overleaf/services/web/test/unit/coffee/User/UserControllerTests.coffee

393 lines
12 KiB
CoffeeScript
Raw Normal View History

sinon = require('sinon')
chai = require('chai')
should = chai.should()
expect = chai.expect
modulePath = "../../../../app/js/Features/User/UserController.js"
SandboxedModule = require('sandboxed-module')
events = require "events"
MockResponse = require "../helpers/MockResponse"
MockRequest = require "../helpers/MockRequest"
ObjectId = require("mongojs").ObjectId
assert = require("assert")
describe "UserController", ->
beforeEach ->
@user_id = "323123"
@user =
_id:@user_id
2016-09-07 11:40:49 -04:00
save: sinon.stub().callsArgWith(0)
ace:{}
2014-04-09 10:26:07 -04:00
2016-09-07 11:40:49 -04:00
@req =
user: {}
session:
destroy:->
user :
_id : @user_id
email:"old@something.com"
body:{}
@UserDeleter =
2014-04-09 10:26:07 -04:00
deleteUser: sinon.stub().callsArgWith(1)
@UserGetter =
getUser: sinon.stub().callsArgWith(1, null, @user)
@User =
findById: sinon.stub().callsArgWith(1, null, @user)
@NewsLetterManager =
unsubscribe: sinon.stub().callsArgWith(1)
@UserRegistrationHandler =
registerNewUser: sinon.stub()
@AuthenticationController =
establishUserSession: sinon.stub().callsArg(2)
2016-09-07 11:40:49 -04:00
getLoggedInUserId: sinon.stub().returns(@user._id)
getSessionUser: sinon.stub().returns(@req.session.user)
setInSessionUser: sinon.stub()
@AuthenticationManager =
authenticate: sinon.stub()
setUserPassword: sinon.stub()
@ReferalAllocator =
allocate:sinon.stub()
@SubscriptionDomainHandler =
autoAllocate:sinon.stub()
2014-05-16 12:45:48 -04:00
@UserUpdater =
changeEmailAddress:sinon.stub()
@settings =
siteUrl: "sharelatex.example.com"
@UserHandler =
populateTeamInvites: sinon.stub().callsArgWith(1)
2016-07-01 05:20:22 -04:00
@UserSessionsManager =
trackSession: sinon.stub()
untrackSession: sinon.stub()
2016-07-05 09:20:47 -04:00
revokeAllUserSessions: sinon.stub().callsArgWith(2, null)
2017-05-15 06:53:52 -04:00
@SudoModeHandler =
clearSudoMode: sinon.stub()
@UserController = SandboxedModule.require modulePath, requires:
"./UserGetter": @UserGetter
"./UserDeleter": @UserDeleter
2014-05-16 12:45:48 -04:00
"./UserUpdater":@UserUpdater
"../../models/User": User:@User
'../Newsletter/NewsletterManager':@NewsLetterManager
"./UserRegistrationHandler":@UserRegistrationHandler
"../Authentication/AuthenticationController": @AuthenticationController
"../Authentication/AuthenticationManager": @AuthenticationManager
"../Referal/ReferalAllocator":@ReferalAllocator
"../Subscription/SubscriptionDomainHandler":@SubscriptionDomainHandler
"./UserHandler":@UserHandler
2016-07-01 05:20:22 -04:00
"./UserSessionsManager": @UserSessionsManager
2017-05-15 06:53:52 -04:00
"../SudoMode/SudoModeHandler": @SudoModeHandler
"settings-sharelatex": @settings
"logger-sharelatex":
log:->
err:->
"metrics-sharelatex": inc:->
@res =
send: sinon.stub()
sendStatus: sinon.stub()
json: sinon.stub()
@next = sinon.stub()
2016-10-26 06:01:35 -04:00
describe 'tryDeleteUser', ->
beforeEach ->
@req.body.password = 'wat'
@req.logout = sinon.stub()
@req.session.destroy = sinon.stub().callsArgWith(0, null)
2016-10-26 06:01:35 -04:00
@AuthenticationController.getLoggedInUserId = sinon.stub().returns(@user._id)
@AuthenticationManager.authenticate = sinon.stub().callsArgWith(2, null, @user)
@UserDeleter.deleteUser = sinon.stub().callsArgWith(1, null)
it 'should send 200', (done) ->
@res.sendStatus = (code) =>
code.should.equal 200
done()
@UserController.tryDeleteUser @req, @res, @next
it 'should try to authenticate user', (done) ->
@res.sendStatus = (code) =>
@AuthenticationManager.authenticate.callCount.should.equal 1
@AuthenticationManager.authenticate.calledWith({_id: @user._id}, @req.body.password).should.equal true
done()
@UserController.tryDeleteUser @req, @res, @next
it 'should delete the user', (done) ->
@res.sendStatus = (code) =>
@UserDeleter.deleteUser.callCount.should.equal 1
@UserDeleter.deleteUser.calledWith(@user._id).should.equal true
done()
@UserController.tryDeleteUser @req, @res, @next
describe 'when no password is supplied', ->
beforeEach ->
@req.body.password = ''
it 'should return 403', (done) ->
@res.sendStatus = (code) =>
code.should.equal 403
done()
@UserController.tryDeleteUser @req, @res, @next
describe 'when authenticate produces an error', ->
beforeEach ->
@AuthenticationManager.authenticate = sinon.stub().callsArgWith(2, new Error('woops'))
it 'should call next with an error', (done) ->
@next = (err) =>
expect(err).to.not.equal null
expect(err).to.be.instanceof Error
done()
@UserController.tryDeleteUser @req, @res, @next
describe 'when authenticate does not produce a user', ->
beforeEach ->
@AuthenticationManager.authenticate = sinon.stub().callsArgWith(2, null, null)
it 'should return 403', (done) ->
@res.sendStatus = (code) =>
code.should.equal 403
done()
@UserController.tryDeleteUser @req, @res, @next
describe 'when deleteUser produces an error', ->
beforeEach ->
@UserDeleter.deleteUser = sinon.stub().callsArgWith(1, new Error('woops'))
it 'should call next with an error', (done) ->
@next = (err) =>
expect(err).to.not.equal null
expect(err).to.be.instanceof Error
done()
@UserController.tryDeleteUser @req, @res, @next
describe 'when session.destroy produces an error', ->
beforeEach ->
@req.session.destroy = sinon.stub().callsArgWith(0, new Error('woops'))
it 'should call next with an error', (done) ->
@next = (err) =>
expect(err).to.not.equal null
expect(err).to.be.instanceof Error
done()
@UserController.tryDeleteUser @req, @res, @next
2016-10-26 06:01:35 -04:00
describe "unsubscribe", ->
it "should send the user to unsubscribe", (done)->
@res.send = (code)=>
@NewsLetterManager.unsubscribe.calledWith(@user).should.equal true
done()
@UserController.unsubscribe @req, @res
describe "updateUserSettings", ->
2014-05-19 06:50:32 -04:00
beforeEach ->
@newEmail = "hello@world.com"
@req.externalAuthenticationSystemUsed = sinon.stub().returns(false)
it "should call save", (done)->
@req.body = {}
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)=>
@user.save.called.should.equal true
done()
@UserController.updateUserSettings @req, @res
it "should set the first name", (done)->
@req.body =
first_name: "bobby "
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)=>
@user.first_name.should.equal "bobby"
done()
@UserController.updateUserSettings @req, @res
2014-06-20 06:15:25 -04:00
it "should set the role", (done)->
@req.body =
role: "student"
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)=>
2014-06-20 06:15:25 -04:00
@user.role.should.equal "student"
done()
@UserController.updateUserSettings @req, @res
it "should set the institution", (done)->
@req.body =
institution: "MIT"
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)=>
2014-06-20 06:15:25 -04:00
@user.institution.should.equal "MIT"
done()
@UserController.updateUserSettings @req, @res
it "should set some props on ace", (done)->
@req.body =
2014-06-20 04:42:43 -04:00
theme: "something"
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)=>
@user.ace.theme.should.equal "something"
done()
@UserController.updateUserSettings @req, @res
2014-05-19 06:50:32 -04:00
it "should send an error if the email is 0 len", (done)->
@req.body.email = ""
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)->
2014-05-19 09:02:54 -04:00
code.should.equal 400
2014-05-19 06:50:32 -04:00
done()
@UserController.updateUserSettings @req, @res
it "should send an error if the email does not contain an @", (done)->
@req.body.email = "bob at something dot com"
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)->
2014-05-19 09:02:54 -04:00
code.should.equal 400
2014-05-19 06:50:32 -04:00
done()
@UserController.updateUserSettings @req, @res
it "should call the user updater with the new email and user _id", (done)->
@req.body.email = @newEmail.toUpperCase()
2014-05-19 06:50:32 -04:00
@UserUpdater.changeEmailAddress.callsArgWith(2)
2015-07-08 11:56:38 -04:00
@res.sendStatus = (code)=>
2014-05-19 06:50:32 -04:00
code.should.equal 200
@UserUpdater.changeEmailAddress.calledWith(@user_id, @newEmail).should.equal true
done()
@UserController.updateUserSettings @req, @res
it "should update the email on the session", (done)->
@req.body.email = @newEmail.toUpperCase()
@UserUpdater.changeEmailAddress.callsArgWith(2)
callcount = 0
@User.findById = (id, cb)=>
if ++callcount == 2
@user.email = @newEmail
cb(null, @user)
@res.sendStatus = (code)=>
code.should.equal 200
@AuthenticationController.setInSessionUser.calledWith(
@req, {email: @newEmail, first_name: undefined, last_name: undefined}
).should.equal true
done()
@UserController.updateUserSettings @req, @res
it "should call populateTeamInvites", (done)->
@req.body.email = @newEmail.toUpperCase()
@UserUpdater.changeEmailAddress.callsArgWith(2)
@res.sendStatus = (code)=>
code.should.equal 200
@UserHandler.populateTeamInvites.calledWith(@user).should.equal true
done()
@UserController.updateUserSettings @req, @res
2014-05-19 06:50:32 -04:00
describe 'when using an external auth source', ->
beforeEach ->
@UserUpdater.changeEmailAddress.callsArgWith(2)
@newEmail = 'someone23@example.com'
@req.externalAuthenticationSystemUsed = sinon.stub().returns(true)
it 'should not set a new email', (done) ->
@req.body.email = @newEmail
@res.sendStatus = (code)=>
code.should.equal 200
@UserUpdater.changeEmailAddress.calledWith(@user_id, @newEmail).should.equal false
done()
@UserController.updateUserSettings @req, @res
2014-04-09 11:59:28 -04:00
describe "logout", ->
it "should destroy the session", (done)->
2014-04-09 12:07:19 -04:00
@req.session.destroy = sinon.stub().callsArgWith(0)
2014-04-09 11:59:28 -04:00
@res.redirect = (url)=>
url.should.equal "/login"
@req.session.destroy.called.should.equal true
done()
@UserController.logout @req, @res
2017-05-15 06:53:52 -04:00
it 'should clear sudo-mode', (done) ->
@req.session.destroy = sinon.stub().callsArgWith(0)
@SudoModeHandler.clearSudoMode = sinon.stub()
@res.redirect = (url)=>
url.should.equal "/login"
@SudoModeHandler.clearSudoMode.callCount.should.equal 1
@SudoModeHandler.clearSudoMode.calledWith(@user._id).should.equal true
done()
@UserController.logout @req, @res
2014-04-09 11:59:28 -04:00
describe "register", ->
beforeEach ->
@UserRegistrationHandler.registerNewUserAndSendActivationEmail = sinon.stub().callsArgWith(1, null, @user, @url = "mock/url")
@req.body.email = @user.email = @email = "email@example.com"
@UserController.register @req, @res
it "should register the user and send them an email", ->
@UserRegistrationHandler.registerNewUserAndSendActivationEmail
.calledWith(@email)
.should.equal true
it "should return the user and activation url", ->
@res.json
.calledWith({
email: @email,
setNewPasswordUrl: @url
})
.should.equal true
describe 'clearSessions', ->
it 'should call revokeAllUserSessions', (done) ->
@UserController.clearSessions @req, @res
@UserSessionsManager.revokeAllUserSessions.callCount.should.equal 1
done()
it 'send a 201 response', (done) ->
@res.sendStatus = (status) =>
status.should.equal 201
done()
@UserController.clearSessions @req, @res
describe 'when revokeAllUserSessions produces an error', ->
it 'should call next with an error', (done) ->
@UserSessionsManager.revokeAllUserSessions.callsArgWith(2, new Error('woops'))
next = (err) =>
expect(err).to.not.equal null
expect(err).to.be.instanceof Error
done()
@UserController.clearSessions @req, @res, next
describe "changePassword", ->
it "should check the old password is the current one at the moment", (done)->
@AuthenticationManager.authenticate.callsArgWith(2)
@req.body =
currentPassword: "oldpasshere"
@res.send = =>
@AuthenticationManager.authenticate.calledWith(_id:@user._id, "oldpasshere").should.equal true
@AuthenticationManager.setUserPassword.called.should.equal false
done()
@UserController.changePassword @req, @res
it "it should not set the new password if they do not match", (done)->
@AuthenticationManager.authenticate.callsArgWith(2, null, {})
@req.body =
newPassword1: "1"
newPassword2: "2"
@res.send = =>
@AuthenticationManager.setUserPassword.called.should.equal false
done()
@UserController.changePassword @req, @res
it "should set the new password if they do match", (done)->
@AuthenticationManager.authenticate.callsArgWith(2, null, @user)
@AuthenticationManager.setUserPassword.callsArgWith(2)
@req.body =
newPassword1: "newpass"
newPassword2: "newpass"
@res.send = =>
@AuthenticationManager.setUserPassword.calledWith(@user._id, "newpass").should.equal true
done()
2014-05-16 12:45:48 -04:00
@UserController.changePassword @req, @res