
|
expect(response).to have_http_status(:success)
|
|
expect(Avatar::AvatarFromUrlJob).to have_been_enqueued.with(agent_bot, 'http://example.com/avatar.png')
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'DELETE /api/v1/accounts/{account.id}/agent_bots/:id' do
|
|
context 'when it is an unauthenticated user' do
|
|
it 'returns unauthorized' do
|
|
delete "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
|
|
context 'when it is an authenticated user' do
|
|
it 'deletes an agent bot when administrator' do
|
|
delete "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
headers: admin.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:success)
|
|
expect(account.agent_bots.size).to eq(0)
|
|
end
|
|
|
|
it 'would not delete the agent bot when agent' do
|
|
delete "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}",
|
|
headers: agent.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
expect(account.agent_bots.size).not_to eq(0)
|
|
end
|
|
|
|
it 'would not delete a global agent bot' do
|
|
global_bot = create(:agent_bot)
|
|
delete "/api/v1/accounts/#{account.id}/agent_bots/#{global_bot.id}",
|
|
headers: admin.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
expect(account.agent_bots.size).not_to eq(0)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'DELETE /api/v1/accounts/{account.id}/agent_bots/:id/avatar' do
|
|
context 'when it is an unauthenticated user' do
|
|
it 'returns unauthorized' do
|
|
delete "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
|
|
context 'when it is an authenticated user' do
|
|
before do
|
|
agent_bot.avatar.attach(io: Rails.root.join('spec/assets/avatar.png').open, filename: 'avatar.png', content_type: 'image/png')
|
|
end
|
|
|
|
it 'delete agent_bot avatar' do
|
|
delete "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}/avatar",
|
|
headers: admin.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect { agent_bot.avatar.attachment.reload }.to raise_error(ActiveRecord::RecordNotFound)
|
|
expect(response).to have_http_status(:success)
|
|
end
|
|
end
|
|
end
|
|
|
|
describe 'POST /api/v1/accounts/{account.id}/agent_bots/:id/reset_access_token' do
|
|
context 'when it is an unauthenticated user' do
|
|
it 'returns unauthorized' do
|
|
post "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}/reset_access_token"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
end
|
|
end
|
|
|
|
context 'when it is an authenticated user' do
|
|
it 'regenerates the access token when administrator' do
|
|
old_token = agent_bot.access_token.token
|
|
|
|
post "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}/reset_access_token",
|
|
headers: admin.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:success)
|
|
agent_bot.reload
|
|
expect(agent_bot.access_token.token).not_to eq(old_token)
|
|
json_response = response.parsed_body
|
|
expect(json_response['access_token']).to eq(agent_bot.access_token.token)
|
|
end
|
|
|
|
it 'would not reset the access token when agent' do
|
|
old_token = agent_bot.access_token.token
|
|
|
|
post "/api/v1/accounts/#{account.id}/agent_bots/#{agent_bot.id}/reset_access_token",
|
|
headers: agent.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
agent_bot.reload
|
|
expect(agent_bot.access_token.token).to eq(old_token)
|
|
end
|
|
|
|
it 'would not reset access token for a global agent bot' do
|
|
global_bot = create(:agent_bot)
|
|
old_token = global_bot.access_token.token
|
|
|
|
post "/api/v1/accounts/#{account.id}/agent_bots/#{global_bot.id}/reset_access_token",
|
|
headers: admin.create_new_auth_token,
|
|
as: :json
|
|
|
|
expect(response).to have_http_status(:not_found)
|
|
global_bot.reload
|
|
expect(global_bot.access_token.token).to eq(old_token)
|
|
end
|
|
end
|
|
end
|
|
end
|