Feature: Access tokens for API access (#604)

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>

spec/controllers/api/base_controller_spec.rb

@@ -0,0 +1,60 @@
+require 'rails_helper'
+
+RSpec.describe 'API Base', type: :request do
+  let!(:account) { create(:account) }
+  let!(:user) { create(:user, account: account) }
+
+  describe 'request with api_access_token for user' do
+    context 'when it is an invalid api_access_token' do
+      it 'returns unauthorized' do
+        get '/api/v1/profile',
+            headers: { api_access_token: 'invalid' },
+            as: :json
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is a valid api_access_token' do
+      it 'returns current user information' do
+        get '/api/v1/profile',
+            headers: { api_access_token: user.access_token.token },
+            as: :json
+
+        expect(response).to have_http_status(:success)
+        json_response = JSON.parse(response.body)
+        expect(json_response['id']).to eq(user.id)
+        expect(json_response['email']).to eq(user.email)
+      end
+    end
+  end
+
+  describe 'request with api_access_token for bot' do
+    let!(:agent_bot) { create(:agent_bot) }
+    let!(:inbox) { create(:inbox, account: account) }
+    let!(:conversation) { create(:conversation, account: account, inbox: inbox, assignee: user, status: 'bot') }
+
+    context 'when it is an unauthorized url' do
+      it 'returns unauthorized' do
+        get '/api/v1/profile',
+            headers: { api_access_token: agent_bot.access_token.token },
+            as: :json
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is a accessible url' do
+      it 'returns success' do
+        create(:agent_bot_inbox, inbox: inbox, agent_bot: agent_bot)
+
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/toggle_status",
+             headers: { api_access_token: agent_bot.access_token.token },
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(conversation.reload.status).to eq('open')
+      end
+    end
+  end
+end

spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb

@@ -1,10 +1,11 @@
 require 'rails_helper'
 
 RSpec.describe 'Conversation Messages API', type: :request do
-  let(:account) { create(:account) }
+  let!(:account) { create(:account) }
 
   describe 'POST /api/v1/accounts/{account.id}/conversations/<id>/messages' do
-    let(:conversation) { create(:conversation, account: account) }
+    let!(:inbox) { create(:inbox, account: account) }
+    let!(:conversation) { create(:conversation, inbox: inbox, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
@@ -30,6 +31,24 @@ RSpec.describe 'Conversation Messages API', type: :request do
         expect(conversation.messages.first.content).to eq(params[:message])
       end
     end
+
+    context 'when it is an authenticated agent bot' do
+      let!(:agent_bot) { create(:agent_bot) }
+
+      it 'creates a new outgoing message' do
+        create(:agent_bot_inbox, inbox: inbox, agent_bot: agent_bot)
+        params = { message: 'test-message' }
+
+        post api_v1_account_conversation_messages_url(account_id: account.id, conversation_id: conversation.display_id),
+             params: params,
+             headers: { api_access_token: agent_bot.access_token.token },
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(conversation.messages.count).to eq(1)
+        expect(conversation.messages.first.content).to eq(params[:message])
+      end
+    end
   end
 
   describe 'GET /api/v1/accounts/{account.id}/conversations/:id/messages' do

spec/controllers/api/v1/accounts/conversations_controller_spec.rb

@@ -80,6 +80,17 @@ RSpec.describe 'Conversations API', type: :request do
         expect(response).to have_http_status(:success)
         expect(conversation.reload.status).to eq('resolved')
       end
+
+      it 'toggles the conversation status to open from bot' do
+        conversation.update!(status: 'bot')
+
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/toggle_status",
+             headers: agent.create_new_auth_token,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(conversation.reload.status).to eq('open')
+      end
     end
   end
 

spec/controllers/api/v1/accounts/widget/inboxes_controller_spec.rb

@@ -1,17 +1,17 @@
 require 'rails_helper'
 
-RSpec.describe '/api/v1/widget/inboxes', type: :request do
+RSpec.describe '/api/v1/accounts/{account.id}/widget/inboxes', type: :request do
   let(:account) { create(:account) }
   let(:inbox) { create(:inbox, account: account) }
   let(:admin) { create(:user, account: account, role: :administrator) }
   let(:agent) { create(:user, account: account, role: :agent) }
 
-  describe 'POST /api/v1/widget/inboxes' do
+  describe 'POST /api/v1/accounts/{account.id}/widget/inboxes' do
     let(:params) { { website: { website_name: 'test', website_url: 'test.com', widget_color: '#eaeaea' } } }
 
     context 'when unauthenticated user' do
       it 'returns unauthorized' do
-        post '/api/v1/widget/inboxes', params: params
+        post "/api/v1/accounts/#{account.id}/widget/inboxes", params: params
         expect(response).to have_http_status(:unauthorized)
       end
     end
@@ -19,7 +19,7 @@ RSpec.describe '/api/v1/widget/inboxes', type: :request do
     context 'when user is logged in' do
       context 'with user as administrator' do
         it 'creates inbox and returns website_token' do
-          post '/api/v1/widget/inboxes', params: params, headers: admin.create_new_auth_token
+          post "/api/v1/accounts/#{account.id}/widget/inboxes", params: params, headers: admin.create_new_auth_token
 
           expect(response).to have_http_status(:success)
           json_response = JSON.parse(response.body)
@@ -31,7 +31,7 @@ RSpec.describe '/api/v1/widget/inboxes', type: :request do
 
       context 'with user as agent' do
         it 'returns unauthorized' do
-          post '/api/v1/widget/inboxes',
+          post "/api/v1/accounts/#{account.id}/widget/inboxes",
                params: params,
                headers: agent.create_new_auth_token
 
@@ -41,12 +41,12 @@ RSpec.describe '/api/v1/widget/inboxes', type: :request do
     end
   end
 
-  describe 'PATCH /api/v1/widget/inboxes/:id' do
+  describe 'PATCH /api/v1/accounts/{account.id}/widget/inboxes/:id' do
     let(:update_params) { { website: { widget_color: '#eaeaea' } } }
 
     context 'when unauthenticated user' do
       it 'returns unauthorized' do
-        patch "/api/v1/widget/inboxes/#{inbox.channel_id}", params: update_params
+        patch "/api/v1/accounts/#{account.id}/widget/inboxes/#{inbox.channel_id}", params: update_params
         expect(response).to have_http_status(:unauthorized)
       end
     end
@@ -54,7 +54,7 @@ RSpec.describe '/api/v1/widget/inboxes', type: :request do
     context 'when user is logged in' do
       context 'with user as administrator' do
         it 'updates website channel' do
-          patch "/api/v1/widget/inboxes/#{inbox.channel_id}",
+          patch "/api/v1/accounts/#{account.id}/widget/inboxes/#{inbox.channel_id}",
                 params: update_params,
                 headers: admin.create_new_auth_token
 
@@ -67,7 +67,7 @@ RSpec.describe '/api/v1/widget/inboxes', type: :request do
 
       context 'with user as agent' do
         it 'returns unauthorized' do
-          patch "/api/v1/widget/inboxes/#{inbox.channel_id}",
+          patch "/api/v1/accounts/#{account.id}/widget/inboxes/#{inbox.channel_id}",
                 params: update_params,
                 headers: agent.create_new_auth_token