overleaf/services/web/test/unit/src/User/UserControllerTests.js

1012 lines
34 KiB
JavaScript
Raw Normal View History

const sinon = require('sinon')
const { expect } = require('chai')
const modulePath = '../../../../app/src/Features/User/UserController.js'
const SandboxedModule = require('sandboxed-module')
const OError = require('@overleaf/o-error')
const Errors = require('../../../../app/src/Features/Errors/Errors')
describe('UserController', function () {
beforeEach(function () {
this.user_id = '323123'
this.user = {
_id: this.user_id,
email: 'email@overleaf.com',
save: sinon.stub().callsArgWith(0),
ace: {},
}
this.req = {
user: {},
session: {
destroy() {},
user: {
_id: this.user_id,
email: 'old@something.com',
},
analyticsId: this.user_id,
},
sessionID: '123',
body: {},
i18n: {
translate: text => text,
},
ip: '0:0:0:0',
query: {},
headers: {},
}
this.UserDeleter = { deleteUser: sinon.stub().yields() }
this.UserGetter = {
getUser: sinon.stub().callsArgWith(1, null, this.user),
promises: { getUser: sinon.stub().resolves(this.user) },
}
this.User = { findById: sinon.stub().callsArgWith(1, null, this.user) }
this.NewsLetterManager = { unsubscribe: sinon.stub().callsArgWith(1) }
this.UserRegistrationHandler = { registerNewUser: sinon.stub() }
this.AuthenticationController = {
establishUserSession: sinon.stub().callsArg(2),
}
this.SessionManager = {
getLoggedInUserId: sinon.stub().returns(this.user._id),
getSessionUser: sinon.stub().returns(this.req.session.user),
setInSessionUser: sinon.stub(),
}
this.AuthenticationManager = {
authenticate: sinon.stub(),
validatePassword: sinon.stub(),
promises: {
authenticate: sinon.stub(),
setUserPassword: sinon.stub(),
},
}
this.UserUpdater = {
changeEmailAddress: sinon.stub(),
promises: {
confirmEmail: sinon.stub().resolves(),
addAffiliationForNewUser: sinon.stub().resolves(),
},
}
this.settings = { siteUrl: 'sharelatex.example.com' }
this.UserHandler = { populateTeamInvites: sinon.stub().callsArgWith(1) }
this.UserSessionsManager = {
trackSession: sinon.stub(),
untrackSession: sinon.stub(),
revokeAllUserSessions: sinon.stub().callsArgWith(2, null),
promises: {
getAllUserSessions: sinon.stub().resolves(),
revokeAllUserSessions: sinon.stub().resolves(),
},
}
this.HttpErrorHandler = {
badRequest: sinon.stub(),
conflict: sinon.stub(),
unprocessableEntity: sinon.stub(),
legacyInternal: sinon.stub(),
}
this.UrlHelper = {
getSafeRedirectPath: sinon.stub(),
}
this.UrlHelper.getSafeRedirectPath
.withArgs('https://evil.com')
.returns(undefined)
this.UrlHelper.getSafeRedirectPath.returnsArg(0)
this.acceptsJson = sinon.stub().returns(false)
this.UserController = SandboxedModule.require(modulePath, {
requires: {
'../Helpers/UrlHelper': this.UrlHelper,
'./UserGetter': this.UserGetter,
'./UserDeleter': this.UserDeleter,
'./UserUpdater': this.UserUpdater,
'../../models/User': {
User: this.User,
},
'../Newsletter/NewsletterManager': this.NewsLetterManager,
'./UserRegistrationHandler': this.UserRegistrationHandler,
'../Authentication/AuthenticationController': this
.AuthenticationController,
'../Authentication/SessionManager': this.SessionManager,
'../Authentication/AuthenticationManager': this.AuthenticationManager,
'../../infrastructure/Features': (this.Features = {
hasFeature: sinon.stub(),
}),
'./UserAuditLogHandler': (this.UserAuditLogHandler = {
promises: {
addEntry: sinon.stub().resolves(),
},
}),
'./UserHandler': this.UserHandler,
'./UserSessionsManager': this.UserSessionsManager,
'../Errors/HttpErrorHandler': this.HttpErrorHandler,
'@overleaf/settings': this.settings,
'@overleaf/metrics': {
inc() {},
},
'@overleaf/o-error': OError,
'../Email/EmailHandler': (this.EmailHandler = {
sendEmail: sinon.stub(),
promises: { sendEmail: sinon.stub().resolves() },
}),
'../../infrastructure/RequestContentTypeDetection': {
acceptsJson: this.acceptsJson,
},
},
})
this.res = {
send: sinon.stub(),
status: sinon.stub(),
sendStatus: sinon.stub(),
json: sinon.stub(),
}
this.res.status.returns(this.res)
this.next = sinon.stub()
this.callback = sinon.stub()
})
describe('tryDeleteUser', function () {
beforeEach(function () {
this.req.body.password = 'wat'
this.req.logout = sinon.stub()
this.req.session.destroy = sinon.stub().callsArgWith(0, null)
this.SessionManager.getLoggedInUserId = sinon
.stub()
.returns(this.user._id)
this.AuthenticationManager.authenticate = sinon
.stub()
.callsArgWith(2, null, this.user)
})
it('should send 200', function (done) {
this.res.sendStatus = code => {
code.should.equal(200)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
it('should try to authenticate user', function (done) {
this.res.sendStatus = code => {
this.AuthenticationManager.authenticate.callCount.should.equal(1)
this.AuthenticationManager.authenticate
.calledWith({ _id: this.user._id }, this.req.body.password)
.should.equal(true)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
it('should delete the user', function (done) {
this.res.sendStatus = code => {
this.UserDeleter.deleteUser.callCount.should.equal(1)
this.UserDeleter.deleteUser.calledWith(this.user._id).should.equal(true)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
describe('when no password is supplied', function () {
beforeEach(function () {
this.req.body.password = ''
})
it('should return 403', function (done) {
this.res.sendStatus = code => {
code.should.equal(403)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
})
describe('when authenticate produces an error', function () {
beforeEach(function () {
this.AuthenticationManager.authenticate = sinon
.stub()
.callsArgWith(2, new Error('woops'))
})
it('should call next with an error', function (done) {
this.next = err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
})
describe('when authenticate does not produce a user', function () {
beforeEach(function () {
this.AuthenticationManager.authenticate = sinon
.stub()
.callsArgWith(2, null, null)
})
it('should return 403', function (done) {
this.res.sendStatus = code => {
code.should.equal(403)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
})
describe('when deleteUser produces an error', function () {
beforeEach(function () {
this.UserDeleter.deleteUser = sinon.stub().yields(new Error('woops'))
})
it('should call next with an error', function (done) {
this.next = err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
})
describe('when deleteUser produces a known error', function () {
beforeEach(function () {
this.UserDeleter.deleteUser = sinon
.stub()
.yields(new Errors.SubscriptionAdminDeletionError())
})
it('should return a HTTP Unprocessable Entity error', function (done) {
this.HttpErrorHandler.unprocessableEntity = sinon.spy(
(req, res, message, info) => {
expect(req).to.exist
expect(res).to.exist
expect(message).to.equal('error while deleting user account')
expect(info).to.deep.equal({
error: 'SubscriptionAdminDeletionError',
})
done()
}
)
this.UserController.tryDeleteUser(this.req, this.res)
})
})
describe('when session.destroy produces an error', function () {
beforeEach(function () {
this.req.session.destroy = sinon
.stub()
.callsArgWith(0, new Error('woops'))
})
it('should call next with an error', function (done) {
this.next = err => {
expect(err).to.not.equal(null)
expect(err).to.be.instanceof(Error)
done()
}
this.UserController.tryDeleteUser(this.req, this.res, this.next)
})
})
})
describe('unsubscribe', function () {
it('should send the user to unsubscribe', function (done) {
this.res.sendStatus = () => {
this.NewsLetterManager.unsubscribe
.calledWith(this.user)
.should.equal(true)
done()
}
this.UserController.unsubscribe(this.req, this.res)
})
})
describe('updateUserSettings', function () {
beforeEach(function () {
this.auditLog = { initiatorId: this.user_id, ipAddress: this.req.ip }
this.newEmail = 'hello@world.com'
this.req.externalAuthenticationSystemUsed = sinon.stub().returns(false)
})
it('should call save', function (done) {
this.req.body = {}
this.res.sendStatus = code => {
this.user.save.called.should.equal(true)
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should set the first name', function (done) {
this.req.body = { first_name: 'bobby ' }
this.res.sendStatus = code => {
this.user.first_name.should.equal('bobby')
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should set the role', function (done) {
this.req.body = { role: 'student' }
this.res.sendStatus = code => {
this.user.role.should.equal('student')
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should set the institution', function (done) {
this.req.body = { institution: 'MIT' }
this.res.sendStatus = code => {
this.user.institution.should.equal('MIT')
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should set some props on ace', function (done) {
this.req.body = { editorTheme: 'something' }
this.res.sendStatus = code => {
this.user.ace.theme.should.equal('something')
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should set the overall theme', function (done) {
this.req.body = { overallTheme: 'green-ish' }
this.res.sendStatus = code => {
this.user.ace.overallTheme.should.equal('green-ish')
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should send an error if the email is 0 len', function (done) {
this.req.body.email = ''
this.res.sendStatus = function (code) {
code.should.equal(400)
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should send an error if the email does not contain an @', function (done) {
this.req.body.email = 'bob at something dot com'
this.res.sendStatus = function (code) {
code.should.equal(400)
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should call the user updater with the new email and user _id', function (done) {
this.req.body.email = this.newEmail.toUpperCase()
this.UserUpdater.changeEmailAddress.callsArgWith(3)
this.res.sendStatus = code => {
code.should.equal(200)
this.UserUpdater.changeEmailAddress
.calledWith(this.user_id, this.newEmail, this.auditLog)
.should.equal(true)
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should update the email on the session', function (done) {
this.req.body.email = this.newEmail.toUpperCase()
this.UserUpdater.changeEmailAddress.callsArgWith(3)
let callcount = 0
this.User.findById = (id, cb) => {
if (++callcount === 2) {
this.user.email = this.newEmail
}
cb(null, this.user)
}
this.res.sendStatus = code => {
code.should.equal(200)
this.SessionManager.setInSessionUser
.calledWith(this.req.session, {
email: this.newEmail,
first_name: undefined,
last_name: undefined,
})
.should.equal(true)
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
it('should call populateTeamInvites', function (done) {
this.req.body.email = this.newEmail.toUpperCase()
this.UserUpdater.changeEmailAddress.callsArgWith(3)
this.res.sendStatus = code => {
code.should.equal(200)
this.UserHandler.populateTeamInvites
.calledWith(this.user)
.should.equal(true)
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
describe('when changeEmailAddress yields an error', function () {
it('should pass on an error and not send a success status', function (done) {
this.req.body.email = this.newEmail.toUpperCase()
this.UserUpdater.changeEmailAddress.callsArgWith(3, new OError())
this.HttpErrorHandler.legacyInternal = sinon.spy(
(req, res, message, error) => {
expect(req).to.exist
expect(req).to.exist
message.should.equal('problem_changing_email_address')
expect(error).to.be.instanceof(OError)
done()
}
)
this.UserController.updateUserSettings(this.req, this.res, this.next)
})
it('should call the HTTP conflict error handler when the email already exists', function (done) {
this.HttpErrorHandler.conflict = sinon.spy((req, res, message) => {
expect(req).to.exist
expect(req).to.exist
message.should.equal('email_already_registered')
done()
})
this.req.body.email = this.newEmail.toUpperCase()
this.UserUpdater.changeEmailAddress.callsArgWith(
3,
new Errors.EmailExistsError()
)
this.UserController.updateUserSettings(this.req, this.res)
})
})
describe('when using an external auth source', function () {
beforeEach(function () {
this.UserUpdater.changeEmailAddress.callsArgWith(2)
this.newEmail = 'someone23@example.com'
this.req.externalAuthenticationSystemUsed = sinon.stub().returns(true)
})
it('should not set a new email', function (done) {
this.req.body.email = this.newEmail
this.res.sendStatus = code => {
code.should.equal(200)
this.UserUpdater.changeEmailAddress
.calledWith(this.user_id, this.newEmail)
.should.equal(false)
done()
}
this.UserController.updateUserSettings(this.req, this.res)
})
})
})
describe('logout', function () {
beforeEach(function () {
this.acceptsJson.returns(false)
})
it('should destroy the session', function (done) {
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.res.redirect = url => {
url.should.equal('/login')
this.req.session.destroy.called.should.equal(true)
done()
}
this.UserController.logout(this.req, this.res)
})
it('should untrack session', function (done) {
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.res.redirect = url => {
url.should.equal('/login')
this.UserSessionsManager.untrackSession.callCount.should.equal(1)
this.UserSessionsManager.untrackSession
.calledWith(sinon.match(this.req.user), this.req.sessionID)
.should.equal(true)
done()
}
this.UserController.logout(this.req, this.res)
})
it('should redirect after logout', function (done) {
this.req.body.redirect = '/institutional-login'
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.res.redirect = url => {
url.should.equal(this.req.body.redirect)
done()
}
this.UserController.logout(this.req, this.res)
})
it('should redirect after logout, but not to evil.com', function (done) {
this.req.body.redirect = 'https://evil.com'
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.res.redirect = url => {
url.should.equal('/login')
done()
}
this.UserController.logout(this.req, this.res)
})
it('should redirect to login after logout when no redirect set', function (done) {
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.res.redirect = url => {
url.should.equal('/login')
done()
}
this.UserController.logout(this.req, this.res)
})
it('should send json with redir property for json request', function (done) {
this.acceptsJson.returns(true)
this.req.session.destroy = sinon.stub().callsArgWith(0)
this.res.status = code => {
code.should.equal(200)
return this.res
}
this.res.json = data => {
data.redir.should.equal('/login')
done()
}
this.UserController.logout(this.req, this.res)
})
})
describe('register', function () {
beforeEach(function () {
this.UserRegistrationHandler.registerNewUserAndSendActivationEmail = sinon
.stub()
.callsArgWith(1, null, this.user, (this.url = 'mock/url'))
this.req.body.email = this.user.email = this.email = 'email@example.com'
this.UserController.register(this.req, this.res)
})
it('should register the user and send them an email', function () {
sinon.assert.calledWith(
this.UserRegistrationHandler.registerNewUserAndSendActivationEmail,
this.email
)
})
it('should return the user and activation url', function () {
this.res.json
.calledWith({
email: this.email,
setNewPasswordUrl: this.url,
})
.should.equal(true)
})
})
describe('clearSessions', function () {
describe('success', function () {
it('should call revokeAllUserSessions', function (done) {
this.res.sendStatus.callsFake(() => {
this.UserSessionsManager.promises.revokeAllUserSessions.callCount.should.equal(
1
)
done()
})
this.UserController.clearSessions(this.req, this.res)
})
it('send a 201 response', function (done) {
this.res.sendStatus.callsFake(status => {
status.should.equal(201)
done()
})
this.UserController.clearSessions(this.req, this.res)
})
it('sends a security alert email', function (done) {
this.res.sendStatus.callsFake(status => {
this.EmailHandler.promises.sendEmail.callCount.should.equal(1)
const expectedArg = {
to: this.user.email,
actionDescribed: `active sessions were cleared on your account ${this.user.email}`,
action: 'active sessions cleared',
}
const emailCall = this.EmailHandler.promises.sendEmail.lastCall
expect(emailCall.args[0]).to.equal('securityAlert')
expect(emailCall.args[1]).to.deep.equal(expectedArg)
done()
})
this.UserController.clearSessions(this.req, this.res)
})
})
describe('errors', function () {
describe('when getAllUserSessions produces an error', function () {
it('should return an error', function (done) {
this.UserSessionsManager.promises.getAllUserSessions.rejects(
new Error('woops')
)
this.UserController.clearSessions(this.req, this.res, error => {
expect(error).to.be.instanceof(Error)
done()
})
})
})
describe('when audit log addEntry produces an error', function () {
it('should call next with an error', function (done) {
this.UserAuditLogHandler.promises.addEntry.rejects(new Error('woops'))
this.UserController.clearSessions(this.req, this.res, error => {
expect(error).to.be.instanceof(Error)
done()
})
})
})
describe('when revokeAllUserSessions produces an error', function () {
it('should call next with an error', function (done) {
this.UserSessionsManager.promises.revokeAllUserSessions.rejects(
new Error('woops')
)
this.UserController.clearSessions(this.req, this.res, error => {
expect(error).to.be.instanceof(Error)
done()
})
})
})
describe('when EmailHandler produces an error', function () {
const anError = new Error('oops')
it('send a 201 response but log error', function (done) {
this.EmailHandler.promises.sendEmail.rejects(anError)
this.res.sendStatus.callsFake(status => {
status.should.equal(201)
this.logger.error.callCount.should.equal(1)
const loggerCall = this.logger.error.getCall(0)
expect(loggerCall.args[0]).to.deep.equal({
error: anError,
userId: this.user_id,
})
expect(loggerCall.args[1]).to.contain(
'could not send security alert email when sessions cleared'
)
done()
})
this.UserController.clearSessions(this.req, this.res)
})
})
})
})
describe('changePassword', function () {
describe('success', function () {
beforeEach(function () {
this.AuthenticationManager.promises.authenticate.resolves(this.user)
this.AuthenticationManager.promises.setUserPassword.resolves()
this.req.body = {
newPassword1: 'newpass',
newPassword2: 'newpass',
}
})
it('should set the new password if they do match', function (done) {
this.res.json.callsFake(() => {
this.AuthenticationManager.promises.setUserPassword.should.have.been.calledWith(
this.user,
'newpass'
)
done()
})
this.UserController.changePassword(this.req, this.res)
})
it('should log the update', function (done) {
this.res.json.callsFake(() => {
this.UserAuditLogHandler.promises.addEntry.should.have.been.calledWith(
this.user._id,
'update-password',
this.user._id,
this.req.ip
)
this.AuthenticationManager.promises.setUserPassword.callCount.should.equal(
1
)
done()
})
this.UserController.changePassword(this.req, this.res)
})
it('should send security alert email', function (done) {
this.res.json.callsFake(() => {
const expectedArg = {
to: this.user.email,
actionDescribed: `your password has been changed on your account ${this.user.email}`,
action: 'password changed',
}
const emailCall = this.EmailHandler.sendEmail.lastCall
expect(emailCall.args[0]).to.equal('securityAlert')
expect(emailCall.args[1]).to.deep.equal(expectedArg)
done()
})
this.UserController.changePassword(this.req, this.res)
})
})
describe('errors', function () {
it('should check the old password is the current one at the moment', function (done) {
this.AuthenticationManager.promises.authenticate.resolves()
this.req.body = { currentPassword: 'oldpasshere' }
this.HttpErrorHandler.badRequest.callsFake(() => {
expect(this.HttpErrorHandler.badRequest).to.have.been.calledWith(
this.req,
this.res,
'Your old password is wrong'
)
this.AuthenticationManager.promises.authenticate.should.have.been.calledWith(
{ _id: this.user._id },
'oldpasshere'
)
this.AuthenticationManager.promises.setUserPassword.callCount.should.equal(
0
)
done()
})
this.UserController.changePassword(this.req, this.res)
})
it('it should not set the new password if they do not match', function (done) {
this.AuthenticationManager.promises.authenticate.resolves({})
this.req.body = {
newPassword1: '1',
newPassword2: '2',
}
this.HttpErrorHandler.badRequest.callsFake(() => {
expect(this.HttpErrorHandler.badRequest).to.have.been.calledWith(
this.req,
this.res,
'password_change_passwords_do_not_match'
)
this.AuthenticationManager.promises.setUserPassword.callCount.should.equal(
0
)
done()
})
this.UserController.changePassword(this.req, this.res)
})
it('it should not set the new password if it is invalid', function (done) {
// this.AuthenticationManager.validatePassword = sinon
// .stub()
// .returns({ message: 'validation-error' })
const err = new Error('bad')
err.name = 'InvalidPasswordError'
this.AuthenticationManager.promises.setUserPassword.rejects(err)
this.AuthenticationManager.promises.authenticate.resolves({})
this.req.body = {
newPassword1: 'newpass',
newPassword2: 'newpass',
}
this.HttpErrorHandler.badRequest.callsFake(() => {
expect(this.HttpErrorHandler.badRequest).to.have.been.calledWith(
this.req,
this.res,
err.message
)
this.AuthenticationManager.promises.setUserPassword.callCount.should.equal(
1
)
done()
})
this.UserController.changePassword(this.req, this.res)
})
describe('UserAuditLogHandler error', function () {
it('should return error and not update password', function (done) {
this.UserAuditLogHandler.promises.addEntry.rejects(new Error('oops'))
this.AuthenticationManager.promises.authenticate.resolves(this.user)
this.AuthenticationManager.promises.setUserPassword.resolves()
this.req.body = {
newPassword1: 'newpass',
newPassword2: 'newpass',
}
this.UserController.changePassword(this.req, this.res, error => {
expect(error).to.be.instanceof(Error)
this.AuthenticationManager.promises.setUserPassword.callCount.should.equal(
1
)
done()
})
})
})
describe('EmailHandler error', function () {
const anError = new Error('oops')
beforeEach(function () {
this.AuthenticationManager.promises.authenticate.resolves(this.user)
this.AuthenticationManager.promises.setUserPassword.resolves()
this.req.body = {
newPassword1: 'newpass',
newPassword2: 'newpass',
}
this.EmailHandler.sendEmail.yields(anError)
})
it('should not return error but should log it', function (done) {
this.res.json.callsFake(result => {
expect(result.message.type).to.equal('success')
this.logger.error.callCount.should.equal(1)
expect(this.logger.error).to.have.been.calledWithExactly(
{
error: anError,
userId: this.user_id,
},
'could not send security alert email when password changed'
)
done()
})
this.UserController.changePassword(this.req, this.res)
})
})
})
})
describe('ensureAffiliationMiddleware', function () {
describe('without affiliations feature', function () {
beforeEach(async function () {
await this.UserController.promises.ensureAffiliationMiddleware(
this.req,
this.res,
this.next
)
})
it('should not run affiliation check', function () {
expect(this.UserGetter.promises.getUser).to.not.have.been.called
expect(this.UserUpdater.promises.confirmEmail).to.not.have.been.called
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.not.have
.been.called
})
it('should not return an error', function () {
expect(this.next).to.be.calledWith()
})
})
describe('without ensureAffiliation query parameter', function () {
beforeEach(async function () {
this.Features.hasFeature.withArgs('affiliations').returns(true)
await this.UserController.promises.ensureAffiliationMiddleware(
this.req,
this.res,
this.next
)
})
it('should not run middleware', function () {
expect(this.UserGetter.promises.getUser).to.not.have.been.called
expect(this.UserUpdater.promises.confirmEmail).to.not.have.been.called
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.not.have
.been.called
})
it('should not return an error', function () {
expect(this.next).to.be.calledWith()
})
})
describe('no flagged email', function () {
beforeEach(async function () {
const email = 'unit-test@overleaf.com'
this.user.email = email
this.user.emails = [
{
email,
},
]
this.Features.hasFeature.withArgs('affiliations').returns(true)
this.req.query.ensureAffiliation = true
await this.UserController.promises.ensureAffiliationMiddleware(
this.req,
this.res,
this.next
)
})
it('should get the user', function () {
expect(this.UserGetter.promises.getUser).to.have.been.calledWith(
this.user._id
)
})
it('should not try to add affiliation or update user', function () {
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.not.have
.been.called
})
it('should not return an error', function () {
expect(this.next).to.be.calledWith()
})
})
describe('flagged non-SSO email', function () {
let emailFlagged
beforeEach(async function () {
emailFlagged = 'flagged@overleaf.com'
this.user.email = emailFlagged
this.user.emails = [
{
email: emailFlagged,
affiliationUnchecked: true,
},
]
this.Features.hasFeature.withArgs('affiliations').returns(true)
this.req.query.ensureAffiliation = true
await this.UserController.promises.ensureAffiliationMiddleware(
this.req,
this.res,
this.next
)
})
it('should unflag the emails but not confirm', function () {
expect(
this.UserUpdater.promises.addAffiliationForNewUser
).to.have.been.calledWith(this.user._id, emailFlagged)
expect(
this.UserUpdater.promises.confirmEmail
).to.not.have.been.calledWith(this.user._id, emailFlagged)
})
it('should not return an error', function () {
expect(this.next).to.be.calledWith()
})
})
describe('flagged SSO email', function () {
let emailFlagged
beforeEach(async function () {
emailFlagged = 'flagged@overleaf.com'
this.user.email = emailFlagged
this.user.emails = [
{
email: emailFlagged,
affiliationUnchecked: true,
samlProviderId: '123',
},
]
this.Features.hasFeature.withArgs('affiliations').returns(true)
this.req.query.ensureAffiliation = true
await this.UserController.promises.ensureAffiliationMiddleware(
this.req,
this.res,
this.next
)
})
it('should add affiliation to v1, unflag and confirm on v2', function () {
expect(this.UserUpdater.promises.addAffiliationForNewUser).to.have.not
.been.called
expect(this.UserUpdater.promises.confirmEmail).to.have.been.calledWith(
this.user._id,
emailFlagged
)
})
it('should not return an error', function () {
expect(this.next).to.be.calledWith()
})
})
describe('when v1 returns an error', function () {
let emailFlagged
beforeEach(async function () {
this.UserUpdater.promises.addAffiliationForNewUser.rejects()
emailFlagged = 'flagged@overleaf.com'
this.user.email = emailFlagged
this.user.emails = [
{
email: emailFlagged,
affiliationUnchecked: true,
},
]
this.Features.hasFeature.withArgs('affiliations').returns(true)
this.req.query.ensureAffiliation = true
await this.UserController.promises.ensureAffiliationMiddleware(
this.req,
this.res,
this.next
)
})
it('should return the error', function () {
expect(this.next).to.be.calledWith(sinon.match.instanceOf(Error))
})
})
})
})