dsrptlab/clientsflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restructure omni services and add Chatwoot research snapshot

Browse Source
This commit is contained in:
Ruslan Bakiev
2026-02-21 11:11:27 +07:00
parent edea7a0034
commit b73babbbf6
7732 changed files with 978203 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
research/chatwoot/spec/requests/api/v1/accounts/base_controller_spec.rb Normal file
View File

@@ -0,0 +1,63 @@
require 'rails_helper'
RSpec.describe 'Api::V1::Accounts::BaseController', type: :request do
let(:account) { create(:account) }
let(:inbox) { create(:inbox, account: account) }
let!(:conversation) { create(:conversation, account: account, inbox: inbox) }
let(:agent) { create(:user, account: account, role: :agent) }
before do
create(:inbox_member, inbox: inbox, user: agent)
end
context 'when agent bot belongs to the account' do
let(:agent_bot) { create(:agent_bot, account: account) }
it 'allows assignments via API' do
post api_v1_account_conversation_assignments_url(account_id: account.id, conversation_id: conversation.display_id),
headers: { api_access_token: agent_bot.access_token.token },
params: { assignee_id: agent.id },
as: :json
expect(response).to have_http_status(:success)
end
end
context 'when agent bot belongs to another account' do
let(:other_account) { create(:account) }
let(:external_bot) { create(:agent_bot, account: other_account) }
it 'rejects assignment' do
post api_v1_account_conversation_assignments_url(account_id: account.id, conversation_id: conversation.display_id),
headers: { api_access_token: external_bot.access_token.token },
params: { assignee_id: agent.id },
as: :json
expect(response).to have_http_status(:unauthorized)
end
end
context 'when agent bot is global' do
let(:global_bot) { create(:agent_bot, account: nil) }
it 'rejects requests without inbox mapping' do
post api_v1_account_conversation_assignments_url(account_id: account.id, conversation_id: conversation.display_id),
headers: { api_access_token: global_bot.access_token.token },
params: { assignee_id: agent.id },
as: :json
expect(response).to have_http_status(:unauthorized)
end
it 'allows requests when inbox mapping exists' do
create(:agent_bot_inbox, agent_bot: global_bot, inbox: inbox)
post api_v1_account_conversation_assignments_url(account_id: account.id, conversation_id: conversation.display_id),
headers: { api_access_token: global_bot.access_token.token },
params: { assignee_id: agent.id },
as: :json
expect(response).to have_http_status(:success)
end
end
end

114
research/chatwoot/spec/requests/api/v1/accounts/integrations/slack_request_spec.rb Normal file
View File

@@ -0,0 +1,114 @@
require 'rails_helper'
RSpec.describe 'Api::V1::Accounts::Integrations::Slacks' do
let(:account) { create(:account) }
let(:admin) { create(:user, account: account, role: :administrator) }
let!(:hook) { create(:integrations_hook, account: account) }
describe 'POST /api/v1/accounts/{account.id}/integrations/slack' do
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
post "/api/v1/accounts/#{account.id}/integrations/slack", params: {}
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated user' do
it 'creates hook' do
hook_builder = double
expect(hook_builder).to receive(:perform).and_return(hook)
expect(Integrations::Slack::HookBuilder).to receive(:new).and_return(hook_builder)
post "/api/v1/accounts/#{account.id}/integrations/slack",
params: { code: SecureRandom.hex },
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['id']).to eql('slack')
end
end
end
describe 'PUT /api/v1/accounts/{account.id}/integrations/slack/' do
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
put "/api/v1/accounts/#{account.id}/integrations/slack/", params: {}
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated user' do
it 'updates hook if the channel id is correct' do
channel_builder = double
expect(channel_builder).to receive(:update).and_return(hook)
expect(Integrations::Slack::ChannelBuilder).to receive(:new).and_return(channel_builder)
put "/api/v1/accounts/#{account.id}/integrations/slack",
params: { channel: SecureRandom.hex },
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['hooks'][0]['id']).to eql(hook.id)
end
it 'does not update the hook if the channel id is not correct' do
channel_builder = double
expect(channel_builder).to receive(:update)
expect(Integrations::Slack::ChannelBuilder).to receive(:new).and_return(channel_builder)
put "/api/v1/accounts/#{account.id}/integrations/slack",
params: { channel: SecureRandom.hex },
headers: admin.create_new_auth_token
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eql('Invalid slack channel. Please try again')
end
end
end
describe 'GET /api/v1/accounts/{account.id}/integrations/slack/list_all_channels' do
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
get "/api/v1/accounts/#{account.id}/integrations/slack/list_all_channels", params: {}
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated user' do
it 'updates hook if the channel id is correct' do
channel_builder = double
expect(channel_builder).to receive(:fetch_channels).and_return([{ 'id' => '1', 'name' => 'channel-1' }])
expect(Integrations::Slack::ChannelBuilder).to receive(:new).and_return(channel_builder)
get "/api/v1/accounts/#{account.id}/integrations/slack/list_all_channels",
params: { channel: SecureRandom.hex },
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response).to eql([{ 'id' => '1', 'name' => 'channel-1' }])
end
end
end
describe 'DELETE /api/v1/accounts/{account.id}/integrations/slack' do
context 'when it is an unauthenticated user' do
it 'returns unauthorized' do
delete "/api/v1/accounts/#{account.id}/integrations/slack", params: {}
expect(response).to have_http_status(:unauthorized)
end
end
context 'when it is an authenticated user' do
it 'deletes hook' do
delete "/api/v1/accounts/#{account.id}/integrations/slack",
headers: admin.create_new_auth_token
expect(response).to have_http_status(:success)
expect(Integrations::Hook.find_by(id: hook.id)).to be_nil
end
end
end
end

15
research/chatwoot/spec/requests/api/v1/integrations/webhooks_request_spec.rb Normal file
View File

@@ -0,0 +1,15 @@
require 'rails_helper'
RSpec.describe 'Api::V1::Integrations::Webhooks' do
describe 'POST /api/v1/integrations/webhooks' do
it 'consumes webhook' do
builder = Integrations::Slack::IncomingMessageBuilder.new({})
expect(builder).to receive(:perform).and_return(true)
expect(Integrations::Slack::IncomingMessageBuilder).to receive(:new).and_return(builder)
post '/api/v1/integrations/webhooks', params: {}
expect(response).to have_http_status(:success)
end
end
end

274
research/chatwoot/spec/requests/api/v1/profile/mfa_controller_spec.rb Normal file
View File

@@ -0,0 +1,274 @@
require 'rails_helper'
RSpec.describe 'MFA API', type: :request do
before do
skip('Skipping since MFA is not configured in this environment') unless Chatwoot.encryption_configured?
allow(Chatwoot).to receive(:mfa_enabled?).and_return(true)
end
let(:account) { create(:account) }
let(:user) { create(:user, account: account, password: 'Test@123456') }
describe 'GET /api/v1/profile/mfa' do
context 'when 2FA is disabled' do
it 'returns MFA disabled status' do
get '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_falsey
expect(json_response['backup_codes_generated']).to be_falsey
end
end
context 'when 2FA is enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
end
it 'returns MFA enabled status' do
get '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_truthy
end
context 'with backup codes generated' do
before do
user.generate_backup_codes!
end
it 'indicates backup codes are generated' do
get '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['backup_codes_generated']).to be_truthy
end
end
end
end
describe 'POST /api/v1/profile/mfa' do
context 'when 2FA is not enabled' do
it 'enables 2FA and returns QR code URL' do
post '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['provisioning_url']).not_to be_nil
expect(json_response['provisioning_url']).to include('otpauth://totp')
expect(json_response['secret']).not_to be_nil
user.reload
expect(user.otp_secret).not_to be_nil
end
end
context 'when 2FA is already enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
end
it 'returns error message' do
post '/api/v1/profile/mfa',
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.already_enabled'))
end
end
end
describe 'POST /api/v1/profile/mfa/verify' do
before do
user.enable_two_factor!
end
context 'with valid OTP code' do
it 'verifies and confirms 2FA setup with backup codes' do
otp_code = user.current_otp
post '/api/v1/profile/mfa/verify',
params: { otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_truthy
expect(json_response['backup_codes']).to be_an(Array)
expect(json_response['backup_codes'].length).to eq(10)
user.reload
expect(user.otp_required_for_login).to be_truthy
expect(user.otp_backup_codes).not_to be_nil
end
end
context 'with invalid OTP code' do
it 'returns error message' do
post '/api/v1/profile/mfa/verify',
params: { otp_code: '000000' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.invalid_code'))
end
end
context 'when 2FA is already verified' do
before do
user.update!(otp_required_for_login: true)
end
it 'returns already enabled error' do
post '/api/v1/profile/mfa/verify',
params: { otp_code: user.current_otp },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.already_enabled'))
end
end
end
describe 'DELETE /api/v1/profile/mfa' do
context 'when 2FA is enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
user.generate_backup_codes!
end
context 'with valid password and OTP' do
it 'disables 2FA successfully' do
otp_code = user.current_otp
delete '/api/v1/profile/mfa',
params: { password: 'Test@123456', otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['enabled']).to be_falsey
user.reload
expect(user.otp_required_for_login).to be_falsey
expect(user.otp_secret).to be_nil
expect(user.otp_backup_codes).to be_blank
end
end
context 'with invalid password' do
it 'returns error message' do
otp_code = user.current_otp
delete '/api/v1/profile/mfa',
params: { password: 'wrong_password', otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to include('Invalid')
end
end
context 'with invalid OTP' do
it 'returns error message' do
delete '/api/v1/profile/mfa',
params: { password: 'Test@123456', otp_code: '000000' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to include('Invalid')
end
end
end
context 'when 2FA is not enabled' do
it 'returns not enabled error' do
delete '/api/v1/profile/mfa',
params: { password: 'Test@123456', otp_code: '123456' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.not_enabled'))
end
end
end
describe 'POST /api/v1/profile/mfa/backup_codes' do
context 'when 2FA is enabled' do
before do
user.enable_two_factor!
user.update!(otp_required_for_login: true)
end
context 'with valid OTP' do
it 'generates new backup codes' do
otp_code = user.current_otp
post '/api/v1/profile/mfa/backup_codes',
params: { otp_code: otp_code },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:success)
json_response = response.parsed_body
expect(json_response['backup_codes']).to be_an(Array)
expect(json_response['backup_codes'].length).to eq(10)
end
end
context 'with invalid OTP' do
it 'returns error message' do
post '/api/v1/profile/mfa/backup_codes',
params: { otp_code: '000000' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.invalid_code'))
end
end
end
context 'when 2FA is not enabled' do
it 'returns not enabled error' do
post '/api/v1/profile/mfa/backup_codes',
params: { otp_code: '123456' },
headers: user.create_new_auth_token,
as: :json
expect(response).to have_http_status(:unprocessable_entity)
json_response = response.parsed_body
expect(json_response['error']).to eq(I18n.t('errors.mfa.not_enabled'))
end
end
end
end