Feature: Access tokens for API access (#604)

Co-authored-by: Pranav Raj Sreepuram <pranavrajs@gmail.com>

spec/controllers/api/v1/accounts/accounts_controller_spec.rb

@@ -0,0 +1,78 @@
+require 'rails_helper'
+
+RSpec.describe 'Accounts API', type: :request do
+  describe 'POST /api/v1/accounts' do
+    context 'when posting to accounts with correct parameters' do
+      let(:account_builder) { double }
+      let(:email) { Faker::Internet.email }
+      let(:account) { create(:account) }
+      let(:user) { create(:user, email: email, account: account) }
+
+      before do
+        allow(AccountBuilder).to receive(:new).and_return(account_builder)
+        ENV['ENABLE_ACCOUNT_SIGNUP'] = nil
+      end
+
+      it 'calls account builder' do
+        allow(account_builder).to receive(:perform).and_return(user)
+
+        params = { account_name: 'test', email: email }
+
+        post api_v1_accounts_url,
+             params: params,
+             as: :json
+
+        expect(AccountBuilder).to have_received(:new).with(params)
+        expect(account_builder).to have_received(:perform)
+        expect(response.headers.keys).to include('access-token', 'token-type', 'client', 'expiry', 'uid')
+      end
+
+      it 'renders error response on invalid params' do
+        allow(account_builder).to receive(:perform).and_return(nil)
+
+        params = { account_name: nil, email: nil }
+
+        post api_v1_accounts_url,
+             params: params,
+             as: :json
+
+        expect(AccountBuilder).to have_received(:new).with(params)
+        expect(account_builder).to have_received(:perform)
+        expect(response).to have_http_status(:forbidden)
+        expect(response.body).to eq({ message: I18n.t('errors.signup.failed') }.to_json)
+      end
+    end
+
+    context 'when ENABLE_ACCOUNT_SIGNUP env variable is set to false' do
+      let(:email) { Faker::Internet.email }
+
+      it 'responds 404 on requests' do
+        params = { account_name: 'test', email: email }
+        ENV['ENABLE_ACCOUNT_SIGNUP'] = 'false'
+
+        post api_v1_accounts_url,
+             params: params,
+             as: :json
+
+        expect(response).to have_http_status(:not_found)
+        ENV['ENABLE_ACCOUNT_SIGNUP'] = nil
+      end
+    end
+
+    context 'when ENABLE_ACCOUNT_SIGNUP env variable is set to api_only' do
+      let(:email) { Faker::Internet.email }
+
+      it 'does not respond 404 on requests' do
+        params = { account_name: 'test', email: email }
+        ENV['ENABLE_ACCOUNT_SIGNUP'] = 'api_only'
+
+        post api_v1_accounts_url,
+             params: params,
+             as: :json
+
+        expect(response).not_to have_http_status(:not_found)
+        ENV['ENABLE_ACCOUNT_SIGNUP'] = nil
+      end
+    end
+  end
+end

spec/controllers/api/v1/accounts/conversations/messages_controller_spec.rb

@@ -1,10 +1,11 @@
 require 'rails_helper'
 
 RSpec.describe 'Conversation Messages API', type: :request do
-  let(:account) { create(:account) }
+  let!(:account) { create(:account) }
 
   describe 'POST /api/v1/accounts/{account.id}/conversations/<id>/messages' do
-    let(:conversation) { create(:conversation, account: account) }
+    let!(:inbox) { create(:inbox, account: account) }
+    let!(:conversation) { create(:conversation, inbox: inbox, account: account) }
 
     context 'when it is an unauthenticated user' do
       it 'returns unauthorized' do
@@ -30,6 +31,24 @@ RSpec.describe 'Conversation Messages API', type: :request do
         expect(conversation.messages.first.content).to eq(params[:message])
       end
     end
+
+    context 'when it is an authenticated agent bot' do
+      let!(:agent_bot) { create(:agent_bot) }
+
+      it 'creates a new outgoing message' do
+        create(:agent_bot_inbox, inbox: inbox, agent_bot: agent_bot)
+        params = { message: 'test-message' }
+
+        post api_v1_account_conversation_messages_url(account_id: account.id, conversation_id: conversation.display_id),
+             params: params,
+             headers: { api_access_token: agent_bot.access_token.token },
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(conversation.messages.count).to eq(1)
+        expect(conversation.messages.first.content).to eq(params[:message])
+      end
+    end
   end
 
   describe 'GET /api/v1/accounts/{account.id}/conversations/:id/messages' do

spec/controllers/api/v1/accounts/conversations_controller_spec.rb

@@ -80,6 +80,17 @@ RSpec.describe 'Conversations API', type: :request do
         expect(response).to have_http_status(:success)
         expect(conversation.reload.status).to eq('resolved')
       end
+
+      it 'toggles the conversation status to open from bot' do
+        conversation.update!(status: 'bot')
+
+        post "/api/v1/accounts/#{account.id}/conversations/#{conversation.display_id}/toggle_status",
+             headers: agent.create_new_auth_token,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(conversation.reload.status).to eq('open')
+      end
     end
   end
 

spec/controllers/api/v1/accounts/widget/inboxes_controller_spec.rb

@@ -0,0 +1,79 @@
+require 'rails_helper'
+
+RSpec.describe '/api/v1/accounts/{account.id}/widget/inboxes', type: :request do
+  let(:account) { create(:account) }
+  let(:inbox) { create(:inbox, account: account) }
+  let(:admin) { create(:user, account: account, role: :administrator) }
+  let(:agent) { create(:user, account: account, role: :agent) }
+
+  describe 'POST /api/v1/accounts/{account.id}/widget/inboxes' do
+    let(:params) { { website: { website_name: 'test', website_url: 'test.com', widget_color: '#eaeaea' } } }
+
+    context 'when unauthenticated user' do
+      it 'returns unauthorized' do
+        post "/api/v1/accounts/#{account.id}/widget/inboxes", params: params
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when user is logged in' do
+      context 'with user as administrator' do
+        it 'creates inbox and returns website_token' do
+          post "/api/v1/accounts/#{account.id}/widget/inboxes", params: params, headers: admin.create_new_auth_token
+
+          expect(response).to have_http_status(:success)
+          json_response = JSON.parse(response.body)
+
+          expect(json_response['name']).to eq('test')
+          expect(json_response['website_token']).not_to be_empty
+        end
+      end
+
+      context 'with user as agent' do
+        it 'returns unauthorized' do
+          post "/api/v1/accounts/#{account.id}/widget/inboxes",
+               params: params,
+               headers: agent.create_new_auth_token
+
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+    end
+  end
+
+  describe 'PATCH /api/v1/accounts/{account.id}/widget/inboxes/:id' do
+    let(:update_params) { { website: { widget_color: '#eaeaea' } } }
+
+    context 'when unauthenticated user' do
+      it 'returns unauthorized' do
+        patch "/api/v1/accounts/#{account.id}/widget/inboxes/#{inbox.channel_id}", params: update_params
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when user is logged in' do
+      context 'with user as administrator' do
+        it 'updates website channel' do
+          patch "/api/v1/accounts/#{account.id}/widget/inboxes/#{inbox.channel_id}",
+                params: update_params,
+                headers: admin.create_new_auth_token
+
+          expect(response).to have_http_status(:success)
+          json_response = JSON.parse(response.body)
+
+          expect(json_response['widget_color']).to eq('#eaeaea')
+        end
+      end
+
+      context 'with user as agent' do
+        it 'returns unauthorized' do
+          patch "/api/v1/accounts/#{account.id}/widget/inboxes/#{inbox.channel_id}",
+                params: update_params,
+                headers: agent.create_new_auth_token
+
+          expect(response).to have_http_status(:unauthorized)
+        end
+      end
+    end
+  end
+end