Chatwoot/spec/controllers/api/v1/accounts/webhook_controller_spec.rb

require 'rails_helper'

RSpec.describe 'Webhooks API', type: :request do
  let(:account) { create(:account) }
  let(:inbox) { create(:inbox, account: account) }
  let(:webhook) { create(:webhook, account: account, inbox: inbox, url: 'https://hello.com') }
  let(:administrator) { create(:user, account: account, role: :administrator) }
  let(:agent) { create(:user, account: account, role: :agent) }

  describe 'GET /api/v1/accounts/<account_id>/webhooks' do
    context 'when it is an authenticated agent' do
      it 'returns unauthorized' do
        get "/api/v1/accounts/#{account.id}/webhooks",
            headers: agent.create_new_auth_token,
            as: :json
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context 'when it is an authenticated admin user' do
      it 'gets all webhook' do
        get "/api/v1/accounts/#{account.id}/webhooks",
            headers: administrator.create_new_auth_token,
            as: :json
        expect(response).to have_http_status(:success)
        expect(JSON.parse(response.body)['payload']['webhooks'].count).to eql account.webhooks.count
      end
    end
  end

  describe 'POST /api/v1/accounts/<account_id>/webhooks' do
    context 'when it is an authenticated agent' do
      it 'returns unauthorized' do
        post "/api/v1/accounts/#{account.id}/webhooks",
             headers: agent.create_new_auth_token,
             as: :json
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context 'when it is an authenticated admin user' do
      it 'creates webhook' do
        post "/api/v1/accounts/#{account.id}/webhooks",
             params: { account_id: account.id, inbox_id: inbox.id, url: 'https://hello.com' },
             headers: administrator.create_new_auth_token,
             as: :json
        expect(response).to have_http_status(:success)

        expect(JSON.parse(response.body)['payload']['webhook']['url']).to eql 'https://hello.com'
      end

      it 'throws error when invalid url provided' do
        post "/api/v1/accounts/#{account.id}/webhooks",
             params: { account_id: account.id, inbox_id: inbox.id, url: 'javascript:alert(1)' },
             headers: administrator.create_new_auth_token,
             as: :json
        expect(response).to have_http_status(:unprocessable_entity)
        expect(JSON.parse(response.body)['message']).to eql 'Url is invalid'
      end
    end
  end

  describe 'PUT /api/v1/accounts/<account_id>/webhooks/:id' do
    context 'when it is an authenticated agent' do
      it 'returns unauthorized' do
        put "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",
            headers: agent.create_new_auth_token,
            as: :json
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context 'when it is an authenticated admin user' do
      it 'updates webhook' do
        put "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",
            params: { url: 'https://hello.com' },
            headers: administrator.create_new_auth_token,
            as: :json
        expect(response).to have_http_status(:success)
        expect(JSON.parse(response.body)['payload']['webhook']['url']).to eql 'https://hello.com'
      end
    end
  end

  describe 'DELETE /api/v1/accounts/<account_id>/webhooks/:id' do
    context 'when it is an authenticated agent' do
      it 'returns unauthorized' do
        delete "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",
               headers: agent.create_new_auth_token,
               as: :json
        expect(response).to have_http_status(:unauthorized)
      end
    end

    context 'when it is an authenticated admin user' do
      it 'deletes webhook' do
        delete "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",
               headers: administrator.create_new_auth_token,
               as: :json
        expect(response).to have_http_status(:success)
        expect(account.webhooks.count).to be 0
      end
    end
  end
end
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`require 'rails_helper'`

			`RSpec.describe 'Webhooks API', type: :request do`
			`let(:account) { create(:account) }`
			`let(:inbox) { create(:inbox, account: account) }`
Feature: Support account/inbox specific webhooks (#562) 2020-02-26 04:14:24 +00:00			`let(:webhook) { create(:webhook, account: account, inbox: inbox, url: 'https://hello.com') }`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`let(:administrator) { create(:user, account: account, role: :administrator) }`
			`let(:agent) { create(:user, account: account, role: :agent) }`

Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`describe 'GET /api/v1/accounts/<account_id>/webhooks' do`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`context 'when it is an authenticated agent' do`
			`it 'returns unauthorized' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`get "/api/v1/accounts/#{account.id}/webhooks",`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: agent.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:unauthorized)`
			`end`
			`end`

			`context 'when it is an authenticated admin user' do`
			`it 'gets all webhook' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`get "/api/v1/accounts/#{account.id}/webhooks",`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: administrator.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:success)`
			`expect(JSON.parse(response.body)['payload']['webhooks'].count).to eql account.webhooks.count`
			`end`
			`end`
			`end`

Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`describe 'POST /api/v1/accounts/<account_id>/webhooks' do`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`context 'when it is an authenticated agent' do`
			`it 'returns unauthorized' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`post "/api/v1/accounts/#{account.id}/webhooks",`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: agent.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:unauthorized)`
			`end`
			`end`

			`context 'when it is an authenticated admin user' do`
			`it 'creates webhook' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`post "/api/v1/accounts/#{account.id}/webhooks",`
Feature: Support account/inbox specific webhooks (#562) 2020-02-26 04:14:24 +00:00			`params: { account_id: account.id, inbox_id: inbox.id, url: 'https://hello.com' },`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: administrator.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:success)`

Feature: Support account/inbox specific webhooks (#562) 2020-02-26 04:14:24 +00:00			`expect(JSON.parse(response.body)['payload']['webhook']['url']).to eql 'https://hello.com'`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`end`
chore: Add webhook URL validation (#4080) 2022-02-28 10:14:02 +00:00
			`it 'throws error when invalid url provided' do`
			`post "/api/v1/accounts/#{account.id}/webhooks",`
			`params: { account_id: account.id, inbox_id: inbox.id, url: 'javascript:alert(1)' },`
			`headers: administrator.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:unprocessable_entity)`
			`expect(JSON.parse(response.body)['message']).to eql 'Url is invalid'`
			`end`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`end`
			`end`

Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`describe 'PUT /api/v1/accounts/<account_id>/webhooks/:id' do`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`context 'when it is an authenticated agent' do`
			`it 'returns unauthorized' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`put "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: agent.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:unauthorized)`
			`end`
			`end`

			`context 'when it is an authenticated admin user' do`
			`it 'updates webhook' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`put "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",`
Feature: Support account/inbox specific webhooks (#562) 2020-02-26 04:14:24 +00:00			`params: { url: 'https://hello.com' },`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: administrator.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:success)`
Feature: Support account/inbox specific webhooks (#562) 2020-02-26 04:14:24 +00:00			`expect(JSON.parse(response.body)['payload']['webhook']['url']).to eql 'https://hello.com'`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`end`
			`end`
			`end`

Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`describe 'DELETE /api/v1/accounts/<account_id>/webhooks/:id' do`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`context 'when it is an authenticated agent' do`
			`it 'returns unauthorized' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`delete "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: agent.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:unauthorized)`
			`end`
			`end`

			`context 'when it is an authenticated admin user' do`
			`it 'deletes webhook' do`
Chore: Scope URLs with account_id (#601) * Chore: Enable Users to create multiple accounts Addresses: #402 - migrations to split roles and other attributes from users table - make changes in code to accommodate this change Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com> 2020-03-09 17:57:10 +00:00			`delete "/api/v1/accounts/#{account.id}/webhooks/#{webhook.id}",`
Feature: Webhooks (#489) 2020-02-14 17:49:17 +00:00			`headers: administrator.create_new_auth_token,`
			`as: :json`
			`expect(response).to have_http_status(:success)`
			`expect(account.webhooks.count).to be 0`
			`end`
			`end`
			`end`
			`end`