2019-05-29 05:21:06 -04:00
|
|
|
/* eslint-disable
|
|
|
|
|
max-len,
|
|
|
|
|
no-return-assign,
|
|
|
|
|
no-unused-vars,
|
|
|
|
|
*/
|
|
|
|
|
// TODO: This file was created by bulk-decaffeinate.
|
|
|
|
|
// Fix any style issues and re-enable lint.
|
|
|
|
|
/*
|
|
|
|
|
* decaffeinate suggestions:
|
|
|
|
|
* DS102: Remove unnecessary code created because of implicit returns
|
|
|
|
|
* Full docs: https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md
|
|
|
|
|
*/
|
|
|
|
|
const sinon = require('sinon')
|
|
|
|
|
const chai = require('chai')
|
|
|
|
|
const should = chai.should()
|
|
|
|
|
const { expect } = chai
|
|
|
|
|
const modulePath = '../../../../app/src/Features/User/UserController.js'
|
|
|
|
|
const SandboxedModule = require('sandboxed-module')
|
|
|
|
|
const events = require('events')
|
|
|
|
|
const MockResponse = require('../helpers/MockResponse')
|
|
|
|
|
const MockRequest = require('../helpers/MockRequest')
|
|
|
|
|
const { ObjectId } = require('mongojs')
|
|
|
|
|
const assert = require('assert')
|
2019-07-19 05:40:23 -04:00
|
|
|
const OError = require('@overleaf/o-error')
|
2019-05-29 05:21:06 -04:00
|
|
|
const Errors = require('../../../../app/src/Features/Errors/Errors')
|
2019-07-31 04:22:31 -04:00
|
|
|
const HttpErrors = require('@overleaf/o-error/http')
|
2019-05-29 05:21:06 -04:00
|
|
|
|
|
|
|
|
describe('UserController', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
this.user_id = '323123'
|
|
|
|
|
|
|
|
|
|
this.user = {
|
|
|
|
|
_id: this.user_id,
|
|
|
|
|
save: sinon.stub().callsArgWith(0),
|
|
|
|
|
ace: {}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
this.req = {
|
|
|
|
|
user: {},
|
|
|
|
|
session: {
|
|
|
|
|
destroy() {},
|
|
|
|
|
user: {
|
|
|
|
|
_id: this.user_id,
|
|
|
|
|
email: 'old@something.com'
|
|
|
|
|
}
|
|
|
|
|
},
|
2019-06-14 12:31:46 -04:00
|
|
|
body: {},
|
|
|
|
|
i18n: {
|
|
|
|
|
translate: text => text
|
|
|
|
|
}
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
|
2019-07-18 10:18:56 -04:00
|
|
|
this.UserDeleter = { deleteUser: sinon.stub().yields() }
|
2019-05-29 05:21:06 -04:00
|
|
|
this.UserGetter = { getUser: sinon.stub().callsArgWith(1, null, this.user) }
|
|
|
|
|
this.User = { findById: sinon.stub().callsArgWith(1, null, this.user) }
|
|
|
|
|
this.NewsLetterManager = { unsubscribe: sinon.stub().callsArgWith(1) }
|
|
|
|
|
this.UserRegistrationHandler = { registerNewUser: sinon.stub() }
|
|
|
|
|
this.AuthenticationController = {
|
|
|
|
|
establishUserSession: sinon.stub().callsArg(2),
|
|
|
|
|
getLoggedInUserId: sinon.stub().returns(this.user._id),
|
|
|
|
|
getSessionUser: sinon.stub().returns(this.req.session.user),
|
|
|
|
|
setInSessionUser: sinon.stub()
|
|
|
|
|
}
|
|
|
|
|
this.AuthenticationManager = {
|
|
|
|
|
authenticate: sinon.stub(),
|
|
|
|
|
setUserPassword: sinon.stub(),
|
|
|
|
|
validatePassword: sinon.stub()
|
|
|
|
|
}
|
|
|
|
|
this.ReferalAllocator = { allocate: sinon.stub() }
|
|
|
|
|
this.SubscriptionDomainHandler = { autoAllocate: sinon.stub() }
|
|
|
|
|
this.UserUpdater = { changeEmailAddress: sinon.stub() }
|
|
|
|
|
this.settings = { siteUrl: 'sharelatex.example.com' }
|
|
|
|
|
this.UserHandler = { populateTeamInvites: sinon.stub().callsArgWith(1) }
|
|
|
|
|
this.UserSessionsManager = {
|
|
|
|
|
trackSession: sinon.stub(),
|
|
|
|
|
untrackSession: sinon.stub(),
|
|
|
|
|
revokeAllUserSessions: sinon.stub().callsArgWith(2, null)
|
|
|
|
|
}
|
|
|
|
|
this.SudoModeHandler = { clearSudoMode: sinon.stub() }
|
|
|
|
|
this.UserController = SandboxedModule.require(modulePath, {
|
2019-07-15 06:33:47 -04:00
|
|
|
globals: {
|
|
|
|
|
console: console
|
|
|
|
|
},
|
2019-05-29 05:21:06 -04:00
|
|
|
requires: {
|
|
|
|
|
'./UserGetter': this.UserGetter,
|
|
|
|
|
'./UserDeleter': this.UserDeleter,
|
|
|
|
|
'./UserUpdater': this.UserUpdater,
|
|
|
|
|
'../../models/User': {
|
|
|
|
|
User: this.User
|
|
|
|
|
},
|
|
|
|
|
'../Newsletter/NewsletterManager': this.NewsLetterManager,
|
|
|
|
|
'./UserRegistrationHandler': this.UserRegistrationHandler,
|
|
|
|
|
'../Authentication/AuthenticationController': this
|
|
|
|
|
.AuthenticationController,
|
|
|
|
|
'../Authentication/AuthenticationManager': this.AuthenticationManager,
|
|
|
|
|
'../Referal/ReferalAllocator': this.ReferalAllocator,
|
|
|
|
|
'../Subscription/SubscriptionDomainHandler': this
|
|
|
|
|
.SubscriptionDomainHandler,
|
|
|
|
|
'./UserHandler': this.UserHandler,
|
|
|
|
|
'./UserSessionsManager': this.UserSessionsManager,
|
|
|
|
|
'../SudoMode/SudoModeHandler': this.SudoModeHandler,
|
|
|
|
|
'settings-sharelatex': this.settings,
|
|
|
|
|
'logger-sharelatex': {
|
|
|
|
|
log() {},
|
2019-07-01 09:48:09 -04:00
|
|
|
warn() {},
|
2019-05-29 05:21:06 -04:00
|
|
|
err() {}
|
|
|
|
|
},
|
|
|
|
|
'metrics-sharelatex': {
|
|
|
|
|
inc() {}
|
|
|
|
|
},
|
2019-07-19 05:40:23 -04:00
|
|
|
'../Errors/Errors': Errors,
|
2019-07-31 04:22:31 -04:00
|
|
|
'@overleaf/o-error/http': HttpErrors,
|
2019-07-25 11:10:31 -04:00
|
|
|
'../Email/EmailHandler': { sendEmail: sinon.stub() }
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
this.res = {
|
|
|
|
|
send: sinon.stub(),
|
2019-06-14 12:31:46 -04:00
|
|
|
status: sinon.stub(),
|
2019-05-29 05:21:06 -04:00
|
|
|
sendStatus: sinon.stub(),
|
|
|
|
|
json: sinon.stub()
|
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.res.status.returns(this.res)
|
|
|
|
|
this.next = sinon.stub()
|
|
|
|
|
this.callback = sinon.stub()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('tryDeleteUser', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
this.req.body.password = 'wat'
|
|
|
|
|
this.req.logout = sinon.stub()
|
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0, null)
|
|
|
|
|
this.AuthenticationController.getLoggedInUserId = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.returns(this.user._id)
|
|
|
|
|
this.AuthenticationManager.authenticate = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.callsArgWith(2, null, this.user)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should send 200', function(done) {
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
code.should.equal(200)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should try to authenticate user', function(done) {
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.AuthenticationManager.authenticate.callCount.should.equal(1)
|
|
|
|
|
this.AuthenticationManager.authenticate
|
|
|
|
|
.calledWith({ _id: this.user._id }, this.req.body.password)
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should delete the user', function(done) {
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.UserDeleter.deleteUser.callCount.should.equal(1)
|
|
|
|
|
this.UserDeleter.deleteUser.calledWith(this.user._id).should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('when no password is supplied', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
return (this.req.body.password = '')
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should return 403', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
code.should.equal(403)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('when authenticate produces an error', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
return (this.AuthenticationManager.authenticate = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.callsArgWith(2, new Error('woops')))
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should call next with an error', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.next = err => {
|
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
|
expect(err).to.be.instanceof(Error)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('when authenticate does not produce a user', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
return (this.AuthenticationManager.authenticate = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.callsArgWith(2, null, null))
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should return 403', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
code.should.equal(403)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('when deleteUser produces an error', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
return (this.UserDeleter.deleteUser = sinon
|
|
|
|
|
.stub()
|
2019-07-18 10:18:56 -04:00
|
|
|
.yields(new Error('woops')))
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should call next with an error', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.next = err => {
|
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
|
expect(err).to.be.instanceof(Error)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('when deleteUser produces a known error', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
return (this.UserDeleter.deleteUser = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.yields(new Errors.SubscriptionAdminDeletionError()))
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should return a json error', function(done) {
|
2019-07-19 05:40:23 -04:00
|
|
|
this.UserController.tryDeleteUser(this.req, null, error => {
|
|
|
|
|
expect(error).to.be.instanceof(HttpErrors.UnprocessableEntityError)
|
|
|
|
|
expect(
|
|
|
|
|
OError.hasCauseInstanceOf(
|
|
|
|
|
error,
|
|
|
|
|
Errors.SubscriptionAdminDeletionError
|
|
|
|
|
)
|
|
|
|
|
).to.be.true
|
|
|
|
|
done()
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
describe('when session.destroy produces an error', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
beforeEach(function() {
|
|
|
|
|
return (this.req.session.destroy = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.callsArgWith(0, new Error('woops')))
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should call next with an error', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.next = err => {
|
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
|
expect(err).to.be.instanceof(Error)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.tryDeleteUser(this.req, this.res, this.next)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
2019-08-07 10:04:04 -04:00
|
|
|
describe('unsubscribe', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
it('should send the user to unsubscribe', function(done) {
|
|
|
|
|
this.res.send = code => {
|
|
|
|
|
this.NewsLetterManager.unsubscribe
|
|
|
|
|
.calledWith(this.user)
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.unsubscribe(this.req, this.res)
|
2019-08-07 10:04:04 -04:00
|
|
|
})
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
|
|
|
|
|
describe('updateUserSettings', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
this.newEmail = 'hello@world.com'
|
|
|
|
|
return (this.req.externalAuthenticationSystemUsed = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.returns(false))
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should call save', function(done) {
|
|
|
|
|
this.req.body = {}
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.user.save.called.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should set the first name', function(done) {
|
|
|
|
|
this.req.body = { first_name: 'bobby ' }
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.user.first_name.should.equal('bobby')
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should set the role', function(done) {
|
|
|
|
|
this.req.body = { role: 'student' }
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.user.role.should.equal('student')
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should set the institution', function(done) {
|
|
|
|
|
this.req.body = { institution: 'MIT' }
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.user.institution.should.equal('MIT')
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should set some props on ace', function(done) {
|
|
|
|
|
this.req.body = { editorTheme: 'something' }
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.user.ace.theme.should.equal('something')
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should set the overall theme', function(done) {
|
|
|
|
|
this.req.body = { overallTheme: 'green-ish' }
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
this.user.ace.overallTheme.should.equal('green-ish')
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should send an error if the email is 0 len', function(done) {
|
|
|
|
|
this.req.body.email = ''
|
|
|
|
|
this.res.sendStatus = function(code) {
|
|
|
|
|
code.should.equal(400)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should send an error if the email does not contain an @', function(done) {
|
|
|
|
|
this.req.body.email = 'bob at something dot com'
|
|
|
|
|
this.res.sendStatus = function(code) {
|
|
|
|
|
code.should.equal(400)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should call the user updater with the new email and user _id', function(done) {
|
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
code.should.equal(200)
|
|
|
|
|
this.UserUpdater.changeEmailAddress
|
|
|
|
|
.calledWith(this.user_id, this.newEmail)
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should update the email on the session', function(done) {
|
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
|
let callcount = 0
|
|
|
|
|
this.User.findById = (id, cb) => {
|
|
|
|
|
if (++callcount === 2) {
|
|
|
|
|
this.user.email = this.newEmail
|
|
|
|
|
}
|
|
|
|
|
return cb(null, this.user)
|
|
|
|
|
}
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
code.should.equal(200)
|
|
|
|
|
this.AuthenticationController.setInSessionUser
|
|
|
|
|
.calledWith(this.req, {
|
|
|
|
|
email: this.newEmail,
|
|
|
|
|
first_name: undefined,
|
|
|
|
|
last_name: undefined
|
|
|
|
|
})
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should call populateTeamInvites', function(done) {
|
|
|
|
|
this.req.body.email = this.newEmail.toUpperCase()
|
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
code.should.equal(200)
|
|
|
|
|
this.UserHandler.populateTeamInvites
|
|
|
|
|
.calledWith(this.user)
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
describe('when using an external auth source', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
beforeEach(function() {
|
|
|
|
|
this.UserUpdater.changeEmailAddress.callsArgWith(2)
|
|
|
|
|
this.newEmail = 'someone23@example.com'
|
|
|
|
|
return (this.req.externalAuthenticationSystemUsed = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.returns(true))
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should not set a new email', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body.email = this.newEmail
|
|
|
|
|
this.res.sendStatus = code => {
|
|
|
|
|
code.should.equal(200)
|
|
|
|
|
this.UserUpdater.changeEmailAddress
|
|
|
|
|
.calledWith(this.user_id, this.newEmail)
|
|
|
|
|
.should.equal(false)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.updateUserSettings(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('logout', function() {
|
|
|
|
|
it('should destroy the session', function(done) {
|
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
|
this.res.redirect = url => {
|
|
|
|
|
url.should.equal('/login')
|
|
|
|
|
this.req.session.destroy.called.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return this.UserController.logout(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should clear sudo-mode', function(done) {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
|
this.SudoModeHandler.clearSudoMode = sinon.stub()
|
|
|
|
|
this.res.redirect = url => {
|
|
|
|
|
url.should.equal('/login')
|
|
|
|
|
this.SudoModeHandler.clearSudoMode.callCount.should.equal(1)
|
|
|
|
|
this.SudoModeHandler.clearSudoMode
|
|
|
|
|
.calledWith(this.user._id)
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return this.UserController.logout(this.req, this.res)
|
2019-09-25 10:29:10 -04:00
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should redirect after logout', function(done) {
|
|
|
|
|
this.req.body.redirect = '/institutional-login'
|
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
|
this.SudoModeHandler.clearSudoMode = sinon.stub()
|
|
|
|
|
this.res.redirect = url => {
|
|
|
|
|
url.should.equal(this.req.body.redirect)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.logout(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should redirect to login after logout when no redirect set', function(done) {
|
|
|
|
|
this.req.session.destroy = sinon.stub().callsArgWith(0)
|
|
|
|
|
this.SudoModeHandler.clearSudoMode = sinon.stub()
|
|
|
|
|
this.res.redirect = url => {
|
|
|
|
|
url.should.equal('/login')
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.logout(this.req, this.res)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('register', function() {
|
|
|
|
|
beforeEach(function() {
|
|
|
|
|
this.UserRegistrationHandler.registerNewUserAndSendActivationEmail = sinon
|
|
|
|
|
.stub()
|
|
|
|
|
.callsArgWith(1, null, this.user, (this.url = 'mock/url'))
|
|
|
|
|
this.req.body.email = this.user.email = this.email = 'email@example.com'
|
|
|
|
|
return this.UserController.register(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('should register the user and send them an email', function() {
|
|
|
|
|
return this.UserRegistrationHandler.registerNewUserAndSendActivationEmail
|
|
|
|
|
.calledWith(this.email)
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
it('should return the user and activation url', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
return this.res.json
|
|
|
|
|
.calledWith({
|
|
|
|
|
email: this.email,
|
|
|
|
|
setNewPasswordUrl: this.url
|
|
|
|
|
})
|
|
|
|
|
.should.equal(true)
|
|
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
describe('clearSessions', function() {
|
|
|
|
|
it('should call revokeAllUserSessions', function(done) {
|
|
|
|
|
this.UserController.clearSessions(this.req, this.res)
|
|
|
|
|
this.UserSessionsManager.revokeAllUserSessions.callCount.should.equal(1)
|
|
|
|
|
return done()
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
it('send a 201 response', function(done) {
|
|
|
|
|
this.res.sendStatus = status => {
|
|
|
|
|
status.should.equal(201)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.clearSessions(this.req, this.res)
|
|
|
|
|
})
|
|
|
|
|
|
2019-08-07 10:04:04 -04:00
|
|
|
describe('when revokeAllUserSessions produces an error', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
it('should call next with an error', function(done) {
|
|
|
|
|
this.UserSessionsManager.revokeAllUserSessions.callsArgWith(
|
|
|
|
|
2,
|
|
|
|
|
new Error('woops')
|
|
|
|
|
)
|
|
|
|
|
const next = err => {
|
|
|
|
|
expect(err).to.not.equal(null)
|
|
|
|
|
expect(err).to.be.instanceof(Error)
|
|
|
|
|
return done()
|
|
|
|
|
}
|
|
|
|
|
return this.UserController.clearSessions(this.req, this.res, next)
|
2019-08-07 10:04:04 -04:00
|
|
|
})
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2019-06-21 09:46:09 -04:00
|
|
|
describe('changePassword', function() {
|
2019-06-14 12:31:46 -04:00
|
|
|
it('should check the old password is the current one at the moment', function() {
|
|
|
|
|
this.AuthenticationManager.authenticate.yields()
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = { currentPassword: 'oldpasshere' }
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
|
this.AuthenticationManager.authenticate.should.have.been.calledWith(
|
|
|
|
|
{ _id: this.user._id },
|
|
|
|
|
'oldpasshere'
|
|
|
|
|
)
|
|
|
|
|
this.AuthenticationManager.setUserPassword.callCount.should.equal(0)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2019-06-14 12:31:46 -04:00
|
|
|
it('it should not set the new password if they do not match', function() {
|
|
|
|
|
this.AuthenticationManager.authenticate.yields(null, {})
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = {
|
|
|
|
|
newPassword1: '1',
|
|
|
|
|
newPassword2: '2'
|
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
|
this.res.status.should.have.been.calledWith(400)
|
|
|
|
|
this.AuthenticationManager.setUserPassword.callCount.should.equal(0)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2019-06-14 12:31:46 -04:00
|
|
|
it('should set the new password if they do match', function() {
|
|
|
|
|
this.AuthenticationManager.authenticate.yields(null, this.user)
|
|
|
|
|
this.AuthenticationManager.setUserPassword.yields()
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = {
|
|
|
|
|
newPassword1: 'newpass',
|
|
|
|
|
newPassword2: 'newpass'
|
|
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
|
this.AuthenticationManager.setUserPassword.should.have.been.calledWith(
|
|
|
|
|
this.user._id,
|
|
|
|
|
'newpass'
|
|
|
|
|
)
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
|
2019-06-14 12:31:46 -04:00
|
|
|
it('it should not set the new password if it is invalid', function() {
|
2019-05-29 05:21:06 -04:00
|
|
|
this.AuthenticationManager.validatePassword = sinon
|
|
|
|
|
.stub()
|
2019-06-14 12:31:46 -04:00
|
|
|
.returns({ message: 'validation-error' })
|
|
|
|
|
this.AuthenticationManager.authenticate.yields(null, {})
|
2019-05-29 05:21:06 -04:00
|
|
|
this.req.body = {
|
2019-06-14 12:31:46 -04:00
|
|
|
newPassword1: 'newpass',
|
|
|
|
|
newPassword2: 'newpass'
|
2019-05-29 05:21:06 -04:00
|
|
|
}
|
2019-06-14 12:31:46 -04:00
|
|
|
this.UserController.changePassword(this.req, this.res, this.callback)
|
|
|
|
|
this.AuthenticationManager.setUserPassword.callCount.should.equal(0)
|
|
|
|
|
this.res.status.should.have.been.calledWith(400)
|
|
|
|
|
this.res.json.should.have.been.calledWith({
|
|
|
|
|
message: {
|
|
|
|
|
type: 'error',
|
|
|
|
|
text: 'validation-error'
|
|
|
|
|
}
|
|
|
|
|
})
|
2019-05-29 05:21:06 -04:00
|
|
|
})
|
|
|
|
|
})
|
|
|
|
|
})
|
