Chore: Added tests for callbacks_controller (chatwoot#531)

* Chore: Added tests for callbacks_controller

app/controllers/api/v1/callbacks_controller.rb

@@ -1,8 +1,7 @@
 require 'rest-client'
 require 'telegram/bot'
-class Api::V1::CallbacksController < ApplicationController
-  skip_before_action :verify_authenticity_token, only: [:register_facebook_page]
-  skip_before_action :authenticate_user!, only: [:register_facebook_page], raise: false
+class Api::V1::CallbacksController < Api::BaseController
+  before_action :inbox, only: [:reauthorize_page]
 
   def register_facebook_page
     user_access_token = params[:user_access_token]
@@ -25,15 +24,13 @@ def get_facebook_pages
 
   # get params[:inbox_id], current_account, params[:omniauth_token]
   def reauthorize_page
-    if @inbox&.first&.facebook?
+    if @inbox&.facebook?
       fb_page_id = @inbox.channel.page_id
       page_details = fb_object.get_connections('me', 'accounts')
 
-      (page_details || []).each do |page_detail|
-        if fb_page_id == page_detail['id'] # found the page which has to be reauthorised
-          update_fb_page(fb_page_id, page_detail['access_token'])
-          head :ok
-        end
+      if (page_detail = (page_details || []).detect { |page| fb_page_id == page['id'] })
+        update_fb_page(fb_page_id, page_detail['access_token'])
+        return head :ok
       end
     end
 
@@ -46,18 +43,13 @@ def inbox
     @inbox = current_account.inboxes.find_by(id: params[:inbox_id])
   end
 
-  def update_fb_page
-    if fb_page(fb_page_id)
-      fb_page.update_attributes!(
-        user_access_token: @user_access_token, page_access_token: access_token
-      )
-      head :ok
-    else
-      head :unprocessable_entity
-    end
+  def update_fb_page(fb_page_id, access_token)
+    get_fb_page(fb_page_id)&.update_attributes!(
+      user_access_token: @user_access_token, page_access_token: access_token
+    )
   end
 
-  def fb_page(fb_page_id)
+  def get_fb_page(fb_page_id)
     current_account.facebook_pages.find_by(page_id: fb_page_id)
   end
 
@@ -68,7 +60,7 @@ def fb_object
 
   def long_lived_token(omniauth_token)
     koala = Koala::Facebook::OAuth.new(ENV['FB_APP_ID'], ENV['FB_APP_SECRET'])
-    long_lived_token = koala.exchange_access_token_info(omniauth_token)['access_token']
+    koala.exchange_access_token_info(omniauth_token)['access_token']
   end
 
   def mark_already_existing_facebook_pages(data)
@@ -81,7 +73,11 @@ def mark_already_existing_facebook_pages(data)
   end
 
   def set_avatar(facebook_channel, page_id)
-    avatar_resource = LocalResource.new(get_avatar_url(page_id))
+    uri = get_avatar_url(page_id)
+
+    return unless uri
+
+    avatar_resource = LocalResource.new(uri)
     facebook_channel.avatar.attach(io: avatar_resource.file, filename: avatar_resource.tmp_filename, content_type: avatar_resource.encoding)
   end
 
@@ -98,7 +94,6 @@ def get_avatar_url(page_id)
         raise
       end
       pic_url = response.base_uri.to_s
-      Rails.logger.info(pic_url)
     rescue StandardError => e
       pic_url = nil
     end

spec/controllers/api/v1/callbacks_controller_spec.rb

@@ -0,0 +1,132 @@
+require 'rails_helper'
+
+RSpec.describe 'Callbacks API', type: :request do
+  let(:account) { create(:account) }
+  let(:valid_params) { attributes_for(:channel_facebook_page).merge(page_name: 'Test', inbox_name: 'Test Inbox') }
+  let(:inbox) { create(:inbox, account: account) }
+  let!(:facebook_page) { create(:channel_facebook_page, inbox: inbox, account: account) }
+
+  # Doubles
+  let(:koala_api) { instance_double(Koala::Facebook::API) }
+  let(:koala_oauth) { instance_double(Koala::Facebook::OAuth) }
+
+  before do
+    # Mock new and return instance doubles defined above
+    allow(Koala::Facebook::OAuth).to receive(:new).and_return(koala_oauth)
+    allow(Koala::Facebook::API).to receive(:new).and_return(koala_api)
+
+    allow(Facebook::Messenger::Subscriptions).to receive(:subscribe).and_return(true)
+    allow(koala_api).to receive(:get_connections).and_return(
+      [{ 'id' => facebook_page.page_id, 'access_token' => SecureRandom.hex(10) }]
+    )
+    allow(koala_oauth).to receive(:exchange_access_token_info).and_return('access_token' => SecureRandom.hex(10))
+  end
+
+  describe 'POST /api/v1/callbacks/register_facebook_page' do
+    context 'when it is an unauthenticated user' do
+      it 'returns unauthorized' do
+        post '/api/v1/callbacks/register_facebook_page'
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated user' do
+      let(:admin) { create(:user, account: account, role: :administrator) }
+
+      it 'registers a new facebook page with no avatar' do
+        post '/api/v1/callbacks/register_facebook_page',
+             headers: admin.create_new_auth_token,
+             params: valid_params,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+      end
+
+      it 'registers a new facebook page with avatar' do
+        buf = OpenURI::Buffer.new
+        io = buf.io
+        io.base_uri = URI.parse('https://example.org')
+        allow_any_instance_of(URI::HTTP).to receive(:open).and_return(io) # rubocop:disable RSpec/AnyInstance
+
+        post '/api/v1/callbacks/register_facebook_page',
+             headers: admin.create_new_auth_token,
+             params: valid_params,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+      end
+
+      it 'registers a new facebook page with avatar on redirect' do
+        allow_any_instance_of(URI::HTTP).to receive(:open).and_raise(OpenURI::HTTPRedirect.new(nil, nil, URI.parse('https://example.org'))) # rubocop:disable RSpec/AnyInstance
+
+        post '/api/v1/callbacks/register_facebook_page',
+             headers: admin.create_new_auth_token,
+             params: valid_params,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+      end
+    end
+  end
+
+  describe 'POST /api/v1/callbacks/get_facebook_pages' do
+    context 'when it is an unauthenticated user' do
+      it 'returns unauthorized' do
+        post '/api/v1/callbacks/get_facebook_pages'
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated user' do
+      let(:admin) { create(:user, account: account, role: :administrator) }
+
+      it 'returns facebook pages of account' do
+        post '/api/v1/callbacks/get_facebook_pages',
+             headers: admin.create_new_auth_token,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+        expect(response.body).to include(facebook_page.page_id.to_s)
+      end
+    end
+  end
+
+  describe 'POST /api/v1/callbacks/reauthorize_page' do
+    context 'when it is an unauthenticated user' do
+      it 'returns unauthorized' do
+        post '/api/v1/callbacks/reauthorize_page'
+
+        expect(response).to have_http_status(:unauthorized)
+      end
+    end
+
+    context 'when it is an authenticated user' do
+      let(:admin) { create(:user, account: account, role: :administrator) }
+
+      it 'reauthorizes the page' do
+        params = { inbox_id: inbox.id }
+
+        post '/api/v1/callbacks/reauthorize_page',
+             headers: admin.create_new_auth_token,
+             params: params,
+             as: :json
+
+        expect(response).to have_http_status(:success)
+      end
+
+      it 'returns unprocessable_entity if no page found' do
+        allow(koala_api).to receive(:get_connections).and_return([])
+        params = { inbox_id: inbox.id }
+
+        post '/api/v1/callbacks/reauthorize_page',
+             headers: admin.create_new_auth_token,
+             params: params,
+             as: :json
+
+        expect(response).to have_http_status(:unprocessable_entity)
+      end
+    end
+  end
+end