mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-01-28 10:19:50 +01:00
user/emails
This commit is contained in:
Barış Soner Uşaklı
@@ -163,8 +163,6 @@ helpers.copyFile = function (source, target, callback) {
|
||||
helpers.invite = async function (data, uid, jar, csrf_token) {
|
||||
const { response, body } = await request.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, {
|
||||
jar: jar,
|
||||
// using "form" since client "api" module make requests with "application/x-www-form-urlencoded" content-type
|
||||
// form: body,
|
||||
data: data,
|
||||
headers: {
|
||||
'x-csrf-token': csrf_token,
|
||||
@@ -173,7 +171,6 @@ helpers.invite = async function (data, uid, jar, csrf_token) {
|
||||
});
|
||||
console.log(response.status, body);
|
||||
|
||||
// res.body = JSON.parse(res.body);
|
||||
return { response, body };
|
||||
};
|
||||
|
||||
|
||||
369
test/user.js
369
test/user.js
@@ -6,8 +6,6 @@ const fs = require('fs');
|
||||
const path = require('path');
|
||||
const nconf = require('nconf');
|
||||
const validator = require('validator');
|
||||
const request = require('request');
|
||||
const requestAsync = require('request-promise-native');
|
||||
const jwt = require('jsonwebtoken');
|
||||
|
||||
const db = require('./mocks/databasemock');
|
||||
@@ -24,6 +22,7 @@ const socketUser = require('../src/socket.io/user');
|
||||
const apiUser = require('../src/api/users');
|
||||
const utils = require('../src/utils');
|
||||
const privileges = require('../src/privileges');
|
||||
const request = require('../src/request');
|
||||
|
||||
describe('User', () => {
|
||||
let userData;
|
||||
@@ -355,13 +354,12 @@ describe('User', () => {
|
||||
const titles = new Array(10).fill('topic title');
|
||||
const res = await Promise.allSettled(titles.map(async (title) => {
|
||||
const { body } = await helpers.request('post', '/api/v3/topics', {
|
||||
form: {
|
||||
data: {
|
||||
cid: testCid,
|
||||
title: title,
|
||||
content: 'the content',
|
||||
},
|
||||
jar: jar,
|
||||
json: true,
|
||||
});
|
||||
return body.status;
|
||||
}));
|
||||
@@ -991,14 +989,12 @@ describe('User', () => {
|
||||
|
||||
it('should let you set an external image', async () => {
|
||||
const token = await helpers.getCsrfToken(jar);
|
||||
const body = await requestAsync(`${nconf.get('url')}/api/v3/users/${uid}/picture`, {
|
||||
const { body } = await request.put(`${nconf.get('url')}/api/v3/users/${uid}/picture`, {
|
||||
jar,
|
||||
method: 'put',
|
||||
json: true,
|
||||
headers: {
|
||||
'x-csrf-token': token,
|
||||
},
|
||||
body: {
|
||||
data: {
|
||||
type: 'external',
|
||||
url: 'https://example.org/picture.jpg',
|
||||
},
|
||||
@@ -1193,46 +1189,35 @@ describe('User', () => {
|
||||
});
|
||||
});
|
||||
|
||||
it('should load profile page', (done) => {
|
||||
request(`${nconf.get('url')}/api/user/updatedagain`, { jar: jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(body);
|
||||
done();
|
||||
});
|
||||
it('should load profile page', async () => {
|
||||
const { response, body } = await request.get(`${nconf.get('url')}/api/user/updatedagain`, { jar });
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(body);
|
||||
});
|
||||
|
||||
it('should load settings page', (done) => {
|
||||
request(`${nconf.get('url')}/api/user/updatedagain/settings`, { jar: jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(body.settings);
|
||||
assert(body.languages);
|
||||
assert(body.homePageRoutes);
|
||||
done();
|
||||
});
|
||||
it('should load settings page', async () => {
|
||||
const { response, body } = await request.get(`${nconf.get('url')}/api/user/updatedagain/settings`, { jar });
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(body.settings);
|
||||
assert(body.languages);
|
||||
assert(body.homePageRoutes);
|
||||
});
|
||||
|
||||
it('should load edit page', (done) => {
|
||||
request(`${nconf.get('url')}/api/user/updatedagain/edit`, { jar: jar, json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(body);
|
||||
done();
|
||||
});
|
||||
it('should load edit page', async () => {
|
||||
const { response, body } = await request.get(`${nconf.get('url')}/api/user/updatedagain/edit`, { jar });
|
||||
assert.equal(response.statusCode, 200);
|
||||
assert(body);
|
||||
});
|
||||
|
||||
it('should load edit/email page', async () => {
|
||||
const res = await requestAsync(`${nconf.get('url')}/api/user/updatedagain/edit/email`, { jar: jar, json: true, resolveWithFullResponse: true });
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert(res.body);
|
||||
const { response, body } = await request.get(`${nconf.get('url')}/api/user/updatedagain/edit/email`, { jar });
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert(body);
|
||||
|
||||
// Accessing this page will mark the user's account as needing an updated email, below code undo's.
|
||||
await requestAsync({
|
||||
uri: `${nconf.get('url')}/register/abort`,
|
||||
await request.post(`${nconf.get('url')}/register/abort`, {
|
||||
jar,
|
||||
method: 'POST',
|
||||
simple: false,
|
||||
validateStatus: null,
|
||||
headers: {
|
||||
'x-csrf-token': csrf_token,
|
||||
},
|
||||
@@ -1246,7 +1231,7 @@ describe('User', () => {
|
||||
});
|
||||
|
||||
await groups.join('Test', uid);
|
||||
const body = await requestAsync(`${nconf.get('url')}/api/user/updatedagain/groups`, { jar: jar, json: true });
|
||||
const { body } = await request.get(`${nconf.get('url')}/api/user/updatedagain/groups`, { jar });
|
||||
|
||||
assert(Array.isArray(body.groups));
|
||||
assert.equal(body.groups[0].name, 'Test');
|
||||
@@ -1549,106 +1534,65 @@ describe('User', () => {
|
||||
});
|
||||
|
||||
describe('unsubscribe via POST', () => {
|
||||
it('should unsubscribe from digest if one-click unsubscribe is POSTed', (done) => {
|
||||
it('should unsubscribe from digest if one-click unsubscribe is POSTed', async () => {
|
||||
const token = jwt.sign({
|
||||
template: 'digest',
|
||||
uid: uid,
|
||||
}, nconf.get('secret'));
|
||||
|
||||
request({
|
||||
method: 'post',
|
||||
url: `${nconf.get('url')}/email/unsubscribe/${token}`,
|
||||
}, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
|
||||
db.getObjectField(`user:${uid}:settings`, 'dailyDigestFreq', (err, value) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(value, 'off');
|
||||
done();
|
||||
});
|
||||
});
|
||||
const { response } = await request.post(`${nconf.get('url')}/email/unsubscribe/${token}`);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
const value = await db.getObjectField(`user:${uid}:settings`, 'dailyDigestFreq');
|
||||
assert.strictEqual(value, 'off');
|
||||
});
|
||||
|
||||
it('should unsubscribe from notifications if one-click unsubscribe is POSTed', (done) => {
|
||||
it('should unsubscribe from notifications if one-click unsubscribe is POSTed', async () => {
|
||||
const token = jwt.sign({
|
||||
template: 'notification',
|
||||
type: 'test',
|
||||
uid: uid,
|
||||
}, nconf.get('secret'));
|
||||
|
||||
request({
|
||||
method: 'post',
|
||||
url: `${nconf.get('url')}/email/unsubscribe/${token}`,
|
||||
}, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await request.post(`${nconf.get('url')}/email/unsubscribe/${token}`);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
|
||||
db.getObjectField(`user:${uid}:settings`, 'notificationType_test', (err, value) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(value, 'notification');
|
||||
done();
|
||||
});
|
||||
});
|
||||
const value = await db.getObjectField(`user:${uid}:settings`, 'notificationType_test');
|
||||
assert.strictEqual(value, 'notification');
|
||||
});
|
||||
|
||||
it('should return errors on missing template in token', (done) => {
|
||||
it('should return errors on missing template in token', async () => {
|
||||
const token = jwt.sign({
|
||||
uid: uid,
|
||||
}, nconf.get('secret'));
|
||||
|
||||
request({
|
||||
method: 'post',
|
||||
url: `${nconf.get('url')}/email/unsubscribe/${token}`,
|
||||
}, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 404);
|
||||
done();
|
||||
});
|
||||
const { response } = await request.post(`${nconf.get('url')}/email/unsubscribe/${token}`, { validateStatus: null });
|
||||
assert.strictEqual(response.statusCode, 404);
|
||||
});
|
||||
|
||||
it('should return errors on wrong template in token', (done) => {
|
||||
it('should return errors on wrong template in token', async () => {
|
||||
const token = jwt.sign({
|
||||
template: 'user',
|
||||
uid: uid,
|
||||
}, nconf.get('secret'));
|
||||
|
||||
request({
|
||||
method: 'post',
|
||||
url: `${nconf.get('url')}/email/unsubscribe/${token}`,
|
||||
}, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 404);
|
||||
done();
|
||||
});
|
||||
const { response } = await request.post(`${nconf.get('url')}/email/unsubscribe/${token}`, { validateStatus: null });
|
||||
assert.strictEqual(response.statusCode, 404);
|
||||
});
|
||||
|
||||
it('should return errors on missing token', (done) => {
|
||||
request({
|
||||
method: 'post',
|
||||
url: `${nconf.get('url')}/email/unsubscribe/`,
|
||||
}, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 404);
|
||||
done();
|
||||
});
|
||||
it('should return errors on missing token', async () => {
|
||||
const { response } = await request.post(`${nconf.get('url')}/email/unsubscribe/`, { validateStatus: null });
|
||||
assert.strictEqual(response.statusCode, 404);
|
||||
});
|
||||
|
||||
it('should return errors on token signed with wrong secret (verify-failure)', (done) => {
|
||||
it('should return errors on token signed with wrong secret (verify-failure)', async () => {
|
||||
const token = jwt.sign({
|
||||
template: 'notification',
|
||||
type: 'test',
|
||||
uid: uid,
|
||||
}, `${nconf.get('secret')}aababacaba`);
|
||||
|
||||
request({
|
||||
method: 'post',
|
||||
url: `${nconf.get('url')}/email/unsubscribe/${token}`,
|
||||
}, (err, res) => {
|
||||
assert.ifError(err);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
done();
|
||||
});
|
||||
const { response } = await request.post(`${nconf.get('url')}/email/unsubscribe/${token}`, { validateStatus: null });
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -1974,89 +1918,66 @@ describe('User', () => {
|
||||
gdpr_consent: true,
|
||||
});
|
||||
const { jar } = await helpers.loginUser('admin', '123456');
|
||||
const { users } = await requestAsync(`${nconf.get('url')}/api/admin/manage/registration`, { jar, json: true });
|
||||
const { body: { users } } = await request.get(`${nconf.get('url')}/api/admin/manage/registration`, { jar });
|
||||
assert.equal(users[0].username, 'rejectme');
|
||||
assert.equal(users[0].email, '<script>alert("ok")<script>reject@me.com');
|
||||
});
|
||||
|
||||
it('should fail to add user to queue if username is taken', (done) => {
|
||||
helpers.registerUser({
|
||||
it('should fail to add user to queue if username is taken', async () => {
|
||||
const { body } = await helpers.registerUser({
|
||||
username: 'rejectme',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: '<script>alert("ok")<script>reject@me.com',
|
||||
gdpr_consent: true,
|
||||
}, (err, jar, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body, '[[error:username-taken]]');
|
||||
done();
|
||||
});
|
||||
assert.equal(body, '[[error:username-taken]]');
|
||||
});
|
||||
|
||||
it('should fail to add user to queue if email is taken', (done) => {
|
||||
helpers.registerUser({
|
||||
it('should fail to add user to queue if email is taken', async () => {
|
||||
const { body } = await helpers.registerUser({
|
||||
username: 'rejectmenew',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: '<script>alert("ok")<script>reject@me.com',
|
||||
gdpr_consent: true,
|
||||
}, (err, jar, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(body, '[[error:email-taken]]');
|
||||
done();
|
||||
});
|
||||
assert.equal(body, '[[error:email-taken]]');
|
||||
});
|
||||
|
||||
it('should reject user registration', (done) => {
|
||||
socketUser.rejectRegistration({ uid: adminUid }, { username: 'rejectme' }, (err) => {
|
||||
assert.ifError(err);
|
||||
User.getRegistrationQueue(0, -1, (err, users) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(users.length, 0);
|
||||
done();
|
||||
});
|
||||
});
|
||||
it('should reject user registration', async () => {
|
||||
await socketUser.rejectRegistration({ uid: adminUid }, { username: 'rejectme' });
|
||||
const users = await User.getRegistrationQueue(0, -1);
|
||||
assert.equal(users.length, 0);
|
||||
});
|
||||
|
||||
it('should accept user registration', (done) => {
|
||||
helpers.registerUser({
|
||||
it('should accept user registration', async () => {
|
||||
await helpers.registerUser({
|
||||
username: 'acceptme',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: 'accept@me.com',
|
||||
gdpr_consent: true,
|
||||
}, (err) => {
|
||||
assert.ifError(err);
|
||||
socketUser.acceptRegistration({ uid: adminUid }, { username: 'acceptme' }, (err, uid) => {
|
||||
assert.ifError(err);
|
||||
User.exists(uid, (err, exists) => {
|
||||
assert.ifError(err);
|
||||
assert(exists);
|
||||
User.getRegistrationQueue(0, -1, (err, users) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(users.length, 0);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
const uid = await socketUser.acceptRegistration({ uid: adminUid }, { username: 'acceptme' });
|
||||
const exists = await User.exists(uid);
|
||||
assert(exists);
|
||||
const users = await User.getRegistrationQueue(0, -1);
|
||||
assert.equal(users.length, 0);
|
||||
});
|
||||
|
||||
it('should trim username and add user to registration queue', (done) => {
|
||||
helpers.registerUser({
|
||||
it('should trim username and add user to registration queue', async () => {
|
||||
await helpers.registerUser({
|
||||
username: 'invalidname\r\n',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: 'invalidtest@test.com',
|
||||
gdpr_consent: true,
|
||||
}, (err) => {
|
||||
assert.ifError(err);
|
||||
db.getSortedSetRange('registration:queue', 0, -1, (err, data) => {
|
||||
assert.ifError(err);
|
||||
assert.equal(data[0], 'invalidname');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
const users = await db.getSortedSetRange('registration:queue', 0, -1);
|
||||
assert.equal(users[0], 'invalidname');
|
||||
});
|
||||
});
|
||||
|
||||
@@ -2104,16 +2025,16 @@ describe('User', () => {
|
||||
});
|
||||
|
||||
it('should error if user does not have invite privilege', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, notAnInviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, 'You do not have enough privileges for this action.');
|
||||
const { response, body } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, notAnInviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.strictEqual(body.status.message, 'You do not have enough privileges for this action.');
|
||||
});
|
||||
|
||||
it('should error out if user tries to use an inviter\'s uid via the API', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
const { response, body } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
const numInvites = await User.getInvitesNumber(inviterUid);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, 'You do not have enough privileges for this action.');
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.strictEqual(body.status.message, 'You do not have enough privileges for this action.');
|
||||
assert.strictEqual(numInvites, 0);
|
||||
});
|
||||
});
|
||||
@@ -2127,82 +2048,82 @@ describe('User', () => {
|
||||
});
|
||||
|
||||
it('should error with invalid data', async () => {
|
||||
const { res } = await helpers.invite({}, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 400);
|
||||
assert.strictEqual(res.body.status.message, 'Invalid Data');
|
||||
const { response, body } = await helpers.invite({}, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 400);
|
||||
assert.strictEqual(body.status.message, 'Invalid Data');
|
||||
});
|
||||
|
||||
it('should error if user is not admin and type is admin-invite-only', async () => {
|
||||
meta.config.registrationType = 'admin-invite-only';
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, 'You do not have enough privileges for this action.');
|
||||
const { response, body } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.strictEqual(body.status.message, 'You do not have enough privileges for this action.');
|
||||
});
|
||||
|
||||
it('should send invitation email (without groups to be joined)', async () => {
|
||||
meta.config.registrationType = 'normal';
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should send multiple invitation emails (with a public group to be joined)', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite2@test.com,invite3@test.com', groupsToJoin: [PUBLIC_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response, body } = await helpers.invite({ emails: 'invite2@test.com,invite3@test.com', groupsToJoin: [PUBLIC_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should error if the user has not permission to invite to the group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: [PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, 'You do not have enough privileges for this action.');
|
||||
const { response, body } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: [PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.strictEqual(body.status.message, 'You do not have enough privileges for this action.');
|
||||
});
|
||||
|
||||
it('should error if a non-admin tries to invite to the administrators group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: ['administrators'] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, 'You do not have enough privileges for this action.');
|
||||
const { response, body } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: ['administrators'] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.strictEqual(body.status.message, 'You do not have enough privileges for this action.');
|
||||
});
|
||||
|
||||
it('should to invite to own private group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: [OWN_PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: [OWN_PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should to invite to multiple groups', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite5@test.com', groupsToJoin: [PUBLIC_GROUP, OWN_PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await helpers.invite({ emails: 'invite5@test.com', groupsToJoin: [PUBLIC_GROUP, OWN_PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should error if tries to invite to hidden group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [HIDDEN_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
const { response } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [HIDDEN_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
});
|
||||
|
||||
it('should error if out of invitations', async () => {
|
||||
meta.config.maximumInvites = 1;
|
||||
const { res } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, `You have invited the maximum amount of people (${5} out of ${1}).`);
|
||||
const { response, body } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.strictEqual(body.status.message, `You have invited the maximum amount of people (${5} out of ${1}).`);
|
||||
meta.config.maximumInvites = 10;
|
||||
});
|
||||
|
||||
it('should send invitation email after maximumInvites increased', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should error if invite is sent via API with a different UID', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'inviter@nodebb.org', groupsToJoin: [] }, adminUid, jar, csrf_token);
|
||||
const { response, body } = await helpers.invite({ emails: 'inviter@nodebb.org', groupsToJoin: [] }, adminUid, jar, csrf_token);
|
||||
const numInvites = await User.getInvitesNumber(adminUid);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, 'You do not have enough privileges for this action.');
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
assert.strictEqual(body.status.message, 'You do not have enough privileges for this action.');
|
||||
assert.strictEqual(numInvites, 0);
|
||||
});
|
||||
|
||||
it('should succeed if email exists but not actually send an invite', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'inviter@nodebb.org', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
const { response } = await helpers.invite({ emails: 'inviter@nodebb.org', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
const numInvites = await User.getInvitesNumber(adminUid);
|
||||
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert.strictEqual(numInvites, 0);
|
||||
});
|
||||
});
|
||||
@@ -2223,8 +2144,8 @@ describe('User', () => {
|
||||
});
|
||||
|
||||
it('should invite to the administrators group if inviter is an admin', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite99@test.com', groupsToJoin: ['administrators'] }, adminUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
const { response } = await helpers.invite({ emails: 'invite99@test.com', groupsToJoin: ['administrators'] }, adminUid, jar, csrf_token);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -2319,29 +2240,18 @@ describe('User', () => {
|
||||
const groupsToJoin = [PUBLIC_GROUP, OWN_PRIVATE_GROUP];
|
||||
const token = await db.get(`invitation:uid:${inviterUid}:invited:${email}`);
|
||||
|
||||
await new Promise((resolve, reject) => {
|
||||
helpers.registerUser({
|
||||
username: 'invite5',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: email,
|
||||
gdpr_consent: true,
|
||||
token: token,
|
||||
}, async (err, jar, response, body) => {
|
||||
if (err) {
|
||||
reject(err);
|
||||
}
|
||||
|
||||
const memberships = await groups.isMemberOfGroups(body.uid, groupsToJoin);
|
||||
const joinedToAll = memberships.filter(Boolean);
|
||||
|
||||
if (joinedToAll.length !== groupsToJoin.length) {
|
||||
reject(new Error('Not joined to the groups'));
|
||||
}
|
||||
|
||||
resolve();
|
||||
});
|
||||
const { body } = await helpers.registerUser({
|
||||
username: 'invite5',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: email,
|
||||
gdpr_consent: true,
|
||||
token: token,
|
||||
});
|
||||
|
||||
const memberships = await groups.isMemberOfGroups(body.uid, groupsToJoin);
|
||||
const joinedToAll = memberships.filter(Boolean);
|
||||
assert.strictEqual(joinedToAll.length, groupsToJoin.length, 'Not joined to the groups');
|
||||
});
|
||||
});
|
||||
|
||||
@@ -2354,9 +2264,7 @@ describe('User', () => {
|
||||
});
|
||||
|
||||
it('should show a list of groups for adding to an invite', async () => {
|
||||
const body = await requestAsync({
|
||||
url: `${nconf.get('url')}/api/v3/users/${inviterUid}/invites/groups`,
|
||||
json: true,
|
||||
const { body } = await helpers.request('get', `/api/v3/users/${inviterUid}/invites/groups`, {
|
||||
jar,
|
||||
});
|
||||
|
||||
@@ -2366,15 +2274,11 @@ describe('User', () => {
|
||||
});
|
||||
|
||||
it('should error out if you request invite groups for another uid', async () => {
|
||||
const res = await requestAsync({
|
||||
url: `${nconf.get('url')}/api/v3/users/${adminUid}/invites/groups`,
|
||||
json: true,
|
||||
const { response } = await helpers.request('get', `/api/v3/users/${adminUid}/invites/groups`, {
|
||||
jar,
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
});
|
||||
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
});
|
||||
});
|
||||
});
|
||||
@@ -2515,8 +2419,8 @@ describe('User', () => {
|
||||
|
||||
async function assertPrivacy({ expectVisible, jar, v3Api, emailOnly }) {
|
||||
const path = v3Api ? `v3/users/${hidingUser.uid}` : `user/${hidingUser.username}`;
|
||||
const response = await requestAsync(`${nconf.get('url')}/api/${path}`, { json: true, jar });
|
||||
const { response: userData } = v3Api ? response : { response };
|
||||
const { body } = await request.get(`${nconf.get('url')}/api/${path}`, { jar });
|
||||
const userData = v3Api ? body.response : body;
|
||||
|
||||
assert.strictEqual(userData.email, expectVisible ? hidingUser.email : '');
|
||||
if (!emailOnly) {
|
||||
@@ -2657,24 +2561,19 @@ describe('User', () => {
|
||||
assert.strictEqual(userData[1].email, '');
|
||||
});
|
||||
|
||||
it('should hide fullname in topic list and topic', (done) => {
|
||||
Topics.post({
|
||||
it('should hide fullname in topic list and topic', async () => {
|
||||
await Topics.post({
|
||||
uid: hidingUser.uid,
|
||||
title: 'Topic hidden',
|
||||
content: 'lorem ipsum',
|
||||
cid: testCid,
|
||||
}, (err) => {
|
||||
assert.ifError(err);
|
||||
request(`${nconf.get('url')}/api/recent`, { json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert(!body.topics[0].user.hasOwnProperty('fullname'));
|
||||
request(`${nconf.get('url')}/api/topic/${body.topics[0].slug}`, { json: true }, (err, res, body) => {
|
||||
assert.ifError(err);
|
||||
assert(!body.posts[0].user.hasOwnProperty('fullname'));
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
const { body: body1 } = await request.get(`${nconf.get('url')}/api/recent`);
|
||||
assert(!body1.topics[0].user.hasOwnProperty('fullname'));
|
||||
|
||||
const { body: body2 } = await request.get(`${nconf.get('url')}/api/topic/${body1.topics[0].slug}`);
|
||||
assert(!body2.posts[0].user.hasOwnProperty('fullname'));
|
||||
});
|
||||
});
|
||||
|
||||
|
||||
@@ -141,26 +141,16 @@ describe('email confirmation (library methods)', () => {
|
||||
describe('email confirmation (v3 api)', () => {
|
||||
let userObj;
|
||||
let jar;
|
||||
const register = data => new Promise((resolve, reject) => {
|
||||
helpers.registerUser(data, (err, jar, response, body) => {
|
||||
if (err) {
|
||||
return reject(err);
|
||||
}
|
||||
|
||||
resolve({ jar, response, body });
|
||||
});
|
||||
});
|
||||
|
||||
before(async () => {
|
||||
// If you're running this file directly, uncomment these lines
|
||||
await register({
|
||||
await helpers.registerUser({
|
||||
username: 'fake-user',
|
||||
password: 'derpioansdosa',
|
||||
email: 'b@c.com',
|
||||
gdpr_consent: true,
|
||||
});
|
||||
|
||||
({ body: userObj, jar } = await register({
|
||||
({ body: userObj, jar } = await helpers.registerUser({
|
||||
username: 'email-test',
|
||||
password: 'abcdef',
|
||||
email: 'test@example.org',
|
||||
@@ -174,43 +164,40 @@ describe('email confirmation (v3 api)', () => {
|
||||
});
|
||||
|
||||
it('should not list their email', async () => {
|
||||
const { res, body } = await helpers.request('get', `/api/v3/users/${userObj.uid}/emails`, {
|
||||
const { response, body } = await helpers.request('get', `/api/v3/users/${userObj.uid}/emails`, {
|
||||
jar,
|
||||
json: true,
|
||||
});
|
||||
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert.deepStrictEqual(body, JSON.parse('{"status":{"code":"ok","message":"OK"},"response":{"emails":[]}}'));
|
||||
});
|
||||
|
||||
it('should not allow confirmation if they are not an admin', async () => {
|
||||
const { res } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, {
|
||||
const { response } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, {
|
||||
jar,
|
||||
json: true,
|
||||
});
|
||||
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(response.statusCode, 403);
|
||||
});
|
||||
|
||||
it('should not confirm an email that is not pending or set', async () => {
|
||||
await groups.join('administrators', userObj.uid);
|
||||
const { res, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('fake@example.org')}/confirm`, {
|
||||
const { response } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('fake@example.org')}/confirm`, {
|
||||
jar,
|
||||
json: true,
|
||||
});
|
||||
|
||||
assert.strictEqual(res.statusCode, 404);
|
||||
assert.strictEqual(response.statusCode, 404);
|
||||
await groups.leave('administrators', userObj.uid);
|
||||
});
|
||||
|
||||
it('should confirm their email (using the pending validation)', async () => {
|
||||
await groups.join('administrators', userObj.uid);
|
||||
const { res, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, {
|
||||
const { response, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, {
|
||||
jar,
|
||||
json: true,
|
||||
});
|
||||
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert.deepStrictEqual(body, JSON.parse('{"status":{"code":"ok","message":"OK"},"response":{}}'));
|
||||
await groups.leave('administrators', userObj.uid);
|
||||
});
|
||||
@@ -221,12 +208,12 @@ describe('email confirmation (v3 api)', () => {
|
||||
({ jar } = await helpers.loginUser('email-test', 'abcdef')); // email removal logs out everybody
|
||||
await groups.join('administrators', userObj.uid);
|
||||
|
||||
const { res, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, {
|
||||
const { response, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, {
|
||||
jar,
|
||||
json: true,
|
||||
});
|
||||
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
assert.strictEqual(response.statusCode, 200);
|
||||
assert.deepStrictEqual(body, JSON.parse('{"status":{"code":"ok","message":"OK"},"response":{}}'));
|
||||
await groups.leave('administrators', userObj.uid);
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user