overleaf/services/web/test/UnitTests/coffee/User/UserControllerTests.coffee

sinon = require('sinon')
chai = require('chai')
should = chai.should()
expect = chai.expect
modulePath = "../../../../app/js/Features/User/UserController.js"
SandboxedModule = require('sandboxed-module')
events = require "events"
MockResponse = require "../helpers/MockResponse"
MockRequest = require "../helpers/MockRequest"
ObjectId = require("mongojs").ObjectId
assert = require("assert")

describe "UserController", ->
	beforeEach ->
		@user_id = "323123"

		@user =
			_id:@user_id
			save: sinon.stub().callsArgWith(0)
			ace:{}

		@req =
			user: {}
			session:
				destroy:->
				user :
					_id : @user_id
					email:"old@something.com"
			body:{}

		@UserDeleter =
			deleteUser: sinon.stub().callsArgWith(1)
		@UserLocator =
			findById: sinon.stub().callsArgWith(1, null, @user)
		@User =
			findById: sinon.stub().callsArgWith(1, null, @user)
		@NewsLetterManager =
			unsubscribe: sinon.stub().callsArgWith(1)
		@UserRegistrationHandler =
			registerNewUser: sinon.stub()
		@AuthenticationController =
			establishUserSession: sinon.stub().callsArg(2)
			getLoggedInUserId: sinon.stub().returns(@user._id)
			getSessionUser: sinon.stub().returns(@req.session.user)
		@AuthenticationManager =
			authenticate: sinon.stub()
			setUserPassword: sinon.stub()
		@ReferalAllocator =
			allocate:sinon.stub()
		@SubscriptionDomainHandler =
			autoAllocate:sinon.stub()
		@UserUpdater =
			changeEmailAddress:sinon.stub()
		@settings =
			siteUrl: "sharelatex.example.com"
		@UserHandler =
			populateGroupLicenceInvite:sinon.stub().callsArgWith(1)
		@UserSessionsManager =
			trackSession: sinon.stub()
			untrackSession: sinon.stub()
			revokeAllUserSessions: sinon.stub().callsArgWith(2, null)
		@UserController = SandboxedModule.require modulePath, requires:
			"./UserLocator": @UserLocator
			"./UserDeleter": @UserDeleter
			"./UserUpdater":@UserUpdater
			"../../models/User": User:@User
			'../Newsletter/NewsletterManager':@NewsLetterManager
			"./UserRegistrationHandler":@UserRegistrationHandler
			"../Authentication/AuthenticationController": @AuthenticationController
			"../Authentication/AuthenticationManager": @AuthenticationManager
			"../Referal/ReferalAllocator":@ReferalAllocator
			"../Subscription/SubscriptionDomainHandler":@SubscriptionDomainHandler
			"./UserHandler":@UserHandler
			"./UserSessionsManager": @UserSessionsManager
			"settings-sharelatex": @settings
			"logger-sharelatex":
				log:->
				err:->
			"../../infrastructure/Metrics": inc:->

		@res =
			send: sinon.stub()
			json: sinon.stub()
		@next = sinon.stub()
	describe "deleteUser", ->

		it "should delete the user", (done)->

			@res.sendStatus = (code)=>
				@UserDeleter.deleteUser.calledWith(@user_id)
				code.should.equal 200
				done()
			@UserController.deleteUser @req, @res

	describe "unsubscribe", ->

		it "should send the user to unsubscribe", (done)->
			@res.send = (code)=>
				@NewsLetterManager.unsubscribe.calledWith(@user).should.equal true
				done()
			@UserController.unsubscribe @req, @res

	describe "updateUserSettings", ->
		beforeEach ->
			@newEmail = "hello@world.com"

		it "should call save", (done)->
			@req.body = {}
			@res.sendStatus = (code)=>
				@user.save.called.should.equal true
				done()
			@UserController.updateUserSettings @req, @res

		it "should set the first name", (done)->
			@req.body =
				first_name: "bobby  "
			@res.sendStatus = (code)=>
				@user.first_name.should.equal "bobby"
				done()
			@UserController.updateUserSettings @req, @res

		it "should set the role", (done)->
			@req.body =
				role: "student"
			@res.sendStatus = (code)=>
				@user.role.should.equal "student"
				done()
			@UserController.updateUserSettings @req, @res

		it "should set the institution", (done)->
			@req.body =
				institution: "MIT"
			@res.sendStatus = (code)=>
				@user.institution.should.equal "MIT"
				done()
			@UserController.updateUserSettings @req, @res

		it "should set some props on ace", (done)->
			@req.body =
				theme: "something"
			@res.sendStatus = (code)=>
				@user.ace.theme.should.equal "something"
				done()
			@UserController.updateUserSettings @req, @res

		it "should send an error if the email is 0 len", (done)->
			@req.body.email = ""
			@res.sendStatus = (code)->
				code.should.equal 400
				done()
			@UserController.updateUserSettings @req, @res

		it "should send an error if the email does not contain an @", (done)->
			@req.body.email = "bob at something dot com"
			@res.sendStatus = (code)->
				code.should.equal 400
				done()
			@UserController.updateUserSettings @req, @res

		it "should call the user updater with the new email and user _id", (done)->
			@req.body.email = @newEmail.toUpperCase()
			@UserUpdater.changeEmailAddress.callsArgWith(2)
			@res.sendStatus = (code)=>
				code.should.equal 200
				@UserUpdater.changeEmailAddress.calledWith(@user_id, @newEmail).should.equal true
				done()
			@UserController.updateUserSettings @req, @res

		it "should update the email on the session", (done)->
			@req.body.email = @newEmail.toUpperCase()
			@UserUpdater.changeEmailAddress.callsArgWith(2)
			callcount = 0
			@User.findById = (id, cb)=>
				if ++callcount == 2
					@user.email = @newEmail
				cb(null, @user)
			@res.sendStatus = (code)=>
				code.should.equal 200
				@req.user.email.should.equal @newEmail
				done()
			@UserController.updateUserSettings @req, @res

		it "should call populateGroupLicenceInvite", (done)->
			@req.body.email = @newEmail.toUpperCase()
			@UserUpdater.changeEmailAddress.callsArgWith(2)
			@res.sendStatus = (code)=>
				code.should.equal 200
				@UserHandler.populateGroupLicenceInvite.calledWith(@user).should.equal true
				done()
			@UserController.updateUserSettings @req, @res

	describe "logout", ->

		it "should destroy the session", (done)->

			@req.session.destroy = sinon.stub().callsArgWith(0)
			@res.redirect = (url)=>
				url.should.equal "/login"
				@req.session.destroy.called.should.equal true
				done()

			@UserController.logout @req, @res


	describe "register", ->
		beforeEach ->
			@UserRegistrationHandler.registerNewUserAndSendActivationEmail = sinon.stub().callsArgWith(1, null, @user, @url = "mock/url")
			@req.body.email = @user.email = @email = "email@example.com"
			@UserController.register @req, @res

		it "should register the user and send them an email", ->
			@UserRegistrationHandler.registerNewUserAndSendActivationEmail
				.calledWith(@email)
				.should.equal true

		it "should return the user and activation url", ->
			@res.json
				.calledWith({
					email: @email,
					setNewPasswordUrl: @url
				})
				.should.equal true

	describe "changePassword", ->

		it "should check the old password is the current one at the moment", (done)->
			@AuthenticationManager.authenticate.callsArgWith(2)
			@req.body =
				currentPassword: "oldpasshere"
			@res.send = =>
				@AuthenticationManager.authenticate.calledWith(_id:@user._id, "oldpasshere").should.equal true
				@AuthenticationManager.setUserPassword.called.should.equal false
				done()
			@UserController.changePassword @req, @res


		it "it should not set the new password if they do not match", (done)->
			@AuthenticationManager.authenticate.callsArgWith(2, null, {})
			@req.body =
				newPassword1: "1"
				newPassword2: "2"
			@res.send = =>
				@AuthenticationManager.setUserPassword.called.should.equal false
				done()
			@UserController.changePassword @req, @res

		it "should set the new password if they do match", (done)->
			@AuthenticationManager.authenticate.callsArgWith(2, null, @user)
			@AuthenticationManager.setUserPassword.callsArgWith(2)
			@req.body =
				newPassword1: "newpass"
				newPassword2: "newpass"
			@res.send = =>
				@AuthenticationManager.setUserPassword.calledWith(@user._id, "newpass").should.equal true
				done()
			@UserController.changePassword @req, @res
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`sinon = require('sinon')`
			`chai = require('chai')`
			`should = chai.should()`
			`expect = chai.expect`
			`modulePath = "../../../../app/js/Features/User/UserController.js"`
			`SandboxedModule = require('sandboxed-module')`
			`events = require "events"`
			`MockResponse = require "../helpers/MockResponse"`
			`MockRequest = require "../helpers/MockRequest"`
			`ObjectId = require("mongojs").ObjectId`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`assert = require("assert")`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00
			`describe "UserController", ->`
			`beforeEach ->`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`@user_id = "323123"`

moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`@user =`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`_id:@user_id`
fix unit tests 2016-09-07 11:40:49 -04:00			`save: sinon.stub().callsArgWith(0)`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`ace:{}`
fix user deleter test 2014-04-09 10:26:07 -04:00
fix unit tests 2016-09-07 11:40:49 -04:00			`@req =`
			`user: {}`
			`session:`
			`destroy:->`
			`user :`
			`_id : @user_id`
			`email:"old@something.com"`
			`body:{}`

Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`@UserDeleter =`
fix user deleter test 2014-04-09 10:26:07 -04:00			`deleteUser: sinon.stub().callsArgWith(1)`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`@UserLocator =`
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`findById: sinon.stub().callsArgWith(1, null, @user)`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`@User =`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`findById: sinon.stub().callsArgWith(1, null, @user)`
			`@NewsLetterManager =`
			`unsubscribe: sinon.stub().callsArgWith(1)`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`@UserRegistrationHandler =`
			`registerNewUser: sinon.stub()`
Regenerate the session id after logging in or registering 2015-02-13 06:18:17 -05:00			`@AuthenticationController =`
			`establishUserSession: sinon.stub().callsArg(2)`
fix unit tests 2016-09-07 11:40:49 -04:00			`getLoggedInUserId: sinon.stub().returns(@user._id)`
			`getSessionUser: sinon.stub().returns(@req.session.user)`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`@AuthenticationManager =`
			`authenticate: sinon.stub()`
			`setUserPassword: sinon.stub()`
added referal allocator to user controller 2014-04-15 08:59:00 -04:00			`@ReferalAllocator =`
			`allocate:sinon.stub()`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`@SubscriptionDomainHandler =`
on register try and auto allocate a group licence if one exists 2015-01-27 13:22:51 -05:00			`autoAllocate:sinon.stub()`
added controler t change user email 2014-05-16 12:45:48 -04:00			`@UserUpdater =`
			`changeEmailAddress:sinon.stub()`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`@settings =`
			`siteUrl: "sharelatex.example.com"`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`@UserHandler =`
if user changes email then check if they have a site licence 2016-03-13 18:24:39 -04:00			`populateGroupLicenceInvite:sinon.stub().callsArgWith(1)`
Adjust UserController unit tests 2016-07-01 05:20:22 -04:00			`@UserSessionsManager =`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`trackSession: sinon.stub()`
			`untrackSession: sinon.stub()`
add an array of session ids to retain. 2016-07-05 09:20:47 -04:00			`revokeAllUserSessions: sinon.stub().callsArgWith(2, null)`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`@UserController = SandboxedModule.require modulePath, requires:`
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`"./UserLocator": @UserLocator`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`"./UserDeleter": @UserDeleter`
added controler t change user email 2014-05-16 12:45:48 -04:00			`"./UserUpdater":@UserUpdater`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`"../../models/User": User:@User`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`'../Newsletter/NewsletterManager':@NewsLetterManager`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`"./UserRegistrationHandler":@UserRegistrationHandler`
			`"../Authentication/AuthenticationController": @AuthenticationController`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`"../Authentication/AuthenticationManager": @AuthenticationManager`
added referal allocator to user controller 2014-04-15 08:59:00 -04:00			`"../Referal/ReferalAllocator":@ReferalAllocator`
renamed SubscriptionDomainAllocator -> SubscriptionDomainHandler 2015-05-27 15:57:54 -04:00			`"../Subscription/SubscriptionDomainHandler":@SubscriptionDomainHandler`
if user changes email then check if they have a site licence 2016-03-13 18:24:39 -04:00			`"./UserHandler":@UserHandler`
Adjust UserController unit tests 2016-07-01 05:20:22 -04:00			`"./UserSessionsManager": @UserSessionsManager`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`"settings-sharelatex": @settings`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`"logger-sharelatex":`
set user email on session again on change email 2016-06-06 05:50:23 -04:00			`log:->`
			`err:->`
sped up unit tests to improve speed also removed some unneeded requires. 2016-03-09 07:51:19 -05:00			`"../../infrastructure/Metrics": inc:->`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`@res =`
			`send: sinon.stub()`
			`json: sinon.stub()`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`@next = sinon.stub()`
			`describe "deleteUser", ->`

			`it "should delete the user", (done)->`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)=>`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`@UserDeleter.deleteUser.calledWith(@user_id)`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`code.should.equal 200`
			`done()`
			`@UserController.deleteUser @req, @res`

moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`describe "unsubscribe", ->`

			`it "should send the user to unsubscribe", (done)->`
			`@res.send = (code)=>`
			`@NewsLetterManager.unsubscribe.calledWith(@user).should.equal true`
			`done()`
			`@UserController.unsubscribe @req, @res`

moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`describe "updateUserSettings", ->`
finished off change email 2014-05-19 06:50:32 -04:00			`beforeEach ->`
			`@newEmail = "hello@world.com"`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00
			`it "should call save", (done)->`
			`@req.body = {}`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)=>`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`@user.save.called.should.equal true`
			`done()`
			`@UserController.updateUserSettings @req, @res`

			`it "should set the first name", (done)->`
			`@req.body =`
			`first_name: "bobby "`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)=>`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`@user.first_name.should.equal "bobby"`
			`done()`
			`@UserController.updateUserSettings @req, @res`

Wire up account settings forms 2014-06-20 06:15:25 -04:00			`it "should set the role", (done)->`
			`@req.body =`
			`role: "student"`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)=>`
Wire up account settings forms 2014-06-20 06:15:25 -04:00			`@user.role.should.equal "student"`
			`done()`
			`@UserController.updateUserSettings @req, @res`

			`it "should set the institution", (done)->`
			`@req.body =`
			`institution: "MIT"`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)=>`
Wire up account settings forms 2014-06-20 06:15:25 -04:00			`@user.institution.should.equal "MIT"`
			`done()`
			`@UserController.updateUserSettings @req, @res`

moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`it "should set some props on ace", (done)->`
			`@req.body =`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`theme: "something"`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)=>`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`@user.ace.theme.should.equal "something"`
			`done()`
			`@UserController.updateUserSettings @req, @res`

finished off change email 2014-05-19 06:50:32 -04:00			`it "should send an error if the email is 0 len", (done)->`
			`@req.body.email = ""`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)->`
changed 412 status code to 400 2014-05-19 09:02:54 -04:00			`code.should.equal 400`
finished off change email 2014-05-19 06:50:32 -04:00			`done()`
			`@UserController.updateUserSettings @req, @res`

			`it "should send an error if the email does not contain an @", (done)->`
			`@req.body.email = "bob at something dot com"`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)->`
changed 412 status code to 400 2014-05-19 09:02:54 -04:00			`code.should.equal 400`
finished off change email 2014-05-19 06:50:32 -04:00			`done()`
			`@UserController.updateUserSettings @req, @res`

			`it "should call the user updater with the new email and user _id", (done)->`
changing email address should lowercase the email 2014-10-13 10:44:45 -04:00			`@req.body.email = @newEmail.toUpperCase()`
finished off change email 2014-05-19 06:50:32 -04:00			`@UserUpdater.changeEmailAddress.callsArgWith(2)`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`@res.sendStatus = (code)=>`
finished off change email 2014-05-19 06:50:32 -04:00			`code.should.equal 200`
			`@UserUpdater.changeEmailAddress.calledWith(@user_id, @newEmail).should.equal true`
			`done()`
			`@UserController.updateUserSettings @req, @res`

set user email on session again on change email 2016-06-06 05:50:23 -04:00			`it "should update the email on the session", (done)->`
			`@req.body.email = @newEmail.toUpperCase()`
			`@UserUpdater.changeEmailAddress.callsArgWith(2)`
			`callcount = 0`
			`@User.findById = (id, cb)=>`
			`if ++callcount == 2`
			`@user.email = @newEmail`
			`cb(null, @user)`
			`@res.sendStatus = (code)=>`
			`code.should.equal 200`
fix unit tests 2016-09-07 11:40:49 -04:00			`@req.user.email.should.equal @newEmail`
set user email on session again on change email 2016-06-06 05:50:23 -04:00			`done()`
			`@UserController.updateUserSettings @req, @res`

if user changes email then check if they have a site licence 2016-03-13 18:24:39 -04:00			`it "should call populateGroupLicenceInvite", (done)->`
			`@req.body.email = @newEmail.toUpperCase()`
			`@UserUpdater.changeEmailAddress.callsArgWith(2)`
			`@res.sendStatus = (code)=>`
			`code.should.equal 200`
			`@UserHandler.populateGroupLicenceInvite.calledWith(@user).should.equal true`
			`done()`
			`@UserController.updateUserSettings @req, @res`
finished off change email 2014-05-19 06:50:32 -04:00
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`describe "logout", ->`

			`it "should destroy the session", (done)->`

fixed test for logout 2014-04-09 12:07:19 -04:00			`@req.session.destroy = sinon.stub().callsArgWith(0)`
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`@res.redirect = (url)=>`
			`url.should.equal "/login"`
			`@req.session.destroy.called.should.equal true`
			`done()`

			`@UserController.logout @req, @res`


Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`describe "register", ->`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`beforeEach ->`
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00			`@UserRegistrationHandler.registerNewUserAndSendActivationEmail = sinon.stub().callsArgWith(1, null, @user, @url = "mock/url")`
			`@req.body.email = @user.email = @email = "email@example.com"`
			`@UserController.register @req, @res`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00			`it "should register the user and send them an email", ->`
			`@UserRegistrationHandler.registerNewUserAndSendActivationEmail`
			`.calledWith(@email)`
			`.should.equal true`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00			`it "should return the user and activation url", ->`
			`@res.json`
			`.calledWith({`
			`email: @email,`
			`setNewPasswordUrl: @url`
			`})`
			`.should.equal true`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00
			`describe "changePassword", ->`

			`it "should check the old password is the current one at the moment", (done)->`
			`@AuthenticationManager.authenticate.callsArgWith(2)`
			`@req.body =`
			`currentPassword: "oldpasshere"`
			`@res.send = =>`
			`@AuthenticationManager.authenticate.calledWith(_id:@user._id, "oldpasshere").should.equal true`
			`@AuthenticationManager.setUserPassword.called.should.equal false`
			`done()`
			`@UserController.changePassword @req, @res`


			`it "it should not set the new password if they do not match", (done)->`
			`@AuthenticationManager.authenticate.callsArgWith(2, null, {})`
			`@req.body =`
			`newPassword1: "1"`
			`newPassword2: "2"`
			`@res.send = =>`
			`@AuthenticationManager.setUserPassword.called.should.equal false`
			`done()`
Refactor method names in `UserSessionsManager` 2016-07-01 10:33:59 -04:00			`@UserController.changePassword @req, @res`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00
			`it "should set the new password if they do match", (done)->`
			`@AuthenticationManager.authenticate.callsArgWith(2, null, @user)`
			`@AuthenticationManager.setUserPassword.callsArgWith(2)`
			`@req.body =`
			`newPassword1: "newpass"`
			`newPassword2: "newpass"`
			`@res.send = =>`
			`@AuthenticationManager.setUserPassword.calledWith(@user._id, "newpass").should.equal true`
			`done()`
added controler t change user email 2014-05-16 12:45:48 -04:00			`@UserController.changePassword @req, @res`