fix: Update inbox json, removing password (#5981)
- Filter restricted inbox attributes in APIs for agents Fixes chatwoot/product#668 Co-authored-by: Sojan Jose <sojan@pepalo.com>
This commit is contained in:
parent
85b52a1d3f
commit
3083f74d45
2 changed files with 78 additions and 19 deletions
|
@ -103,7 +103,62 @@ RSpec.describe 'Inboxes API', type: :request do
|
|||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
expect(JSON.parse(response.body, symbolize_names: true)[:id]).to eq(inbox.id)
|
||||
data = JSON.parse(response.body, symbolize_names: true)
|
||||
expect(data[:id]).to eq(inbox.id)
|
||||
expect(data[:hmac_token]).to be_nil
|
||||
end
|
||||
|
||||
it 'returns empty imap details in inbox when agent' do
|
||||
email_channel = create(:channel_email, account: account, imap_enabled: true, imap_login: 'test@test.com')
|
||||
email_inbox = create(:inbox, channel: email_channel, account: account)
|
||||
create(:inbox_member, user: agent, inbox: email_inbox)
|
||||
|
||||
imap_connection = double
|
||||
allow(Mail).to receive(:connection).and_return(imap_connection)
|
||||
|
||||
get "/api/v1/accounts/#{account.id}/inboxes/#{email_inbox.id}",
|
||||
headers: agent.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
data = JSON.parse(response.body, symbolize_names: true)
|
||||
|
||||
expect(data[:imap_enabled]).to be_nil
|
||||
expect(data[:imap_login]).to be_nil
|
||||
end
|
||||
|
||||
it 'returns imap details in inbox when admin' do
|
||||
email_channel = create(:channel_email, account: account, imap_enabled: true, imap_login: 'test@test.com')
|
||||
email_inbox = create(:inbox, channel: email_channel, account: account)
|
||||
|
||||
imap_connection = double
|
||||
allow(Mail).to receive(:connection).and_return(imap_connection)
|
||||
|
||||
get "/api/v1/accounts/#{account.id}/inboxes/#{email_inbox.id}",
|
||||
headers: admin.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
data = JSON.parse(response.body, symbolize_names: true)
|
||||
|
||||
expect(data[:imap_enabled]).to be_truthy
|
||||
expect(data[:imap_login]).to eq('test@test.com')
|
||||
end
|
||||
|
||||
it 'fetch API inbox without hmac token when agent' do
|
||||
api_channel = create(:channel_api, account: account)
|
||||
api_inbox = create(:inbox, channel: api_channel, account: account)
|
||||
create(:inbox_member, user: agent, inbox: api_inbox)
|
||||
|
||||
get "/api/v1/accounts/#{account.id}/inboxes/#{api_inbox.id}",
|
||||
headers: agent.create_new_auth_token,
|
||||
as: :json
|
||||
|
||||
expect(response).to have_http_status(:success)
|
||||
|
||||
data = JSON.parse(response.body, symbolize_names: true)
|
||||
|
||||
expect(data[:hmac_token]).to be_nil
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue