2021-01-14 15:05:22 +00:00
|
|
|
require 'rails_helper'
|
|
|
|
|
|
|
|
RSpec.describe 'Platform Users API', type: :request do
|
2022-02-07 23:17:36 +00:00
|
|
|
let!(:user) { create(:user, email: 'dev+testing@chatwoot.com', custom_attributes: { test: 'test' }) }
|
2021-01-14 15:05:22 +00:00
|
|
|
|
|
|
|
describe 'GET /platform/api/v1/users/{user_id}' do
|
|
|
|
context 'when it is an unauthenticated platform app' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
get "/platform/api/v1/users/#{user.id}"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an invalid platform app token' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
get "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an authenticated platform app' do
|
|
|
|
let(:platform_app) { create(:platform_app) }
|
|
|
|
|
|
|
|
it 'returns unauthorized when its not a permissible object' do
|
|
|
|
get "/platform/api/v1/users/#{user.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'shows a user when its permissible object' do
|
|
|
|
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
|
|
|
|
|
|
|
|
get "/platform/api/v1/users/#{user.id}",
|
|
|
|
headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success)
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
expect(data['email']).to eq(user.email)
|
2021-09-02 12:59:45 +00:00
|
|
|
expect(data['custom_attributes']['test']).to eq('test')
|
2021-01-14 15:05:22 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'GET /platform/api/v1/users/{user_id}/login' do
|
|
|
|
context 'when it is an unauthenticated platform app' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
get "/platform/api/v1/users/#{user.id}/login"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an invalid platform app token' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
get "/platform/api/v1/users/#{user.id}/login", headers: { api_access_token: 'invalid' }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an authenticated platform app' do
|
|
|
|
let(:platform_app) { create(:platform_app) }
|
|
|
|
|
|
|
|
it 'returns unauthorized when its not a permissible object' do
|
|
|
|
get "/platform/api/v1/users/#{user.id}/login", headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'return login link for user' do
|
|
|
|
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
|
|
|
|
|
|
|
|
get "/platform/api/v1/users/#{user.id}/login",
|
|
|
|
headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success)
|
|
|
|
data = JSON.parse(response.body)
|
2022-02-07 23:17:36 +00:00
|
|
|
expect(data['url']).to include('email=dev%2Btesting%40chatwoot.com&sso_auth_token=')
|
2021-01-14 15:05:22 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'POST /platform/api/v1/users/' do
|
|
|
|
context 'when it is an unauthenticated platform app' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
post '/platform/api/v1/users'
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an invalid platform app token' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
post '/platform/api/v1/users/', headers: { api_access_token: 'invalid' }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an authenticated platform app' do
|
|
|
|
let(:platform_app) { create(:platform_app) }
|
|
|
|
|
|
|
|
it 'creates a new user and permissible for the user' do
|
2022-03-24 19:06:59 +00:00
|
|
|
expect do
|
2022-09-30 18:28:18 +00:00
|
|
|
post '/platform/api/v1/users/', params: { name: 'test', display_name: 'displaytest',
|
|
|
|
email: 'test@test.com', password: 'Password1!',
|
2022-03-24 19:06:59 +00:00
|
|
|
custom_attributes: { test: 'test_create' } },
|
|
|
|
headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
end.not_to enqueue_mail
|
2021-01-14 15:05:22 +00:00
|
|
|
|
|
|
|
expect(response).to have_http_status(:success)
|
|
|
|
data = JSON.parse(response.body)
|
2022-09-30 18:28:18 +00:00
|
|
|
expect(data).to match(
|
|
|
|
hash_including(
|
|
|
|
'name' => 'test',
|
|
|
|
'display_name' => 'displaytest',
|
|
|
|
'email' => 'test@test.com',
|
|
|
|
'custom_attributes' => {
|
|
|
|
'test' => 'test_create'
|
|
|
|
}
|
|
|
|
)
|
|
|
|
)
|
2021-01-14 15:05:22 +00:00
|
|
|
expect(platform_app.platform_app_permissibles.first.permissible_id).to eq data['id']
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'fetch existing user and creates permissible for the user' do
|
|
|
|
create(:user, name: 'old test', email: 'test@test.com')
|
2021-06-07 11:56:08 +00:00
|
|
|
post '/platform/api/v1/users/', params: { name: 'test', email: 'test@test.com', password: 'Password1!' },
|
2021-01-14 15:05:22 +00:00
|
|
|
headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success)
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
expect(data['name']).to eq('old test')
|
|
|
|
expect(platform_app.platform_app_permissibles.first.permissible_id).to eq data['id']
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'PATCH /platform/api/v1/users/{user_id}' do
|
|
|
|
context 'when it is an unauthenticated platform app' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
patch "/platform/api/v1/users/#{user.id}"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an invalid platform app token' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
patch "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an authenticated platform app' do
|
|
|
|
let(:platform_app) { create(:platform_app) }
|
|
|
|
|
|
|
|
it 'returns unauthorized when its not a permissible object' do
|
|
|
|
patch "/platform/api/v1/users/#{user.id}", params: { name: 'test' },
|
|
|
|
headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
|
2022-05-09 18:58:46 +00:00
|
|
|
it 'updates the user attributes' do
|
2021-01-14 15:05:22 +00:00
|
|
|
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
|
2022-05-09 18:58:46 +00:00
|
|
|
patch "/platform/api/v1/users/#{user.id}", params: {
|
2022-07-15 02:51:59 +00:00
|
|
|
name: 'test123', email: 'newtestemail@test.com', custom_attributes: { test: 'test_update' }
|
|
|
|
},
|
2021-01-14 15:05:22 +00:00
|
|
|
headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
|
|
|
|
expect(response).to have_http_status(:success)
|
|
|
|
data = JSON.parse(response.body)
|
|
|
|
expect(data['name']).to eq('test123')
|
2022-05-09 18:58:46 +00:00
|
|
|
expect(data['email']).to eq('newtestemail@test.com')
|
2021-09-02 12:59:45 +00:00
|
|
|
expect(data['custom_attributes']['test']).to eq('test_update')
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'DELETE /platform/api/v1/users/{user_id}' do
|
|
|
|
context 'when it is an unauthenticated platform app' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
delete "/platform/api/v1/users/#{user.id}"
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an invalid platform app token' do
|
|
|
|
it 'returns unauthorized' do
|
|
|
|
delete "/platform/api/v1/users/#{user.id}", headers: { api_access_token: 'invalid' }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when it is an authenticated platform app' do
|
|
|
|
let(:platform_app) { create(:platform_app) }
|
|
|
|
|
|
|
|
it 'returns unauthorized when its not a permissible object' do
|
|
|
|
delete "/platform/api/v1/users/#{user.id}", headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
expect(response).to have_http_status(:unauthorized)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'deletes the user' do
|
|
|
|
create(:platform_app_permissible, platform_app: platform_app, permissible: user)
|
|
|
|
expect(DeleteObjectJob).to receive(:perform_later).with(user).once
|
|
|
|
delete "/platform/api/v1/users/#{user.id}",
|
|
|
|
headers: { api_access_token: platform_app.access_token.token }, as: :json
|
|
|
|
expect(response).to have_http_status(:success)
|
2021-01-14 15:05:22 +00:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|