overleaf/services/web/test/acceptance/src/AdminOnlyLoginTests.js

const Settings = require('@overleaf/settings')
const { expect } = require('chai')
const User = require('./helpers/User').promises

describe('AdminOnlyLogin', function () {
  let adminUser, regularUser
  const flagBefore = Settings.adminOnlyLogin
  after(function () {
    Settings.adminOnlyLogin = flagBefore
  })

  beforeEach('create admin user', async function () {
    adminUser = new User()
    await adminUser.ensureUserExists()
    await adminUser.ensureAdmin()
  })

  beforeEach('create regular user', async function () {
    regularUser = new User()
    await regularUser.ensureUserExists()
  })

  async function expectCanLogin(user) {
    const response = await user.login()
    expect(response.statusCode).to.equal(200)
    expect(response.body).to.deep.equal({ redir: '/project' })
  }

  async function expectRejectedLogin(user) {
    const response = await user.login()
    expect(response.statusCode).to.equal(403)
    expect(response.body).to.deep.equal({
      message: { type: 'error', text: 'Admin only panel' },
    })
  }

  describe('adminOnlyLogin=true', function () {
    beforeEach(function () {
      Settings.adminOnlyLogin = true
    })

    it('should allow the admin user to login', async function () {
      await expectCanLogin(adminUser)
    })

    it('should block a regular user from login', async function () {
      await expectRejectedLogin(regularUser)
    })
  })

  describe('adminOnlyLogin=false', function () {
    beforeEach(function () {
      Settings.adminOnlyLogin = false
    })

    it('should allow the admin user to login', async function () {
      await expectCanLogin(adminUser)
    })

    it('should allow a regular user to login', async function () {
      await expectCanLogin(regularUser)
    })
  })
})