2019-05-29 05:21:06 -04:00
|
|
|
const sinon = require('sinon')
|
|
|
|
const chai = require('chai')
|
|
|
|
const { expect } = chai
|
|
|
|
const modulePath = '../../../../app/src/Features/User/UserController.js'
|
|
|
|
const SandboxedModule = require('sandboxed-module')
|
2019-07-19 05:40:23 -04:00
|
|
|
const OError = require('@overleaf/o-error')
|
2019-05-29 05:21:06 -04:00
|
|
|
const Errors = require('../../../../app/src/Features/Errors/Errors')
|
2019-07-31 04:22:31 -04:00
|
|
|
const HttpErrors = require('@overleaf/o-error/http')
|
2019-05-29 05:21:06 -04:00
|
|
|
|
|
|
|
describe('UserController', function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
this.user_id = '323123'
|
|
|
|
|
|
|
|
this.user = {
|
|
|
|
_id: this.user_id,
|
|
|
|
save: sinon.stub().callsArgWith(0),
|
|
|
|
ace: {}
|
|
|
|
}
|
|
|
|
|
|
|
|
this.req = {
|
|
|
|
user: {},
|
|
|
|
session: {
|
|
|
|
destroy() {},
|
|
|
|
user: {
|
|
|
|
_id: this.user_id,
|
|
|
|
email: 'old@something.com'
|
|
|
|
}
|
|
|
|
},
|
2020-02-20 11:08:18 -05:00
|
|
|
sessionID: '123',
|
2019-06-14 12:31:46 -04:00
|
|
|
body: {},
|
|
|
|
i18n: {
|
|
|
|
translate: text => text
|
2020-03-02 07:32:12 -05:00
|
|
|
},
|
|
|
|
query: {}
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
2019-07-18 10:18:56 -04:00
|
|
|
this.UserDeleter = { deleteUser: sinon.stub().yields() }
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserGetter = {
|
|
|
|
getUser: sinon.stub().callsArgWith(1, null, this.user),
|
|
|
|
promises: { getUser: sinon.stub().resolves(this.user) }
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
this.User = { findById: sinon.stub().callsArgWith(1, null, this.user) }
|
|
|
|
this.NewsLetterManager = { unsubscribe: sinon.stub().callsArgWith(1) }
|
|
|
|
this.UserRegistrationHandler = { registerNewUser: sinon.stub() }
|
|
|
|
this.AuthenticationController = {
|
|
|
|
establishUserSession: sinon.stub().callsArg(2),
|
|
|
|
getLoggedInUserId: sinon.stub().returns(this.user._id),
|
|
|
|
getSessionUser: sinon.stub().returns(this.req.session.user),
|
|
|
|
setInSessionUser: sinon.stub()
|
|
|
|
}
|
|
|
|
this.AuthenticationManager = {
|
|
|
|
authenticate: sinon.stub(),
|
|
|
|
setUserPassword: sinon.stub(),
|
|
|
|
validatePassword: sinon.stub()
|
|
|
|
}
|
|
|
|
this.ReferalAllocator = { allocate: sinon.stub() }
|
|
|
|
this.SubscriptionDomainHandler = { autoAllocate: sinon.stub() }
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserUpdater = {
|
|
|
|
changeEmailAddress: sinon.stub(),
|
|
|
|
promises: {
|
|
|
|
confirmEmail: sinon.stub().resolves(),
|
|
|
|
addAffiliationForNewUser: sinon.stub().resolves()
|
|
|
|
}
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
this.settings = { siteUrl: 'sharelatex.example.com' }
|
|
|
|
this.UserHandler = { populateTeamInvites: sinon.stub().callsArgWith(1) }
|
|
|
|
this.UserSessionsManager = {
|
|
|
|
trackSession: sinon.stub(),
|
|
|
|
untrackSession: sinon.stub(),
|
|
|
|
revokeAllUserSessions: sinon.stub().callsArgWith(2, null)
|
|
|
|
}
|
|
|
|
this.SudoModeHandler = { clearSudoMode: sinon.stub() }
|
2020-07-16 02:47:46 -04:00
|
|
|
this.HttpErrorHandler = {
|
2020-07-20 09:21:28 -04:00
|
|
|
conflict: sinon.stub(),
|
2020-07-16 02:47:46 -04:00
|
|
|
unprocessableEntity: sinon.stub()
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
this.UserController = SandboxedModule.require(modulePath, {
|
2019-07-15 06:33:47 -04:00
|
|
|
globals: {
|
|
|
|
console: console
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
requires: {
|
|
|
|
'./UserGetter': this.UserGetter,
|
|
|
|
'./UserDeleter': this.UserDeleter,
|
|
|
|
'./UserUpdater': this.UserUpdater,
|
|
|
|
'../../models/User': {
|
|
|
|
User: this.User
|
|
|
|
},
|
|
|
|
'../Newsletter/NewsletterManager': this.NewsLetterManager,
|
|
|
|
'./UserRegistrationHandler': this.UserRegistrationHandler,
|
|
|
|
'../Authentication/AuthenticationController': this
|
|
|
|
.AuthenticationController,
|
|
|
|
'../Authentication/AuthenticationManager': this.AuthenticationManager,
|
2020-03-02 07:32:12 -05:00
|
|
|
'../../infrastructure/Features': (this.Features = {
|
|
|
|
hasFeature: sinon.stub()
|
|
|
|
}),
|
2019-05-29 05:21:06 -04:00
|
|
|
'../Referal/ReferalAllocator': this.ReferalAllocator,
|
|
|
|
'../Subscription/SubscriptionDomainHandler': this
|
|
|
|
.SubscriptionDomainHandler,
|
|
|
|
'./UserHandler': this.UserHandler,
|
|
|
|
'./UserSessionsManager': this.UserSessionsManager,
|
|
|
|
'../SudoMode/SudoModeHandler': this.SudoModeHandler,
|
2020-07-16 02:47:46 -04:00
|
|
|
'../Errors/HttpErrorHandler': this.HttpErrorHandler,
|
2019-05-29 05:21:06 -04:00
|
|
|
'settings-sharelatex': this.settings,
|
|
|
|
'logger-sharelatex': {
|
|
|
|
log() {},
|
2019-07-01 09:48:09 -04:00
|
|
|
warn() {},
|
2020-03-02 07:32:12 -05:00
|
|
|
err() {},
|
|
|
|
error() {}
|
2019-05-29 05:21:06 -04:00
|
|
|
},
|
|
|
|
'metrics-sharelatex': {
|
|
|
|
inc() {}
|
|
|
|
},
|
2019-07-19 05:40:23 -04:00
|
|
|
'../Errors/Errors': Errors,
|
2020-03-02 07:32:12 -05:00
|
|
|
'@overleaf/o-error': OError,
|
2019-07-31 04:22:31 -04:00
|
|
|
'@overleaf/o-error/http': HttpErrors,
|
2019-07-25 11:10:31 -04:00
|
|
|
'../Email/EmailHandler': { sendEmail: sinon.stub() }
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
})
|
|
|
|
|
|
|
|
this.res = {
|
|
|
|
send: sinon.stub(),
|
2019-06-14 12:31:46 -04:00
|
|
|
status: sinon.stub(),
|
2019-05-29 05:21:06 -04:00
|
|
|
sendStatus: sinon.stub(),
|
|
|
|
json: sinon.stub()
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.res.status.returns(this.res)
|
|
|
|
this.next = sinon.stub()
|
|
|
|
this.callback = sinon.stub()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
describe('tryDeleteUser', function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
this.req.body.password = 'wat'
|
|
|
|
this.req.logout = sinon.stub()
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0, null)
|
|
|
|
this.AuthenticationController.getLoggedInUserId = sinon
|
|
|
|
.stub()
|
|
|
|
.returns(this.user._id)
|
|
|
|
this.AuthenticationManager.authenticate = sinon
|
|
|
|
.stub()
|
|
|
|
.callsArgWith(2, null, this.user)
|
|
|
|
})
|
|
|
|
|
|
|
|
it('should send 200', function(done) {
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
code.should.equal(200)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should try to authenticate user', function(done) {
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.AuthenticationManager.authenticate.callCount.should.equal(1)
|
|
|
|
this.AuthenticationManager.authenticate
|
|
|
|
.calledWith({ _id: this.user._id }, this.req.body.password)
|
|
|
|
.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should delete the user', function(done) {
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.UserDeleter.deleteUser.callCount.should.equal(1)
|
|
|
|
this.UserDeleter.deleteUser.calledWith(this.user._id).should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
describe('when no password is supplied', function() {
|
|
|
|
beforeEach(function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req.body.password = ''
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should return 403', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.res.sendStatus = code => {
|
|
|
|
code.should.equal(403)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('when authenticate produces an error', function() {
|
|
|
|
beforeEach(function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.AuthenticationManager.authenticate = sinon
|
2019-05-29 05:21:06 -04:00
|
|
|
.stub()
|
2020-03-02 07:32:12 -05:00
|
|
|
.callsArgWith(2, new Error('woops'))
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should call next with an error', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.next = err => {
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
expect(err).to.be.instanceof(Error)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('when authenticate does not produce a user', function() {
|
|
|
|
beforeEach(function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.AuthenticationManager.authenticate = sinon
|
2019-05-29 05:21:06 -04:00
|
|
|
.stub()
|
2020-03-02 07:32:12 -05:00
|
|
|
.callsArgWith(2, null, null)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should return 403', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.res.sendStatus = code => {
|
|
|
|
code.should.equal(403)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('when deleteUser produces an error', function() {
|
|
|
|
beforeEach(function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserDeleter.deleteUser = sinon.stub().yields(new Error('woops'))
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should call next with an error', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.next = err => {
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
expect(err).to.be.instanceof(Error)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('when deleteUser produces a known error', function() {
|
|
|
|
beforeEach(function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserDeleter.deleteUser = sinon
|
2019-05-29 05:21:06 -04:00
|
|
|
.stub()
|
2020-03-02 07:32:12 -05:00
|
|
|
.yields(new Errors.SubscriptionAdminDeletionError())
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2020-07-16 02:47:46 -04:00
|
|
|
it('should return a HTTP Unprocessable Entity error', function(done) {
|
|
|
|
this.HttpErrorHandler.unprocessableEntity = sinon.spy(
|
|
|
|
(req, res, message, info) => {
|
|
|
|
expect(req).to.exist
|
|
|
|
expect(res).to.exist
|
|
|
|
expect(message).to.equal('error while deleting user account')
|
|
|
|
expect(info).to.deep.equal({
|
|
|
|
error: 'SubscriptionAdminDeletionError'
|
|
|
|
})
|
|
|
|
done()
|
|
|
|
}
|
|
|
|
)
|
|
|
|
this.UserController.tryDeleteUser(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
describe('when session.destroy produces an error', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
beforeEach(function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req.session.destroy = sinon
|
2019-05-29 05:21:06 -04:00
|
|
|
.stub()
|
2020-03-02 07:32:12 -05:00
|
|
|
.callsArgWith(0, new Error('woops'))
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should call next with an error', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.next = err => {
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
expect(err).to.be.instanceof(Error)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
2019-08-07 10:04:04 -04:00
|
|
|
describe('unsubscribe', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
it('should send the user to unsubscribe', function(done) {
|
2020-05-06 06:02:16 -04:00
|
|
|
this.res.sendStatus = () => {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.NewsLetterManager.unsubscribe
|
|
|
|
.calledWith(this.user)
|
|
|
|
.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.unsubscribe(this.req, this.res)
|
2019-08-07 10:04:04 -04:00
|
|
|
})
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
|
|
|
|
describe('updateUserSettings', function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
this.newEmail = 'hello@world.com'
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req.externalAuthenticationSystemUsed = sinon.stub().returns(false)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should call save', function(done) {
|
|
|
|
this.req.body = {}
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.user.save.called.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should set the first name', function(done) {
|
|
|
|
this.req.body = { first_name: 'bobby ' }
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.user.first_name.should.equal('bobby')
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should set the role', function(done) {
|
|
|
|
this.req.body = { role: 'student' }
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.user.role.should.equal('student')
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should set the institution', function(done) {
|
|
|
|
this.req.body = { institution: 'MIT' }
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.user.institution.should.equal('MIT')
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should set some props on ace', function(done) {
|
|
|
|
this.req.body = { editorTheme: 'something' }
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.user.ace.theme.should.equal('something')
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should set the overall theme', function(done) {
|
|
|
|
this.req.body = { overallTheme: 'green-ish' }
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
this.user.ace.overallTheme.should.equal('green-ish')
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should send an error if the email is 0 len', function(done) {
|
|
|
|
this.req.body.email = ''
|
|
|
|
this.res.sendStatus = function(code) {
|
|
|
|
code.should.equal(400)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should send an error if the email does not contain an @', function(done) {
|
|
|
|
this.req.body.email = 'bob at something dot com'
|
|
|
|
this.res.sendStatus = function(code) {
|
|
|
|
code.should.equal(400)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should call the user updater with the new email and user _id', function(done) {
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
code.should.equal(200)
|
|
|
|
this.UserUpdater.changeEmailAddress
|
|
|
|
.calledWith(this.user_id, this.newEmail)
|
|
|
|
.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should update the email on the session', function(done) {
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
let callcount = 0
|
|
|
|
this.User.findById = (id, cb) => {
|
|
|
|
if (++callcount === 2) {
|
|
|
|
this.user.email = this.newEmail
|
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
cb(null, this.user)
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
code.should.equal(200)
|
|
|
|
this.AuthenticationController.setInSessionUser
|
|
|
|
.calledWith(this.req, {
|
|
|
|
email: this.newEmail,
|
|
|
|
first_name: undefined,
|
|
|
|
last_name: undefined
|
|
|
|
})
|
|
|
|
.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should call populateTeamInvites', function(done) {
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
code.should.equal(200)
|
|
|
|
this.UserHandler.populateTeamInvites
|
|
|
|
.calledWith(this.user)
|
|
|
|
.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2020-04-23 07:52:36 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
describe('when changeEmailAddress yields an error', function() {
|
|
|
|
it('should pass on an error and not send a success status', function(done) {
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2, new Error())
|
|
|
|
const next = err => {
|
|
|
|
expect(err).to.exist
|
|
|
|
process.nextTick(() => {
|
|
|
|
// logic in User.findById
|
|
|
|
expect(this.res.send.called).to.equal(false)
|
|
|
|
expect(this.res.sendStatus.called).to.equal(false)
|
|
|
|
// logic after error handling
|
|
|
|
expect(this.User.findById.callCount).to.equal(1)
|
|
|
|
done()
|
|
|
|
})
|
|
|
|
}
|
|
|
|
this.UserController.updateUserSettings(this.req, this.res, next)
|
|
|
|
})
|
2020-07-20 09:21:28 -04:00
|
|
|
|
|
|
|
it('should call the HTTP conflict error handler when the email already exists', function(done) {
|
|
|
|
this.HttpErrorHandler.conflict = sinon.spy((req, res, message) => {
|
|
|
|
expect(req).to.exist
|
|
|
|
expect(req).to.exist
|
|
|
|
message.should.equal('email_already_registered')
|
|
|
|
done()
|
|
|
|
})
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(
|
|
|
|
2,
|
|
|
|
new Errors.EmailExistsError()
|
|
|
|
)
|
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
describe('when using an external auth source', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
beforeEach(function() {
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
this.newEmail = 'someone23@example.com'
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req.externalAuthenticationSystemUsed = sinon.stub().returns(true)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should not set a new email', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body.email = this.newEmail
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
code.should.equal(200)
|
|
|
|
this.UserUpdater.changeEmailAddress
|
|
|
|
.calledWith(this.user_id, this.newEmail)
|
|
|
|
.should.equal(false)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.updateUserSettings(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('logout', function() {
|
|
|
|
it('should destroy the session', function(done) {
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
this.res.redirect = url => {
|
|
|
|
url.should.equal('/login')
|
|
|
|
this.req.session.destroy.called.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.logout(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should clear sudo-mode', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
this.SudoModeHandler.clearSudoMode = sinon.stub()
|
|
|
|
this.res.redirect = url => {
|
|
|
|
url.should.equal('/login')
|
|
|
|
this.SudoModeHandler.clearSudoMode.callCount.should.equal(1)
|
|
|
|
this.SudoModeHandler.clearSudoMode
|
|
|
|
.calledWith(this.user._id)
|
|
|
|
.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.logout(this.req, this.res)
|
2019-09-25 10:29:10 -04:00
|
|
|
})
|
|
|
|
|
2020-02-20 11:08:18 -05:00
|
|
|
it('should untrack session', function(done) {
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
this.SudoModeHandler.clearSudoMode = sinon.stub()
|
|
|
|
this.res.redirect = url => {
|
|
|
|
url.should.equal('/login')
|
|
|
|
this.UserSessionsManager.untrackSession.callCount.should.equal(1)
|
|
|
|
this.UserSessionsManager.untrackSession
|
|
|
|
.calledWith(sinon.match(this.req.user), this.req.sessionID)
|
|
|
|
.should.equal(true)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2020-02-20 11:08:18 -05:00
|
|
|
}
|
|
|
|
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.logout(this.req, this.res)
|
2020-02-20 11:08:18 -05:00
|
|
|
})
|
|
|
|
|
2019-09-25 10:29:10 -04:00
|
|
|
it('should redirect after logout', function(done) {
|
|
|
|
this.req.body.redirect = '/institutional-login'
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
this.SudoModeHandler.clearSudoMode = sinon.stub()
|
|
|
|
this.res.redirect = url => {
|
|
|
|
url.should.equal(this.req.body.redirect)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-09-25 10:29:10 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.logout(this.req, this.res)
|
2019-09-25 10:29:10 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should redirect to login after logout when no redirect set', function(done) {
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
this.SudoModeHandler.clearSudoMode = sinon.stub()
|
|
|
|
this.res.redirect = url => {
|
|
|
|
url.should.equal('/login')
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-09-25 10:29:10 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.logout(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('register', function() {
|
|
|
|
beforeEach(function() {
|
|
|
|
this.UserRegistrationHandler.registerNewUserAndSendActivationEmail = sinon
|
|
|
|
.stub()
|
|
|
|
.callsArgWith(1, null, this.user, (this.url = 'mock/url'))
|
|
|
|
this.req.body.email = this.user.email = this.email = 'email@example.com'
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.register(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('should register the user and send them an email', function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserRegistrationHandler.registerNewUserAndSendActivationEmail
|
2019-05-29 05:21:06 -04:00
|
|
|
.calledWith(this.email)
|
|
|
|
.should.equal(true)
|
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should return the user and activation url', function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
this.res.json
|
2019-05-29 05:21:06 -04:00
|
|
|
.calledWith({
|
|
|
|
email: this.email,
|
|
|
|
setNewPasswordUrl: this.url
|
|
|
|
})
|
|
|
|
.should.equal(true)
|
|
|
|
})
|
|
|
|
})
|
|
|
|
|
|
|
|
describe('clearSessions', function() {
|
|
|
|
it('should call revokeAllUserSessions', function(done) {
|
|
|
|
this.UserController.clearSessions(this.req, this.res)
|
|
|
|
this.UserSessionsManager.revokeAllUserSessions.callCount.should.equal(1)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
it('send a 201 response', function(done) {
|
|
|
|
this.res.sendStatus = status => {
|
|
|
|
status.should.equal(201)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.clearSessions(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-08-07 10:04:04 -04:00
|
|
|
describe('when revokeAllUserSessions produces an error', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
it('should call next with an error', function(done) {
|
|
|
|
this.UserSessionsManager.revokeAllUserSessions.callsArgWith(
|
|
|
|
2,
|
|
|
|
new Error('woops')
|
|
|
|
)
|
|
|
|
const next = err => {
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
expect(err).to.be.instanceof(Error)
|
2020-03-02 07:32:12 -05:00
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2020-03-02 07:32:12 -05:00
|
|
|
this.UserController.clearSessions(this.req, this.res, next)
|
2019-08-07 10:04:04 -04:00
|
|
|
})
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
describe('changePassword', function() {
|
2019-06-14 12:31:46 -04:00
|
|
|
it('should check the old password is the current one at the moment', function() {
|
|
|
|
this.AuthenticationManager.authenticate.yields()
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = { currentPassword: 'oldpasshere' }
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
this.AuthenticationManager.authenticate.should.have.been.calledWith(
|
|
|
|
{ _id: this.user._id },
|
|
|
|
'oldpasshere'
|
|
|
|
)
|
|
|
|
this.AuthenticationManager.setUserPassword.callCount.should.equal(0)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-14 12:31:46 -04:00
|
|
|
it('it should not set the new password if they do not match', function() {
|
|
|
|
this.AuthenticationManager.authenticate.yields(null, {})
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = {
|
|
|
|
newPassword1: '1',
|
|
|
|
newPassword2: '2'
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
this.res.status.should.have.been.calledWith(400)
|
|
|
|
this.AuthenticationManager.setUserPassword.callCount.should.equal(0)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-14 12:31:46 -04:00
|
|
|
it('should set the new password if they do match', function() {
|
|
|
|
this.AuthenticationManager.authenticate.yields(null, this.user)
|
|
|
|
this.AuthenticationManager.setUserPassword.yields()
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = {
|
|
|
|
newPassword1: 'newpass',
|
|
|
|
newPassword2: 'newpass'
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
this.AuthenticationManager.setUserPassword.should.have.been.calledWith(
|
|
|
|
this.user._id,
|
|
|
|
'newpass'
|
|
|
|
)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
2019-06-14 12:31:46 -04:00
|
|
|
it('it should not set the new password if it is invalid', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.AuthenticationManager.validatePassword = sinon
|
|
|
|
.stub()
|
2019-06-14 12:31:46 -04:00
|
|
|
.returns({ message: 'validation-error' })
|
|
|
|
this.AuthenticationManager.authenticate.yields(null, {})
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = {
|
2019-06-14 12:31:46 -04:00
|
|
|
newPassword1: 'newpass',
|
|
|
|
newPassword2: 'newpass'
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
this.AuthenticationManager.setUserPassword.callCount.should.equal(0)
|
|
|
|
this.res.status.should.have.been.calledWith(400)
|
|
|
|
this.res.json.should.have.been.calledWith({
|
|
|
|
message: {
|
|
|
|
type: 'error',
|
|
|
|
text: 'validation-error'
|
|
|
|
}
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
})
|
2020-03-02 07:32:12 -05:00
|
|
|
|
2020-03-11 09:21:44 -04:00
|
|
|
describe('ensureAffiliationMiddleware', function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
describe('without affiliations feature', function() {
|
|
|
|
beforeEach(async function() {
|
2020-03-11 09:21:44 -04:00
|
|
|
await this.UserController.promises.ensureAffiliationMiddleware(
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req,
|
|
|
|
this.res,
|
|
|
|
this.next
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should not run affiliation check', function() {
|
|
|
|
expect(this.UserGetter.promises.getUser).to.not.have.been.called
|
|
|
|
expect(this.UserUpdater.promises.confirmEmail).to.not.have.been.called
|
|
|
|
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.not.have
|
|
|
|
.been.called
|
|
|
|
})
|
|
|
|
it('should not return an error', function() {
|
|
|
|
expect(this.next).to.be.calledWith()
|
|
|
|
})
|
|
|
|
})
|
2020-03-11 09:21:44 -04:00
|
|
|
describe('without ensureAffiliation query parameter', function() {
|
2020-03-02 07:32:12 -05:00
|
|
|
beforeEach(async function() {
|
|
|
|
this.Features.hasFeature.withArgs('affiliations').returns(true)
|
2020-03-11 09:21:44 -04:00
|
|
|
await this.UserController.promises.ensureAffiliationMiddleware(
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req,
|
|
|
|
this.res,
|
|
|
|
this.next
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should not run middleware', function() {
|
|
|
|
expect(this.UserGetter.promises.getUser).to.not.have.been.called
|
|
|
|
expect(this.UserUpdater.promises.confirmEmail).to.not.have.been.called
|
|
|
|
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.not.have
|
|
|
|
.been.called
|
|
|
|
})
|
|
|
|
it('should not return an error', function() {
|
|
|
|
expect(this.next).to.be.calledWith()
|
|
|
|
})
|
|
|
|
})
|
|
|
|
describe('no flagged email', function() {
|
|
|
|
beforeEach(async function() {
|
|
|
|
const email = 'unit-test@overleaf.com'
|
|
|
|
this.user.email = email
|
|
|
|
this.user.emails = [
|
|
|
|
{
|
|
|
|
email
|
|
|
|
}
|
|
|
|
]
|
|
|
|
this.Features.hasFeature.withArgs('affiliations').returns(true)
|
2020-03-11 09:21:44 -04:00
|
|
|
this.req.query.ensureAffiliation = true
|
|
|
|
await this.UserController.promises.ensureAffiliationMiddleware(
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req,
|
|
|
|
this.res,
|
|
|
|
this.next
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should get the user', function() {
|
|
|
|
expect(this.UserGetter.promises.getUser).to.have.been.calledWith(
|
|
|
|
this.user._id
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should not try to add affiliation or update user', function() {
|
|
|
|
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.not.have
|
|
|
|
.been.called
|
|
|
|
})
|
|
|
|
it('should not return an error', function() {
|
|
|
|
expect(this.next).to.be.calledWith()
|
|
|
|
})
|
|
|
|
})
|
|
|
|
describe('flagged non-SSO email', function() {
|
|
|
|
let emailFlagged
|
|
|
|
beforeEach(async function() {
|
|
|
|
emailFlagged = 'flagged@overleaf.com'
|
|
|
|
this.user.email = emailFlagged
|
|
|
|
this.user.emails = [
|
|
|
|
{
|
|
|
|
email: emailFlagged,
|
|
|
|
affiliationUnchecked: true
|
|
|
|
}
|
|
|
|
]
|
|
|
|
this.Features.hasFeature.withArgs('affiliations').returns(true)
|
2020-03-11 09:21:44 -04:00
|
|
|
this.req.query.ensureAffiliation = true
|
|
|
|
await this.UserController.promises.ensureAffiliationMiddleware(
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req,
|
|
|
|
this.res,
|
|
|
|
this.next
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should unflag the emails but not confirm', function() {
|
|
|
|
expect(
|
|
|
|
this.UserUpdater.promises.addAffiliationForNewUser
|
|
|
|
).to.have.been.calledWith(this.user._id, emailFlagged)
|
|
|
|
expect(
|
|
|
|
this.UserUpdater.promises.confirmEmail
|
|
|
|
).to.not.have.been.calledWith(this.user._id, emailFlagged)
|
|
|
|
})
|
|
|
|
it('should not return an error', function() {
|
|
|
|
expect(this.next).to.be.calledWith()
|
|
|
|
})
|
|
|
|
})
|
|
|
|
describe('flagged SSO email', function() {
|
|
|
|
let emailFlagged
|
|
|
|
beforeEach(async function() {
|
|
|
|
emailFlagged = 'flagged@overleaf.com'
|
|
|
|
this.user.email = emailFlagged
|
|
|
|
this.user.emails = [
|
|
|
|
{
|
|
|
|
email: emailFlagged,
|
|
|
|
affiliationUnchecked: true,
|
|
|
|
samlProviderId: '123'
|
|
|
|
}
|
|
|
|
]
|
|
|
|
this.Features.hasFeature.withArgs('affiliations').returns(true)
|
2020-03-11 09:21:44 -04:00
|
|
|
this.req.query.ensureAffiliation = true
|
|
|
|
await this.UserController.promises.ensureAffiliationMiddleware(
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req,
|
|
|
|
this.res,
|
|
|
|
this.next
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should add affiliation to v1, unflag and confirm on v2', function() {
|
|
|
|
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.have.not
|
|
|
|
.been.called
|
|
|
|
expect(this.UserUpdater.promises.confirmEmail).to.have.been.calledWith(
|
|
|
|
this.user._id,
|
|
|
|
emailFlagged
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should not return an error', function() {
|
|
|
|
expect(this.next).to.be.calledWith()
|
|
|
|
})
|
|
|
|
})
|
|
|
|
describe('when v1 returns an error', function() {
|
|
|
|
let emailFlagged
|
|
|
|
beforeEach(async function() {
|
|
|
|
this.UserUpdater.promises.addAffiliationForNewUser.rejects()
|
|
|
|
emailFlagged = 'flagged@overleaf.com'
|
|
|
|
this.user.email = emailFlagged
|
|
|
|
this.user.emails = [
|
|
|
|
{
|
|
|
|
email: emailFlagged,
|
|
|
|
affiliationUnchecked: true
|
|
|
|
}
|
|
|
|
]
|
|
|
|
this.Features.hasFeature.withArgs('affiliations').returns(true)
|
2020-03-11 09:21:44 -04:00
|
|
|
this.req.query.ensureAffiliation = true
|
|
|
|
await this.UserController.promises.ensureAffiliationMiddleware(
|
2020-03-02 07:32:12 -05:00
|
|
|
this.req,
|
|
|
|
this.res,
|
|
|
|
this.next
|
|
|
|
)
|
|
|
|
})
|
|
|
|
it('should return the error', function() {
|
|
|
|
expect(this.next).to.be.calledWith(sinon.match.instanceOf(Error))
|
|
|
|
})
|
|
|
|
})
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|