scottk/chatwoot
1
0
Fork 0
mirror of https://github.com/lingble/chatwoot.git synced 2025-11-03 20:48:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f064b097765a5a8c318794b6214c2abc6893a086
chatwoot/spec/controllers/platform/api/v1/users_controller_spec.rb
Sojan Jose 8697a30dc5 feat: Ability to access user tokens via Platform API (#11537) 
- Add Platform API for generating user tokens 
- Add the swagger documentation.

---------

Co-authored-by: Muhsin Keloth <muhsinkeramam@gmail.com>
Co-authored-by: Pranav <pranav@chatwoot.com>
2025-05-22 11:30:04 +05:30

269 lines
11 KiB
Ruby
Raw Blame History

require 'rails_helper'
RSpec.describe 'Platform Users API', type: :request do
let!(:user) { create(:user, email: 'dev+testing@chatwoot.com', custom_attributes: { test: 'test' }) }
describe 'GET /platform/api/v1/users/{user_id}' do
context 'when it is an unauthenticated platform app' do
it 'returns unauthorized' do
get "/platform/api/v1/users/#{user.id}"
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an invalid platform app token' do
it 'returns unauthorized' do
get "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated platform app' do
let(:platform_app) { create(:platform_app) }
it 'returns unauthorized when its not a permissible object' do
get "/platform/api/v1/users/#{user.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:unauthorized)
end
it 'shows a user when its permissible object' do
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
get "/platform/api/v1/users/#{user.id}",
headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:success)
data = response.parsed_body
expect(data['email']).to eq(user.email)
expect(data['custom_attributes']['test']).to eq('test')
end
end
end
describe 'GET /platform/api/v1/users/{user_id}/login' do
context 'when it is an unauthenticated platform app' do
it 'returns unauthorized' do
get "/platform/api/v1/users/#{user.id}/login"
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an invalid platform app token' do
it 'returns unauthorized' do
get "/platform/api/v1/users/#{user.id}/login", headers: { api_access_token: 'invalid' }, as: :json
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated platform app' do
let(:platform_app) { create(:platform_app) }
it 'returns unauthorized when its not a permissible object' do
get "/platform/api/v1/users/#{user.id}/login", headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:unauthorized)
end
it 'return login link for user' do
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
get "/platform/api/v1/users/#{user.id}/login",
headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:success)
data = response.parsed_body
expect(data['url']).to include('email=dev%2Btesting%40chatwoot.com&sso_auth_token=')
end
end
end
describe 'POST /platform/api/v1/users/{user_id}/token' do
context 'when it is an unauthenticated platform app' do
it 'returns unauthorized' do
post "/platform/api/v1/users/#{user.id}/token"
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an invalid platform app token' do
it 'returns unauthorized' do
post "/platform/api/v1/users/#{user.id}/token", headers: { api_access_token: 'invalid' }, as: :json
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated platform app' do
let(:platform_app) { create(:platform_app) }
it 'returns unauthorized when its not a permissible object' do
post "/platform/api/v1/users/#{user.id}/token", headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:unauthorized)
end
it 'returns access token for the user with expiry and user info' do
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
post "/platform/api/v1/users/#{user.id}/token",
headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:success)
data = response.parsed_body
# Check access token and expiry
expect(data['access_token']).to eq(user.access_token.token)
expect(data['expiry']).to be_nil
# Check user info
expect(data['user']).to include(
'id' => user.id,
'name' => user.name,
'display_name' => user.display_name,
'email' => user.email,
'pubsub_token' => user.pubsub_token
)
end
end
end
describe 'POST /platform/api/v1/users/' do
context 'when it is an unauthenticated platform app' do
it 'returns unauthorized' do
post '/platform/api/v1/users'
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an invalid platform app token' do
it 'returns unauthorized' do
post '/platform/api/v1/users/', headers: { api_access_token: 'invalid' }, as: :json
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated platform app' do
let(:platform_app) { create(:platform_app) }
it 'creates a new user and permissible for the user without sending an email' do
# TODO: enqueued mail check failes because of : https://github.com/rspec/rspec-rails/pull/2793
# revert to this block when the issue is fixed
# expect do
# post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest',
# email: 'test@test.com', password: 'Password1!',
# custom_attributes: { test: 'test_create' } },
# headers: { api_access_token: platform_app.access_token.token }, as: :json
# byebug
# end.not_to have_enqueued_mail
##------ revert this block when the issue is fixed
post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest',
email: 'test@test.com', password: 'Password1!',
custom_attributes: { test: 'test_create' } },
headers: { api_access_token: platform_app.access_token.token }, as: :json
mail_jobs = ActiveJob::Base.queue_adapter.enqueued_jobs.select do |job|
job[:job] == 'ActionMailer::MailDeliveryJob'
end
expect(mail_jobs.count).to eq(0)
##------ revert this block when the issue is fixed
expect(response).to have_http_status(:success)
data = response.parsed_body
expect(data).to match(
hash_including(
'name' => 'test',
'display_name' => 'displaytest',
'email' => 'test@test.com',
'custom_attributes' => {
'test' => 'test_create'
}
)
)
expect(platform_app.platform_app_permissibles.first.permissible_id).to eq data['id']
end
it 'fetch existing user and creates permissible for the user' do
create(:user, name: 'old test', email: 'test@test.com')
post '/platform/api/v1/users/', params: { name: 'test', email: 'test@test.com', password: 'Password1!' },
headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:success)
data = response.parsed_body
expect(data['name']).to eq('old test')
expect(platform_app.platform_app_permissibles.first.permissible_id).to eq data['id']
end
end
end
describe 'PATCH /platform/api/v1/users/{user_id}' do
context 'when it is an unauthenticated platform app' do
it 'returns unauthorized' do
patch "/platform/api/v1/users/#{user.id}"
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an invalid platform app token' do
it 'returns unauthorized' do
patch "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated platform app' do
let(:platform_app) { create(:platform_app) }
it 'returns unauthorized when its not a permissible object' do
patch "/platform/api/v1/users/#{user.id}", params: { name: 'test' },
headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:unauthorized)
end
it 'updates the user attributes' do
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
patch "/platform/api/v1/users/#{user.id}", params: {
name: 'test123', email: 'newtestemail@test.com', custom_attributes: { test: 'test_update' }
},
headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:success)
data = response.parsed_body
expect(data['name']).to eq('test123')
expect(data['email']).to eq('newtestemail@test.com')
expect(data['custom_attributes']['test']).to eq('test_update')
end
end
end
describe 'DELETE /platform/api/v1/users/{user_id}' do
context 'when it is an unauthenticated platform app' do
it 'returns unauthorized' do
delete "/platform/api/v1/users/#{user.id}"
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an invalid platform app token' do
it 'returns unauthorized' do
delete "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated platform app' do
let(:platform_app) { create(:platform_app) }
it 'returns unauthorized when its not a permissible object' do
delete "/platform/api/v1/users/#{user.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:unauthorized)
end
it 'deletes the user' do
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
expect(DeleteObjectJob).to receive(:perform_later).with(user).once
delete "/platform/api/v1/users/#{user.id}",
headers: { api_access_token: platform_app.access_token.token }, as: :json
expect(response).to have_http_status(:success)
end
end
end
end
Reference in New Issue View Git Blame Copy Permalink