overleaf/services/web/test/acceptance/coffee/ProjectInviteTests.coffee

530 lines
18 KiB
CoffeeScript
Raw Normal View History

expect = require("chai").expect
Async = require("async")
User = require "./helpers/User"
request = require "./helpers/request"
settings = require "settings-sharelatex"
2016-07-28 11:00:18 -04:00
CollaboratorsEmailHandler = require "../../../app/js/Features/Collaborators/CollaboratorsEmailHandler"
2016-07-29 08:55:08 -04:00
createInvite = (sendingUser, projectId, email, callback=(err, invite)->) ->
2016-07-29 04:52:55 -04:00
sendingUser.getCsrfToken (err) ->
2016-07-28 11:00:18 -04:00
return callback(err) if err
2016-07-29 04:52:55 -04:00
sendingUser.request.post {
uri: "/project/#{projectId}/invite",
2016-07-28 11:00:18 -04:00
json:
email: email
2016-07-29 06:04:07 -04:00
privileges: 'readAndWrite'
2016-07-28 11:00:18 -04:00
}, (err, response, body) ->
return callback(err) if err
2016-07-29 08:55:08 -04:00
callback(null, body.invite)
createProject = (owner, projectName, callback=(err, projectId, project)->) ->
owner.createProject projectName, (err, projectId) ->
throw err if err
fakeProject = {
_id: projectId,
name: projectName,
owner_ref: owner
}
callback(err, projectId, fakeProject)
createProjectAndInvite = (owner, projectName, email, callback=(err, project, invite)->) ->
createProject owner, projectName, (err, projectId, project) ->
return callback(err) if err
createInvite owner, projectId, email, (err, invite) ->
return callback(err) if err
link = CollaboratorsEmailHandler._buildInviteUrl(project, invite)
callback(null, project, invite, link)
2016-07-29 08:55:08 -04:00
revokeInvite = (sendingUser, projectId, inviteId, callback=(err)->) ->
sendingUser.getCsrfToken (err) ->
return callback(err) if err
sendingUser.request.delete {
uri: "/project/#{projectId}/invite/#{inviteId}",
2016-07-29 08:55:08 -04:00
}, (err, response, body) ->
return callback(err) if err
callback(null)
2016-07-29 08:39:18 -04:00
2016-07-29 08:39:18 -04:00
# Actions
tryFollowInviteLink = (user, link, callback=(err, response, body)->) ->
2016-07-29 06:04:07 -04:00
user.request.get {
uri: link
baseUrl: null
}, callback
2016-07-29 08:39:18 -04:00
tryAcceptInvite = (user, invite, callback=(err, response, body)->) ->
2016-07-29 06:04:07 -04:00
user.request.post {
uri: "/project/#{invite.projectId}/invite/token/#{invite.token}/accept"
2016-07-29 06:04:07 -04:00
json:
token: invite.token
}, callback
2016-08-01 07:14:34 -04:00
tryRegisterUser = (user, email, redir, callback=(err, response, body)->) ->
user.getCsrfToken (error) =>
return callback(error) if error?
user.request.post {
url: "/register"
json:
email: email
password: "some_weird_password"
redir: redir
}, callback
2016-08-01 10:16:03 -04:00
tryFollowLoginLink = (user, loginLink, callback=(err, response, body)->) ->
user.getCsrfToken (error) =>
return callback(error) if error?
user.request.get loginLink, callback
tryLoginUser = (user, redir, callback=(err, response, body)->) ->
user.getCsrfToken (error) =>
return callback(error) if error?
user.request.post {
url: "/login"
json:
email: user.email
password: user.password
redir: redir
}, callback
tryGetInviteList = (user, projectId, callback=(err, response, body)->) ->
user.getCsrfToken (error) =>
return callback(error) if error?
user.request.get {
url: "/project/#{projectId}/invites"
json: true
}, callback
tryJoinProject = (user, projectId, callback=(err, response, body)->) ->
user.getCsrfToken (error) =>
return callback(error) if error?
user.request.post {
url: "/project/#{projectId}/join"
qs: {user_id: user._id}
auth:
user: settings.apis.web.user
pass: settings.apis.web.pass
sendImmediately: true
json: true
jar: false
}, callback
2016-07-29 06:04:07 -04:00
2016-07-29 08:39:18 -04:00
# Expectations
2016-08-01 07:14:34 -04:00
expectProjectAccess = (user, projectId, callback=(err,result)->) ->
2016-07-29 08:39:18 -04:00
# should have access to project
user.openProject projectId, (err) =>
expect(err).to.be.oneOf [null, undefined]
callback()
2016-08-01 07:14:34 -04:00
expectNoProjectAccess = (user, projectId, callback=(err,result)->) ->
2016-07-29 08:39:18 -04:00
# should not have access to project page
user.openProject projectId, (err) =>
expect(err).to.be.instanceof Error
callback()
2016-08-01 07:14:34 -04:00
expectInvitePage = (user, link, callback=(err,result)->) ->
2016-07-29 08:39:18 -04:00
# view invite
tryFollowInviteLink user, link, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 200
expect(body).to.match new RegExp("<title>Project Invite - .*</title>")
callback()
2016-08-01 07:14:34 -04:00
expectInvalidInvitePage = (user, link, callback=(err,result)->) ->
2016-07-29 08:39:18 -04:00
# view invalid invite
tryFollowInviteLink user, link, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 200
expect(body).to.match new RegExp("<title>Invalid Invite - .*</title>")
callback()
2016-08-01 07:14:34 -04:00
expectInviteRedirectToRegister = (user, link, callback=(err,result)->) ->
# view invite, redirect to `/register`
tryFollowInviteLink user, link, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 302
expect(response.headers.location).to.match new RegExp("^/register\?.*redir=.*$")
2016-08-01 07:14:34 -04:00
# follow redirect to register page and extract the redirectUrl from form
user.request.get response.headers.location, (err, response, body) ->
redirectUrl = body.match(/input name="redir" type="hidden" value="([^"]*)"/m)?[1]
2016-08-01 08:54:49 -04:00
loginUrl = body.match(/href="([^"]*)">\s*Login here/m)?[1]
2016-08-01 07:14:34 -04:00
expect(redirectUrl).to.not.be.oneOf [null, undefined]
2016-08-01 08:54:49 -04:00
expect(loginUrl).to.not.be.oneOf [null, undefined]
callback(null, redirectUrl, loginUrl)
2016-08-01 07:14:34 -04:00
2016-08-01 10:16:03 -04:00
expectLoginPage = (user, loginLink, callback=(err, result)->) ->
tryFollowLoginLink user, loginLink, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 200
expect(body).to.match new RegExp("<title>Login - .*</title>")
redirectUrl = body.match(/input name="redir" type="hidden" value="([^"]*)"/m)?[1]
callback(null, redirectUrl)
expectLoginRedirectToInvite = (user, redir, link, callback=(err, result)->) ->
tryLoginUser user, redir, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 200
expect(link).to.match new RegExp("^.*#{body.redir}\?.*$")
callback(null, null)
2016-08-01 07:14:34 -04:00
expectRegistrationRedirectToInvite = (user, email, redir, link, callback=(err, result)->) ->
tryRegisterUser user, email, redir, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 200
expect(link).to.match new RegExp("^.*#{body.redir}\?.*$")
callback(null, null)
2016-08-01 07:14:34 -04:00
expectInviteRedirectToProject = (user, link, invite, callback=(err,result)->) ->
# view invite, redirect straight to project
tryFollowInviteLink user, link, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 302
expect(response.headers.location).to.equal "/project/#{invite.projectId}"
callback()
2016-08-01 07:14:34 -04:00
expectAcceptInviteAndRedirect = (user, invite, callback=(err,result)->) ->
2016-07-29 08:39:18 -04:00
# should accept the invite and redirect to project
tryAcceptInvite user, invite, (err, response, body) =>
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 302
expect(response.headers.location).to.equal "/project/#{invite.projectId}"
callback()
expectInviteListCount = (user, projectId, count, callback=(err)->) ->
tryGetInviteList user, projectId, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 200
expect(body).to.have.all.keys ['invites']
expect(body.invites.length).to.equal count
callback()
expectInvitesInJoinProjectCount = (user, projectId, count, callback=(err,result)->) ->
tryJoinProject user, projectId, (err, response, body) ->
expect(err).to.be.oneOf [null, undefined]
expect(response.statusCode).to.equal 200
expect(body.project).to.contain.keys ['invites']
expect(body.project.invites.length).to.equal count
callback()
2016-07-29 08:39:18 -04:00
describe "ProjectInviteTests", ->
before (done) ->
@sendingUser = new User()
@user = new User()
@site_admin = new User({email: "admin@example.com"})
2016-07-29 04:52:55 -04:00
@email = 'smoketestuser@example.com'
2016-07-28 11:00:18 -04:00
@projectName = 'sharing test'
Async.series [
(cb) => @user.login cb
(cb) => @user.logout cb
(cb) => @sendingUser.login cb
], done
describe 'creating invites', ->
beforeEach (done) ->
@projectName = "wat"
@projectId = null
@fakeProject = null
done()
afterEach ->
describe 'creating two invites', ->
beforeEach (done) ->
Async.series [
(cb) =>
createProject @sendingUser, @projectName, (err, projectId, project) =>
@projectId = projectId
@fakeProject = project
cb()
], done
afterEach (done) ->
Async.series [
(cb) => @sendingUser.deleteProject(@projectId, cb)
(cb) => @sendingUser.deleteProject(@projectId, cb)
], done
it 'should allow the project owner to create and remove invites', (done) ->
@invite = null
Async.series [
(cb) => expectProjectAccess @sendingUser, @projectId, cb
(cb) => expectInviteListCount @sendingUser, @projectId, 0, cb
# create invite, check invite list count
(cb) => createInvite @sendingUser, @projectId, @email, (err, invite) =>
return cb(err) if err
@invite = invite
cb()
(cb) => expectInviteListCount @sendingUser, @projectId, 1, cb
(cb) => revokeInvite @sendingUser, @projectId, @invite._id, cb
(cb) => expectInviteListCount @sendingUser, @projectId, 0, cb
# and a second time
(cb) => createInvite @sendingUser, @projectId, @email, (err, invite) =>
return cb(err) if err
@invite = invite
cb()
(cb) => expectInviteListCount @sendingUser, @projectId, 1, cb
# check the joinProject view
(cb) => expectInvitesInJoinProjectCount @sendingUser, @projectId, 1, cb
# revoke invite
(cb) => revokeInvite @sendingUser, @projectId, @invite._id, cb
(cb) => expectInviteListCount @sendingUser, @projectId, 0, cb
(cb) => expectInvitesInJoinProjectCount @sendingUser, @projectId, 0, cb
], done
2016-08-10 10:24:09 -04:00
it 'should allow the project owner to many invites at once', (done) ->
@inviteOne = null
@inviteTwo = null
Async.series [
(cb) => expectProjectAccess @sendingUser, @projectId, cb
(cb) => expectInviteListCount @sendingUser, @projectId, 0, cb
# create first invite
(cb) => createInvite @sendingUser, @projectId, @email, (err, invite) =>
return cb(err) if err
@inviteOne = invite
cb()
(cb) => expectInviteListCount @sendingUser, @projectId, 1, cb
# and a second
(cb) => createInvite @sendingUser, @projectId, @email, (err, invite) =>
return cb(err) if err
@inviteTwo = invite
cb()
# should have two
(cb) => expectInviteListCount @sendingUser, @projectId, 2, cb
(cb) => expectInvitesInJoinProjectCount @sendingUser, @projectId, 2, cb
2016-08-10 10:24:09 -04:00
# revoke first
(cb) => revokeInvite @sendingUser, @projectId, @inviteOne._id, cb
(cb) => expectInviteListCount @sendingUser, @projectId, 1, cb
# revoke second
(cb) => revokeInvite @sendingUser, @projectId, @inviteTwo._id, cb
(cb) => expectInviteListCount @sendingUser, @projectId, 0, cb
], done
describe 'clicking the invite link', ->
beforeEach (done) ->
@projectId = null
@fakeProject = null
done()
describe "user is logged in already", ->
2016-07-28 11:00:18 -04:00
beforeEach (done) ->
Async.series [
(cb) =>
createProjectAndInvite @sendingUser, @projectName, @email, (err, project, invite, link) =>
@projectId = project._id
@fakeProject = project
@invite = invite
@link = link
cb()
(cb) =>
@user.login (err) =>
if err
throw err
cb()
], done
2016-07-29 08:55:08 -04:00
afterEach (done) ->
Async.series [
(cb) => @sendingUser.deleteProject(@projectId, cb)
(cb) => @sendingUser.deleteProject(@projectId, cb)
(cb) => revokeInvite(@sendingUser, @projectId, @invite._id, cb)
], done
describe 'user is already a member of the project', ->
beforeEach (done) ->
Async.series [
2016-08-01 10:16:10 -04:00
(cb) => expectInvitePage @user, @link, cb
(cb) => expectAcceptInviteAndRedirect @user, @invite, cb
(cb) => expectProjectAccess @user, @invite.projectId, cb
], done
describe 'when user clicks on the invite a second time', ->
it 'should just redirect to the project page', (done) ->
Async.series [
2016-08-01 10:16:10 -04:00
(cb) => expectProjectAccess @user, @invite.projectId, cb
(cb) => expectInviteRedirectToProject @user, @link, @invite, cb
(cb) => expectProjectAccess @user, @invite.projectId, cb
], done
describe 'when the user recieves another invite to the same project', ->
it 'should redirect to the project page', (done) ->
Async.series [
(cb) =>
createInvite @sendingUser, @projectId, @email, (err, invite) =>
if err
throw err
@secondInvite = invite
@secondLink = CollaboratorsEmailHandler._buildInviteUrl(@fakeProject, invite)
cb()
2016-08-01 10:16:10 -04:00
(cb) => expectInviteRedirectToProject @user, @secondLink, @secondInvite, cb
(cb) => expectProjectAccess @user, @invite.projectId, cb
2016-08-01 10:16:10 -04:00
(cb) => revokeInvite @sendingUser, @projectId, @secondInvite._id, cb
], done
describe 'user is not a member of the project', ->
it 'should not grant access if the user does not accept the invite', (done) ->
Async.series(
[
2016-08-01 10:16:10 -04:00
(cb) => expectInvitePage @user, @link, cb
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
], done
)
it 'should render the invalid-invite page if the token is invalid', (done) ->
Async.series(
[
(cb) =>
link = @link.replace(@invite.token, 'not_a_real_token')
expectInvalidInvitePage @user, link, cb
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
], done
)
it 'should allow the user to accept the invite and access the project', (done) ->
Async.series(
[
2016-08-01 10:16:10 -04:00
(cb) => expectInvitePage @user, @link, cb
(cb) => expectAcceptInviteAndRedirect @user, @invite, cb
(cb) => expectProjectAccess @user, @invite.projectId, cb
], done
)
describe 'user is not logged in initially', ->
before (done) ->
@user.logout done
beforeEach (done) ->
Async.series [
(cb) =>
createProjectAndInvite @sendingUser, @projectName, @email, (err, project, invite, link) =>
@projectId = project._id
@fakeProject = project
@invite = invite
@link = link
cb()
], done
afterEach (done) ->
Async.series [
(cb) => @sendingUser.deleteProject(@projectId, cb)
(cb) => @sendingUser.deleteProject(@projectId, cb)
(cb) => revokeInvite(@sendingUser, @projectId, @invite._id, cb)
], done
2016-08-01 08:30:43 -04:00
describe 'registration prompt workflow with valid token', ->
it 'should redirect to the register page', (done) ->
Async.series [
(cb) => expectInviteRedirectToRegister(@user, @link, cb)
2016-07-29 06:04:07 -04:00
], done
2016-08-01 07:14:34 -04:00
it 'should allow user to accept the invite if the user registers a new account', (done) ->
Async.series [
(cb) =>
expectInviteRedirectToRegister @user, @link, (err, redirectUrl) =>
@_redir = redirectUrl
cb()
2016-08-01 10:16:10 -04:00
(cb) => expectRegistrationRedirectToInvite @user, "some_email@example.com", @_redir, @link, cb
(cb) => expectInvitePage @user, @link, cb
(cb) => expectAcceptInviteAndRedirect @user, @invite, cb
(cb) => expectProjectAccess @user, @invite.projectId, cb
2016-08-01 07:14:34 -04:00
], done
2016-08-01 08:30:43 -04:00
describe 'registration prompt workflow with non-valid token', ->
before (done)->
@user.logout done
it 'should redirect to the register page', (done) ->
Async.series [
(cb) => expectInviteRedirectToRegister(@user, @link, cb)
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
2016-08-01 08:30:43 -04:00
], done
it 'should display invalid-invite if the user registers a new account', (done) ->
badLink = @link.replace(@invite.token, 'not_a_real_token')
Async.series [
(cb) =>
expectInviteRedirectToRegister @user, badLink, (err, redirectUrl) =>
@_redir = redirectUrl
cb()
2016-08-01 10:16:03 -04:00
(cb) => expectRegistrationRedirectToInvite @user, "some_email@example.com", @_redir, badLink, cb
(cb) => expectInvalidInvitePage @user, badLink, cb
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
], done
describe 'login workflow with valid token', ->
before (done)->
@user.logout done
it 'should redirect to the register page', (done) ->
Async.series [
(cb) => expectInviteRedirectToRegister(@user, @link, cb)
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
2016-08-01 10:16:03 -04:00
], done
it 'should allow the user to login to view the invite', (done) ->
Async.series [
2016-08-01 08:30:43 -04:00
(cb) =>
2016-08-01 10:16:03 -04:00
expectInviteRedirectToRegister @user, @link, (err, redirectUrl, loginUrl) =>
@_redir = redirectUrl
@_loginLink = loginUrl
cb()
2016-08-01 08:30:43 -04:00
(cb) =>
2016-08-01 10:16:03 -04:00
expectLoginPage @user, @_loginLink, (err, redirectUrl) =>
expect(@_redir).to.equal redirectUrl
cb()
(cb) => expectLoginRedirectToInvite @user, @_redir, @link, cb
(cb) => expectInvitePage @user, @link, cb
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
], done
it 'should allow user to accept the invite if the user registers a new account', (done) ->
Async.series [
(cb) => expectInvitePage @user, @link, cb
(cb) => expectAcceptInviteAndRedirect @user, @invite, cb
(cb) => expectProjectAccess @user, @invite.projectId, cb
2016-08-01 08:30:43 -04:00
], done
2016-08-01 10:21:06 -04:00
describe 'login workflow with non-valid token', ->
before (done)->
@user.logout done
it 'should redirect to the register page', (done) ->
Async.series [
(cb) => expectInviteRedirectToRegister(@user, @link, cb)
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
2016-08-01 10:21:06 -04:00
], done
it 'should show the invalid-invite page once the user has logged in', (done) ->
badLink = @link.replace(@invite.token, 'not_a_real_token')
Async.series [
(cb) =>
expectInviteRedirectToRegister @user, badLink, (err, redirectUrl, loginUrl) =>
@_redir = redirectUrl
@_loginLink = loginUrl
cb()
(cb) =>
expectLoginPage @user, @_loginLink, (err, redirectUrl) =>
expect(@_redir).to.equal redirectUrl
cb()
(cb) => expectLoginRedirectToInvite @user, @_redir, badLink, cb
(cb) => expectInvalidInvitePage @user, badLink, cb
(cb) => expectNoProjectAccess @user, @invite.projectId, cb
], done