Show webhook subscription (LTI2 API)

Fixes PLAT-2322 Test Plan: - Create a valid subscription in the subscription service - Using a JWT access token in the authentication header, do a GET request to /api/lti/subscriptions/<subscription id> (Note that the tool doing this request mus use the same dev key as the one that created the subscription). - Verify the subscription is retrieved and a 200 is returned - Attempt to retrieve the subscription using the same endpoint without an authorization header. Verify 401 is returned - Attempt to do the get request with a tool that uses a different dev key than the one used to create the subscription. Verify a 404 is returned. Change-Id: I3ef986d91787a17b2a5ff9730ed7da53c0bfaed3 Reviewed-on: https://gerrit.instructure.com/103096 Reviewed-by: Nathan Mills <nathanm@instructure.com> QA-Review: August Thornton <august@instructure.com> Tested-by: Jenkins Product-Review: Weston Dransfield <wdransfield@instructure.com>
2017-02-27 08:41:21 -07:00 · 2017-02-27 08:41:21 -07:00 · 0d866d7d08
parent 37b2722db1
commit 0d866d7d08
3 changed files with 52 additions and 12 deletions
--- a/app/controllers/lti/subscriptions_api_controller.rb
+++ b/app/controllers/lti/subscriptions_api_controller.rb
@ -81,14 +81,17 @@ module Lti


    # @API Delete a Webhook Subscription
-    #
-    # @argument id [Required, String]
-    #   The id of the submission to delete
    def destroy
      service_response = Services::LiveEventsSubscriptionService.destroy_tool_proxy_subscription(tool_proxy, params.require(:id))
      forward_service_response(service_response)
    end

+    # @API Show a single Webhook Subscription
+    def show
+      service_response = Services::LiveEventsSubscriptionService.tool_proxy_subscription(tool_proxy, params.require(:id))
+      forward_service_response(service_response)
+    end
+
    private

    def forward_service_response(service_response)
--- a/config/routes.rb
+++ b/config/routes.rb
@ -1950,6 +1950,7 @@ CanvasRails::Application.routes.draw do
    scope(controller: 'lti/subscriptions_api') do
      post "subscriptions", action: :create
      delete "subscriptions/:id", action: :destroy
+      get "subscriptions/:id", action: :show
    end

    %w(course account).each do |context|
--- a/spec/apis/lti/subscriptions_api_spec.rb
+++ b/spec/apis/lti/subscriptions_api_spec.rb
@ -5,7 +5,18 @@ module Lti
    include_context 'lti2_api_spec_helper'

    let(:controller){ double(lti2_service_name: 'vnd.Canvas.webhooksSubscription') }
+    let(:subscription_id){ 'ab342-c444-29392-e222' }
+    let(:test_subscription){ {'RootAccountId' => '1', 'Id' => subscription_id} }

+    let(:show_endpoint){ "/api/lti/subscriptions/#{subscription_id}" }
+    let(:delete_endpoint){ "/api/lti/subscriptions/#{subscription_id}" }
+    let(:create_endpoint){ "/api/lti/subscriptions" }
+
+    let(:ok_response){ double(code: 200, body: subscription.to_json) }
+    let(:not_found_response){ double(code: 404, body: "{}") }
+    let(:delete_response){ double(code: 200, body: "{}") }
+
+    let(:subscription_service){ class_double(Services::LiveEventsSubscriptionService).as_stubbed_const }
    let(:subscription) do
      {
        EventTypes:["attachment_created"],
@ -19,7 +30,6 @@ module Lti

    describe '#create' do
      let(:test_subscription){ {'RootAccountId' => '1', 'foo' => 'bar'} }
-      let(:create_endpoint){ "/api/lti/subscriptions" }
      let(:stub_response){ double(code: 200, body: test_subscription.to_json) }

      before(:each) do
@ -80,14 +90,6 @@ module Lti
    end

    describe '#destroy' do
-      let(:subscription_id){ 'ab342-c444-29392-e222' }
-      let(:test_subscription){ {'RootAccountId' => '1', 'Id' => subscription_id} }
-      let(:delete_endpoint){ "/api/lti/subscriptions/#{subscription_id}" }
-      let(:ok_response){ double(code: 200, body: subscription.to_json) }
-      let(:not_found_response){ double(code: 404, body: "{}") }
-      let(:delete_response){ double(code: 200, body: "{}") }
-      let(:subscription_service){ class_double(Services::LiveEventsSubscriptionService).as_stubbed_const }
-
      before(:each) do
        allow(subscription_service).to receive_messages(destroy_tool_proxy_subscription: delete_response)
        allow_any_instance_of(Lti::ToolProxy).to receive(:active_in_context?).with(an_instance_of(Account)).and_return(true)
@ -122,5 +124,39 @@ module Lti
      end
    end

+    describe '#show' do
+      before(:each) do
+        allow_any_instance_of(Lti::ToolProxy).to receive(:active_in_context?).with(an_instance_of(Account)).and_return(true)
+        tool_proxy[:raw_data]['enabled_capability'] = %w(vnd.instructure.webhooks.assignment.attachment_created)
+        tool_proxy.save!
+      end
+
+      it 'updates subscriptions' do
+        allow(subscription_service).to receive_messages(tool_proxy_subscription: ok_response)
+        get show_endpoint, {}, request_headers
+        expect(response).to be_success
+      end
+
+      it 'gives gives 404 if subscription does not exist' do
+        allow(subscription_service).to receive_messages(destroy_tool_proxy_subscription: not_found_response)
+        get show_endpoint, {}, request_headers
+        expect(response).not_to be_success
+      end
+
+      it 'checks that the tool proxy has an active developer key' do
+        product_family.update_attributes(developer_key: nil)
+        allow(subscription_service).to receive_messages(tool_proxy_subscription: ok_response)
+        tool_proxy[:raw_data]['enabled_capability'] = %w(vnd.instructure.webhooks.assignment.attachment_created)
+        tool_proxy.save!
+        get show_endpoint, {}, request_headers
+        expect(response).to be_unauthorized
+      end
+
+      it 'requires JWT Access token' do
+        get show_endpoint, {}
+        expect(response).to be_unauthorized
+      end
+    end
+
  end
 end