mirror of
https://github.com/NodeBB/NodeBB.git
synced 2025-10-26 16:46:12 +01:00
feat: invites regardless of registration type, invite privilege, groups to join on acceptance (#8786)
* feat: allow invites in normal registration mode + invite privilege * feat: select groups to join from an invite * test: check if groups from invitations have been joined * fix: remove unused variable * feat: write API versions of socket calls * docs: openapi specs for the new routes * test: iron out mongo redis difference * refactor: move inviteGroups endpoint into write API * refactor: use GET /api/v3/users/:uid/invites/groups Instead of GET /api/v3/users/:uid/inviteGroups * fix: no need for /api/v3 prefix when using api module * fix: tests * refactor: change POST /api/v3/users/invite To POST /api/v3/users/:uid/invites * refactor: make helpers.invite awaitable * fix: restrict invite API to self-use only * fix: move invite groups controller to write api, +tests * fix: tests Co-authored-by: Julian Lam <julian@nodebb.org>
This commit is contained in:
gasoved
GitHub
@@ -9,6 +9,7 @@
|
||||
"upload-files": "Upload Files",
|
||||
"signature": "Signature",
|
||||
"ban": "Ban",
|
||||
"invite": "Invite",
|
||||
"search-content": "Search Content",
|
||||
"search-users": "Search Users",
|
||||
"search-tags": "Search Tags",
|
||||
|
||||
@@ -11,6 +11,7 @@
|
||||
"online-only": "Online only",
|
||||
"invite": "Invite",
|
||||
"prompt-email": "Emails:",
|
||||
"groups-to-join": "Groups to be joined when invite is accepted:",
|
||||
"invitation-email-sent": "An invitation email has been sent to %1",
|
||||
"user_list": "User List",
|
||||
"recent_topics": "Recent Topics",
|
||||
|
||||
@@ -27,6 +27,8 @@ get:
|
||||
type: string
|
||||
sort_lastonline:
|
||||
type: boolean
|
||||
showInviteButton:
|
||||
type: boolean
|
||||
inviteOnly:
|
||||
type: boolean
|
||||
adminInviteOnly:
|
||||
|
||||
@@ -44,6 +44,10 @@ paths:
|
||||
$ref: 'write/users/uid/tokens/token.yaml'
|
||||
/users/{uid}/sessions/{uuid}:
|
||||
$ref: 'write/users/uid/sessions/uuid.yaml'
|
||||
/users/{uid}/invites:
|
||||
$ref: 'write/users/uid/invites.yaml'
|
||||
/users/{uid}/invites/groups:
|
||||
$ref: 'write/users/uid/invites/groups.yaml'
|
||||
/categories/:
|
||||
$ref: 'write/categories.yaml'
|
||||
/groups/:
|
||||
|
||||
48
public/openapi/write/users/uid/invites.yaml
Normal file
48
public/openapi/write/users/uid/invites.yaml
Normal file
@@ -0,0 +1,48 @@
|
||||
post:
|
||||
tags:
|
||||
- users
|
||||
summary: invite users with email by email
|
||||
description: This operation sends an invitation email to the given addresses, with an option to join selected groups on acceptance
|
||||
parameters:
|
||||
- in: path
|
||||
name: uid
|
||||
schema:
|
||||
type: integer
|
||||
required: true
|
||||
description: uid of the user sending invitations
|
||||
example: 1
|
||||
requestBody:
|
||||
required: true
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
emails:
|
||||
type: string
|
||||
description: A single or list of comma separated email addresses
|
||||
example: friend01@example.com,friend02@example.com
|
||||
groupsToJoin:
|
||||
type: array
|
||||
description: A collection of group names
|
||||
example: ['administrators']
|
||||
required:
|
||||
- emails
|
||||
responses:
|
||||
'200':
|
||||
description: invitation email(s) sent
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: object
|
||||
properties:
|
||||
status:
|
||||
$ref: ../../../components/schemas/Status.yaml#/Status
|
||||
response:
|
||||
type: object
|
||||
'400':
|
||||
$ref: ../../../components/responses/400.yaml#/400
|
||||
'401':
|
||||
$ref: ../../../components/responses/401.yaml#/401
|
||||
'403':
|
||||
$ref: ../../../components/responses/403.yaml#/403
|
||||
23
public/openapi/write/users/uid/invites/groups.yaml
Normal file
23
public/openapi/write/users/uid/invites/groups.yaml
Normal file
@@ -0,0 +1,23 @@
|
||||
get:
|
||||
tags:
|
||||
- users
|
||||
summary: Get group names that the user can invite
|
||||
parameters:
|
||||
- in: path
|
||||
name: uid
|
||||
schema:
|
||||
type: integer
|
||||
required: true
|
||||
description: uid of the user to make the query for
|
||||
example: 1
|
||||
responses:
|
||||
'200':
|
||||
description: A collection of group names returned
|
||||
content:
|
||||
application/json:
|
||||
schema:
|
||||
type: array
|
||||
items:
|
||||
type: string
|
||||
'401':
|
||||
$ref: ../../../../components/responses/401.yaml#/401
|
||||
@@ -1,8 +1,8 @@
|
||||
'use strict';
|
||||
|
||||
define('admin/manage/users', [
|
||||
'translator', 'benchpress', 'autocomplete', 'api', 'slugify',
|
||||
], function (translator, Benchpress, autocomplete, api, slugify) {
|
||||
'translator', 'benchpress', 'autocomplete', 'api', 'slugify', 'bootbox',
|
||||
], function (translator, Benchpress, autocomplete, api, slugify, bootbox) {
|
||||
var Users = {};
|
||||
|
||||
Users.init = function () {
|
||||
@@ -454,20 +454,55 @@ define('admin/manage/users', [
|
||||
}
|
||||
|
||||
function handleInvite() {
|
||||
$('[component="user/invite"]').on('click', function () {
|
||||
bootbox.prompt('[[admin/manage/users:alerts.prompt-email]]', function (email) {
|
||||
if (!email) {
|
||||
return;
|
||||
}
|
||||
|
||||
socket.emit('user.invite', email, function (err) {
|
||||
if (err) {
|
||||
return app.alertError(err.message);
|
||||
}
|
||||
app.alertSuccess('[[admin/manage/users:alerts.email-sent-to, ' + email + ']]');
|
||||
$('[component="user/invite"]').on('click', function (e) {
|
||||
e.preventDefault();
|
||||
api.get(`/api/v3/users/${app.user.uid}/invites/groups`, {}).then((groups) => {
|
||||
Benchpress.parse('modals/invite', { groups: groups }, function (html) {
|
||||
bootbox.dialog({
|
||||
message: html,
|
||||
title: '[[admin/manage/users:invite]]',
|
||||
onEscape: true,
|
||||
buttons: {
|
||||
cancel: {
|
||||
label: '[[admin/manage/users:alerts.button-cancel]]',
|
||||
className: 'btn-default',
|
||||
},
|
||||
invite: {
|
||||
label: '[[admin/manage/users:invite]]',
|
||||
className: 'btn-primary',
|
||||
callback: sendInvites,
|
||||
},
|
||||
},
|
||||
});
|
||||
});
|
||||
}).catch((err) => {
|
||||
app.alertError(err.message);
|
||||
});
|
||||
return false;
|
||||
});
|
||||
}
|
||||
|
||||
function sendInvites() {
|
||||
var $emails = $('#invite-modal-emails');
|
||||
var $groups = $('#invite-modal-groups');
|
||||
|
||||
var data = {
|
||||
emails: $emails.val()
|
||||
.split(',')
|
||||
.map(m => m.trim())
|
||||
.filter(Boolean)
|
||||
.filter((m, i, arr) => i === arr.indexOf(m))
|
||||
.join(','),
|
||||
groupsToJoin: $groups.val(),
|
||||
};
|
||||
|
||||
if (!data.emails) {
|
||||
return;
|
||||
}
|
||||
|
||||
api.post(`/users/${app.user.uid}/invites`, data).then(() => {
|
||||
app.alertSuccess('[[admin/manage/users:alerts.email-sent-to, ' + data.emails.replace(/,/g, ', ') + ']]');
|
||||
}).catch((err) => {
|
||||
app.alertError(err.message);
|
||||
});
|
||||
}
|
||||
|
||||
|
||||
@@ -2,8 +2,8 @@
|
||||
|
||||
|
||||
define('forum/users', [
|
||||
'translator', 'benchpress', 'api',
|
||||
], function (translator, Benchpress, api) {
|
||||
'translator', 'benchpress', 'api', 'bootbox',
|
||||
], function (translator, Benchpress, api, bootbox) {
|
||||
var Users = {};
|
||||
|
||||
var searchTimeoutID = 0;
|
||||
@@ -136,21 +136,57 @@ define('forum/users', [
|
||||
}
|
||||
|
||||
function handleInvite() {
|
||||
$('[component="user/invite"]').on('click', function () {
|
||||
bootbox.prompt('[[users:prompt-email]]', function (email) {
|
||||
if (!email) {
|
||||
return;
|
||||
}
|
||||
|
||||
socket.emit('user.invite', email, function (err) {
|
||||
if (err) {
|
||||
return app.alertError(err.message);
|
||||
}
|
||||
app.alertSuccess('[[users:invitation-email-sent, ' + email + ']]');
|
||||
$('[component="user/invite"]').on('click', function (e) {
|
||||
e.preventDefault();
|
||||
api.get(`/api/v3/users/${app.user.uid}/invites/groups`, {}).then((groups) => {
|
||||
Benchpress.parse('modals/invite', { groups: groups }, function (html) {
|
||||
bootbox.dialog({
|
||||
message: html,
|
||||
title: '[[users:invite]]',
|
||||
onEscape: true,
|
||||
buttons: {
|
||||
cancel: {
|
||||
label: '[[modules:bootbox.cancel]]',
|
||||
className: 'btn-default',
|
||||
},
|
||||
invite: {
|
||||
label: '[[users:invite]]',
|
||||
className: 'btn-primary',
|
||||
callback: sendInvites,
|
||||
},
|
||||
},
|
||||
});
|
||||
});
|
||||
}).catch((err) => {
|
||||
app.alertError(err.message);
|
||||
});
|
||||
});
|
||||
}
|
||||
|
||||
function sendInvites() {
|
||||
var $emails = $('#invite-modal-emails');
|
||||
var $groups = $('#invite-modal-groups');
|
||||
|
||||
var data = {
|
||||
emails: $emails.val()
|
||||
.split(',')
|
||||
.map(m => m.trim())
|
||||
.filter(Boolean)
|
||||
.filter((m, i, arr) => i === arr.indexOf(m))
|
||||
.join(','),
|
||||
groupsToJoin: $groups.val(),
|
||||
};
|
||||
|
||||
if (!data.emails) {
|
||||
return;
|
||||
}
|
||||
|
||||
api.post(`/users/${app.user.uid}/invites`, data).then(() => {
|
||||
app.alertSuccess('[[users:invitation-email-sent, ' + data.emails.replace(/,/g, ', ') + ']]');
|
||||
}).catch((err) => {
|
||||
app.alertError(err.message);
|
||||
});
|
||||
}
|
||||
|
||||
return Users;
|
||||
});
|
||||
|
||||
@@ -9,6 +9,7 @@ const db = require('../../database');
|
||||
const pagination = require('../../pagination');
|
||||
const events = require('../../events');
|
||||
const plugins = require('../../plugins');
|
||||
const privileges = require('../../privileges');
|
||||
const utils = require('../../utils');
|
||||
|
||||
const usersController = module.exports;
|
||||
@@ -115,7 +116,7 @@ async function getUsers(req, res) {
|
||||
getUsersWithFields(set),
|
||||
]);
|
||||
|
||||
render(req, res, {
|
||||
await render(req, res, {
|
||||
users: users.filter(user => user && parseInt(user.uid, 10)),
|
||||
page: page,
|
||||
pageCount: Math.max(1, Math.ceil(count / resultsPerPage)),
|
||||
@@ -176,7 +177,7 @@ usersController.search = async function (req, res) {
|
||||
searchData.resultsPerPage = resultsPerPage;
|
||||
searchData.sortBy = req.query.sortBy;
|
||||
searchData.reverse = reverse;
|
||||
render(req, res, searchData);
|
||||
await render(req, res, searchData);
|
||||
};
|
||||
|
||||
usersController.registrationQueue = async function (req, res) {
|
||||
@@ -226,7 +227,7 @@ async function getInvites() {
|
||||
return invitations;
|
||||
}
|
||||
|
||||
function render(req, res, data) {
|
||||
async function render(req, res, data) {
|
||||
data.pagination = pagination.create(data.page, data.pageCount, req.query);
|
||||
|
||||
const registrationType = meta.config.registrationType;
|
||||
@@ -241,6 +242,12 @@ function render(req, res, data) {
|
||||
filterBy.forEach(function (filter) {
|
||||
data['filterBy_' + validator.escape(String(filter))] = true;
|
||||
});
|
||||
|
||||
data.showInviteButton = await privileges.users.hasInvitePrivilege(req.uid);
|
||||
if (data.adminInviteOnly) {
|
||||
data.showInviteButton = await privileges.users.isAdministrator(req.uid);
|
||||
}
|
||||
|
||||
res.render('admin/manage/users', data);
|
||||
}
|
||||
|
||||
|
||||
@@ -55,7 +55,11 @@ async function registerAndLoginUser(req, res, userData) {
|
||||
await authenticationController.doLogin(req, uid);
|
||||
}
|
||||
|
||||
user.deleteInvitationKey(userData.email);
|
||||
// Distinguish registrations through invites from direct ones
|
||||
if (userData.token) {
|
||||
await user.joinGroupsFromInvitation(uid, userData.email);
|
||||
}
|
||||
await user.deleteInvitationKey(userData.email);
|
||||
const referrer = req.body.referrer || req.session.referrer || nconf.get('relative_path') + '/';
|
||||
const complete = await plugins.fireHook('filter:register.complete', { uid: uid, referrer: referrer });
|
||||
req.session.returnTo = complete.referrer;
|
||||
@@ -74,7 +78,7 @@ authenticationController.register = async function (req, res) {
|
||||
|
||||
const userData = req.body;
|
||||
try {
|
||||
if (registrationType === 'invite-only' || registrationType === 'admin-invite-only') {
|
||||
if (userData.token || registrationType === 'invite-only' || registrationType === 'admin-invite-only') {
|
||||
await user.verifyInvitation(userData);
|
||||
}
|
||||
|
||||
|
||||
@@ -96,7 +96,7 @@ async function renderIfAdminOrGlobalMod(set, req, res) {
|
||||
|
||||
usersController.renderUsersPage = async function (set, req, res) {
|
||||
const userData = await usersController.getUsers(set, req.uid, req.query);
|
||||
render(req, res, userData);
|
||||
await render(req, res, userData);
|
||||
};
|
||||
|
||||
usersController.getUsers = async function (set, uid, query) {
|
||||
@@ -171,10 +171,15 @@ async function render(req, res, data) {
|
||||
data.inviteOnly = registrationType === 'invite-only' || registrationType === 'admin-invite-only';
|
||||
data.adminInviteOnly = registrationType === 'admin-invite-only';
|
||||
data.invites = await user.getInvitesNumber(req.uid);
|
||||
data.showInviteButton = req.loggedIn && (
|
||||
(registrationType === 'invite-only' && (data.isAdmin || !data.maximumInvites || data.invites < data.maximumInvites)) ||
|
||||
(registrationType === 'admin-invite-only' && data.isAdmin)
|
||||
);
|
||||
|
||||
data.showInviteButton = false;
|
||||
if (data.adminInviteOnly) {
|
||||
data.showInviteButton = await privileges.users.isAdministrator(req.uid);
|
||||
} else if (req.loggedIn) {
|
||||
const canInvite = await privileges.users.hasInvitePrivilege(req.uid);
|
||||
data.showInviteButton = canInvite && (!data.maximumInvites || data.invites < data.maximumInvites);
|
||||
}
|
||||
|
||||
data['reputation:disabled'] = meta.config['reputation:disabled'];
|
||||
|
||||
res.append('X-Total-Count', data.userCount);
|
||||
|
||||
@@ -5,9 +5,10 @@ const nconf = require('nconf');
|
||||
|
||||
const db = require('../../database');
|
||||
const api = require('../../api');
|
||||
const user = require('../../user');
|
||||
const groups = require('../../groups');
|
||||
const meta = require('../../meta');
|
||||
const privileges = require('../../privileges');
|
||||
const user = require('../../user');
|
||||
const utils = require('../../utils');
|
||||
|
||||
const helpers = require('../helpers');
|
||||
@@ -153,3 +154,60 @@ Users.revokeSession = async (req, res) => {
|
||||
await user.auth.revokeSession(_id, req.params.uid);
|
||||
helpers.formatApiResponse(200, res);
|
||||
};
|
||||
|
||||
Users.invite = async (req, res) => {
|
||||
const { emails, groupsToJoin = [] } = req.body;
|
||||
|
||||
if (!emails || !Array.isArray(groupsToJoin)) {
|
||||
return helpers.formatApiResponse(400, res, new Error('[[error:invalid-data]]'));
|
||||
}
|
||||
|
||||
// For simplicity, this API route is restricted to self-use only. This can change if needed.
|
||||
if (parseInt(req.user.uid, 10) !== parseInt(req.params.uid, 10)) {
|
||||
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
||||
}
|
||||
|
||||
const canInvite = await privileges.users.hasInvitePrivilege(req.uid);
|
||||
if (!canInvite) {
|
||||
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
||||
}
|
||||
|
||||
const registrationType = meta.config.registrationType;
|
||||
const isAdmin = await user.isAdministrator(req.uid);
|
||||
if (registrationType === 'admin-invite-only' && !isAdmin) {
|
||||
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
||||
}
|
||||
|
||||
const inviteGroups = await groups.getUserInviteGroups(req.uid);
|
||||
const cannotInvite = groupsToJoin.some(group => !inviteGroups.includes(group));
|
||||
if (groupsToJoin.length > 0 && cannotInvite) {
|
||||
return helpers.formatApiResponse(403, res, new Error('[[error:no-privileges]]'));
|
||||
}
|
||||
|
||||
const max = meta.config.maximumInvites;
|
||||
const emailsArr = emails.split(',').map(email => email.trim()).filter(Boolean);
|
||||
|
||||
for (const email of emailsArr) {
|
||||
/* eslint-disable no-await-in-loop */
|
||||
let invites = 0;
|
||||
if (max) {
|
||||
invites = await user.getInvitesNumber(req.uid);
|
||||
}
|
||||
if (!isAdmin && max && invites >= max) {
|
||||
return helpers.formatApiResponse(403, res, new Error('[[error:invite-maximum-met, ' + invites + ', ' + max + ']]'));
|
||||
}
|
||||
|
||||
await user.sendInvitationEmail(req.uid, email, groupsToJoin);
|
||||
}
|
||||
|
||||
return helpers.formatApiResponse(200, res);
|
||||
};
|
||||
|
||||
Users.getInviteGroups = async function (req, res) {
|
||||
if (parseInt(req.params.uid, 10) !== parseInt(req.user.uid, 10)) {
|
||||
return helpers.formatApiResponse(401, res);
|
||||
}
|
||||
|
||||
const userInviteGroups = await groups.getUserInviteGroups(req.params.uid);
|
||||
return helpers.formatApiResponse(200, res, userInviteGroups);
|
||||
};
|
||||
|
||||
@@ -31,4 +31,34 @@ module.exports = function (Groups) {
|
||||
const isMembers = await Groups.isMemberOfGroups(uid, groupNames);
|
||||
return groupNames.filter((name, i) => isMembers[i]);
|
||||
}
|
||||
|
||||
Groups.getUserInviteGroups = async function (uid) {
|
||||
let allGroups = await Groups.getNonPrivilegeGroups('groups:createtime', 0, -1);
|
||||
allGroups = allGroups.filter(group => !Groups.ephemeralGroups.includes(group.name));
|
||||
|
||||
const publicGroups = allGroups.filter(group => group.hidden === 0 && group.system === 0 && group.private === 0);
|
||||
const adminModGroups = [{ name: 'administrators' }, { name: 'Global Moderators' }];
|
||||
// Private (but not hidden)
|
||||
const privateGroups = allGroups.filter(group => group.hidden === 0 && group.system === 0 && group.private === 1);
|
||||
|
||||
const [ownership, isAdmin, isGlobalMod] = await Promise.all([
|
||||
Promise.all(privateGroups.map(group => Groups.ownership.isOwner(uid, group.name))),
|
||||
user.isAdministrator(uid),
|
||||
user.isGlobalModerator(uid),
|
||||
]);
|
||||
const ownGroups = privateGroups.filter((group, index) => ownership[index]);
|
||||
|
||||
let inviteGroups = [];
|
||||
if (isAdmin) {
|
||||
inviteGroups = inviteGroups.concat(adminModGroups).concat(privateGroups);
|
||||
} else if (isGlobalMod) {
|
||||
inviteGroups = inviteGroups.concat(privateGroups);
|
||||
} else {
|
||||
inviteGroups = inviteGroups.concat(ownGroups);
|
||||
}
|
||||
|
||||
return inviteGroups
|
||||
.concat(publicGroups)
|
||||
.map(group => group.name);
|
||||
};
|
||||
};
|
||||
|
||||
@@ -18,6 +18,7 @@ module.exports = function (privileges) {
|
||||
{ name: '[[admin/manage/privileges:upload-files]]' },
|
||||
{ name: '[[admin/manage/privileges:signature]]' },
|
||||
{ name: '[[admin/manage/privileges:ban]]' },
|
||||
{ name: '[[admin/manage/privileges:invite]]' },
|
||||
{ name: '[[admin/manage/privileges:search-content]]' },
|
||||
{ name: '[[admin/manage/privileges:search-users]]' },
|
||||
{ name: '[[admin/manage/privileges:search-tags]]' },
|
||||
@@ -35,6 +36,7 @@ module.exports = function (privileges) {
|
||||
'upload:post:file',
|
||||
'signature',
|
||||
'ban',
|
||||
'invite',
|
||||
'search:content',
|
||||
'search:users',
|
||||
'search:tags',
|
||||
|
||||
@@ -115,4 +115,13 @@ module.exports = function (privileges) {
|
||||
});
|
||||
return data.canBan;
|
||||
};
|
||||
|
||||
privileges.users.hasInvitePrivilege = async function (uid) {
|
||||
const canInvite = await privileges.global.can('invite', uid);
|
||||
const data = await plugins.fireHook('filter:user.hasInvitePrivilege', {
|
||||
uid: uid,
|
||||
canInvite: canInvite,
|
||||
});
|
||||
return data.canInvite;
|
||||
};
|
||||
};
|
||||
|
||||
@@ -39,6 +39,9 @@ function authenticatedRoutes() {
|
||||
|
||||
// Shorthand route to access user routes by userslug
|
||||
router.all('/+bySlug/:userslug*?', [], controllers.write.users.redirectBySlug);
|
||||
|
||||
setupApiRoute(router, 'post', '/:uid/invites', middlewares, controllers.write.users.invite);
|
||||
setupApiRoute(router, 'get', '/:uid/invites/groups', [...middlewares, middleware.assert.user], controllers.write.users.getInviteGroups);
|
||||
}
|
||||
|
||||
module.exports = function () {
|
||||
|
||||
@@ -1,7 +1,5 @@
|
||||
'use strict';
|
||||
|
||||
const async = require('async');
|
||||
|
||||
const util = require('util');
|
||||
const sleep = util.promisify(setTimeout);
|
||||
|
||||
@@ -223,37 +221,6 @@ SocketUser.getUnreadCounts = async function (socket) {
|
||||
return results;
|
||||
};
|
||||
|
||||
SocketUser.invite = async function (socket, email) {
|
||||
if (!email || !socket.uid) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
|
||||
const registrationType = meta.config.registrationType;
|
||||
if (registrationType !== 'invite-only' && registrationType !== 'admin-invite-only') {
|
||||
throw new Error('[[error:forum-not-invite-only]]');
|
||||
}
|
||||
|
||||
const isAdmin = await user.isAdministrator(socket.uid);
|
||||
if (registrationType === 'admin-invite-only' && !isAdmin) {
|
||||
throw new Error('[[error:no-privileges]]');
|
||||
}
|
||||
|
||||
const max = meta.config.maximumInvites;
|
||||
email = email.split(',').map(email => email.trim()).filter(Boolean);
|
||||
|
||||
await async.eachSeries(email, async function (email) {
|
||||
let invites = 0;
|
||||
if (max) {
|
||||
invites = await user.getInvitesNumber(socket.uid);
|
||||
}
|
||||
if (!isAdmin && max && invites >= max) {
|
||||
throw new Error('[[error:invite-maximum-met, ' + invites + ', ' + max + ']]');
|
||||
}
|
||||
|
||||
await user.sendInvitationEmail(socket.uid, email);
|
||||
});
|
||||
};
|
||||
|
||||
SocketUser.getUserByUID = async function (socket, uid) {
|
||||
return await userController.getUserDataByField(socket.uid, 'uid', uid);
|
||||
};
|
||||
|
||||
@@ -8,6 +8,7 @@ var validator = require('validator');
|
||||
var db = require('../database');
|
||||
var meta = require('../meta');
|
||||
var emailer = require('../emailer');
|
||||
var groups = require('../groups');
|
||||
var translator = require('../translator');
|
||||
var utils = require('../utils');
|
||||
|
||||
@@ -36,13 +37,7 @@ module.exports = function (User) {
|
||||
});
|
||||
};
|
||||
|
||||
User.sendInvitationEmail = async function (uid, email) {
|
||||
const token = utils.generateUUID();
|
||||
const registerLink = nconf.get('url') + '/register?token=' + token + '&email=' + encodeURIComponent(email);
|
||||
|
||||
const expireDays = meta.config.inviteExpiration;
|
||||
const expireIn = expireDays * 86400000;
|
||||
|
||||
User.sendInvitationEmail = async function (uid, email, groupsToJoin) {
|
||||
const email_exists = await User.getUidByEmail(email);
|
||||
if (email_exists) {
|
||||
throw new Error('[[error:email-taken]]');
|
||||
@@ -53,24 +48,7 @@ module.exports = function (User) {
|
||||
throw new Error('[[error:email-invited]]');
|
||||
}
|
||||
|
||||
await db.setAdd('invitation:uid:' + uid, email);
|
||||
await db.setAdd('invitation:uids', uid);
|
||||
await db.set('invitation:email:' + email, token);
|
||||
await db.pexpireAt('invitation:email:' + email, Date.now() + expireIn);
|
||||
const username = await User.getUserField(uid, 'username');
|
||||
const title = meta.config.title || meta.config.browserTitle || 'NodeBB';
|
||||
const subject = await translator.translate('[[email:invite, ' + title + ']]', meta.config.defaultLang);
|
||||
let data = {
|
||||
site_title: title,
|
||||
registerLink: registerLink,
|
||||
subject: subject,
|
||||
username: username,
|
||||
template: 'invitation',
|
||||
expireDays: expireDays,
|
||||
};
|
||||
|
||||
// Append default data to this email payload
|
||||
data = { ...emailer._defaultPayload, ...data };
|
||||
const data = await prepareInvitation(uid, email, groupsToJoin);
|
||||
|
||||
await emailer.sendToEmail('invitation', email, meta.config.defaultLang, data);
|
||||
};
|
||||
@@ -79,12 +57,28 @@ module.exports = function (User) {
|
||||
if (!query.token || !query.email) {
|
||||
throw new Error('[[error:invalid-data]]');
|
||||
}
|
||||
const token = await db.get('invitation:email:' + query.email);
|
||||
const token = await db.getObjectField('invitation:email:' + query.email, 'token');
|
||||
if (!token || token !== query.token) {
|
||||
throw new Error('[[error:invalid-token]]');
|
||||
}
|
||||
};
|
||||
|
||||
User.joinGroupsFromInvitation = async function (uid, email) {
|
||||
let groupsToJoin = await db.getObjectField('invitation:email:' + email, 'groupsToJoin');
|
||||
|
||||
try {
|
||||
groupsToJoin = JSON.parse(groupsToJoin);
|
||||
} catch (e) {
|
||||
return;
|
||||
}
|
||||
|
||||
if (!groupsToJoin || groupsToJoin.length < 1) {
|
||||
return;
|
||||
}
|
||||
|
||||
await groups.join(groupsToJoin, uid);
|
||||
};
|
||||
|
||||
User.deleteInvitation = async function (invitedBy, email) {
|
||||
const invitedByUid = await User.getUidByUsername(invitedBy);
|
||||
if (!invitedByUid) {
|
||||
@@ -109,4 +103,34 @@ module.exports = function (User) {
|
||||
await db.setRemove('invitation:uids', uid);
|
||||
}
|
||||
}
|
||||
|
||||
async function prepareInvitation(uid, email, groupsToJoin) {
|
||||
const token = utils.generateUUID();
|
||||
const registerLink = nconf.get('url') + '/register?token=' + token + '&email=' + encodeURIComponent(email);
|
||||
|
||||
const expireDays = meta.config.inviteExpiration;
|
||||
const expireIn = expireDays * 86400000;
|
||||
|
||||
await db.setAdd('invitation:uid:' + uid, email);
|
||||
await db.setAdd('invitation:uids', uid);
|
||||
await db.setObject('invitation:email:' + email, {
|
||||
token,
|
||||
groupsToJoin: JSON.stringify(groupsToJoin),
|
||||
});
|
||||
await db.pexpireAt('invitation:email:' + email, Date.now() + expireIn);
|
||||
|
||||
const username = await User.getUserField(uid, 'username');
|
||||
const title = meta.config.title || meta.config.browserTitle || 'NodeBB';
|
||||
const subject = await translator.translate('[[email:invite, ' + title + ']]', meta.config.defaultLang);
|
||||
|
||||
return {
|
||||
...emailer._defaultPayload, // Append default data to this email payload
|
||||
site_title: title,
|
||||
registerLink: registerLink,
|
||||
subject: subject,
|
||||
username: username,
|
||||
template: 'invitation',
|
||||
expireDays: expireDays,
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
@@ -3,9 +3,9 @@
|
||||
<div class="clearfix">
|
||||
|
||||
<div class="pull-left">
|
||||
<!-- IF inviteOnly -->
|
||||
<!-- IF showInviteButton -->
|
||||
<button component="user/invite" class="btn btn-success"><i class="fa fa-users"></i> [[admin/manage/users:invite]]</button>
|
||||
<!-- ENDIF inviteOnly -->
|
||||
<!-- ENDIF showInviteButton -->
|
||||
<a target="_blank" href="{config.relative_path}/api/admin/users/csv" class="btn btn-primary">[[admin/manage/users:download-csv]]</a>
|
||||
<div class="btn-group">
|
||||
<button class="btn btn-default dropdown-toggle" data-toggle="dropdown" type="button">[[admin/manage/users:edit]] <span class="caret"></span></button>
|
||||
|
||||
12
src/views/modals/invite.tpl
Normal file
12
src/views/modals/invite.tpl
Normal file
@@ -0,0 +1,12 @@
|
||||
<div class="form-group">
|
||||
<label for="invite-modal-emails">[[users:prompt-email]]</label>
|
||||
<input id="invite-modal-emails" type="text" class="form-control" placeholder="friend1@example.com,friend2@example.com" />
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<label for="invite-modal-groups">[[users:groups-to-join]]</label>
|
||||
<select id="invite-modal-groups" class="form-control" multiple size="5">
|
||||
<!-- BEGIN groups -->
|
||||
<option value="{@value}">{@value}</option>
|
||||
<!-- END groups -->
|
||||
</select>
|
||||
</div>
|
||||
@@ -763,6 +763,7 @@ describe('Categories', function () {
|
||||
assert.ifError(err);
|
||||
assert.deepEqual(data, {
|
||||
ban: false,
|
||||
invite: false,
|
||||
chat: false,
|
||||
'search:content': false,
|
||||
'search:users': false,
|
||||
@@ -812,6 +813,7 @@ describe('Categories', function () {
|
||||
assert.ifError(err);
|
||||
assert.deepEqual(data, {
|
||||
'groups:ban': false,
|
||||
'groups:invite': false,
|
||||
'groups:chat': true,
|
||||
'groups:search:content': true,
|
||||
'groups:search:users': true,
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
'use strict';
|
||||
|
||||
var request = require('request');
|
||||
const requestAsync = require('request-promise-native');
|
||||
var nconf = require('nconf');
|
||||
var fs = require('fs');
|
||||
var winston = require('winston');
|
||||
@@ -162,4 +163,20 @@ helpers.copyFile = function (source, target, callback) {
|
||||
}
|
||||
};
|
||||
|
||||
helpers.invite = async function (body, uid, jar, csrf_token) {
|
||||
const res = await requestAsync.post(`${nconf.get('url')}/api/v3/users/${uid}/invites`, {
|
||||
jar: jar,
|
||||
// using "form" since client "api" module make requests with "application/x-www-form-urlencoded" content-type
|
||||
form: body,
|
||||
headers: {
|
||||
'x-csrf-token': csrf_token,
|
||||
},
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
});
|
||||
|
||||
res.body = JSON.parse(res.body);
|
||||
return { res, body };
|
||||
};
|
||||
|
||||
require('../../src/promisify')(helpers);
|
||||
|
||||
457
test/user.js
457
test/user.js
@@ -5,6 +5,7 @@ var async = require('async');
|
||||
var path = require('path');
|
||||
var nconf = require('nconf');
|
||||
var request = require('request');
|
||||
const requestAsync = require('request-promise-native');
|
||||
var jwt = require('jsonwebtoken');
|
||||
|
||||
var db = require('./mocks/databasemock');
|
||||
@@ -1919,160 +1920,374 @@ describe('User', function () {
|
||||
});
|
||||
|
||||
describe('invites', function () {
|
||||
var socketUser = require('../src/socket.io/user');
|
||||
var notAnInviterUid;
|
||||
var inviterUid;
|
||||
var adminUid;
|
||||
|
||||
var PUBLIC_GROUP = 'publicGroup';
|
||||
var PRIVATE_GROUP = 'privateGroup';
|
||||
var OWN_PRIVATE_GROUP = 'ownPrivateGroup';
|
||||
var HIDDEN_GROUP = 'hiddenGroup';
|
||||
|
||||
var COMMON_PW = '123456';
|
||||
|
||||
before(function (done) {
|
||||
async.parallel({
|
||||
inviter: async.apply(User.create, { username: 'inviter', email: 'inviter@nodebb.org' }),
|
||||
admin: async.apply(User.create, { username: 'adminInvite' }),
|
||||
publicGroup: async.apply(groups.create, { name: PUBLIC_GROUP, private: 0 }),
|
||||
privateGroup: async.apply(groups.create, { name: PRIVATE_GROUP, private: 1 }),
|
||||
hiddenGroup: async.apply(groups.create, { name: HIDDEN_GROUP, hidden: 1 }),
|
||||
notAnInviter: async.apply(User.create, { username: 'notAnInviter', password: COMMON_PW, email: 'notaninviter@nodebb.org' }),
|
||||
inviter: async.apply(User.create, { username: 'inviter', password: COMMON_PW, email: 'inviter@nodebb.org' }),
|
||||
admin: async.apply(User.create, { username: 'adminInvite', password: COMMON_PW }),
|
||||
}, function (err, results) {
|
||||
assert.ifError(err);
|
||||
notAnInviterUid = results.notAnInviter;
|
||||
inviterUid = results.inviter;
|
||||
adminUid = results.admin;
|
||||
groups.join('administrators', adminUid, done);
|
||||
async.parallel([
|
||||
async.apply(groups.create, { name: OWN_PRIVATE_GROUP, ownerUid: inviterUid, private: 1 }),
|
||||
async.apply(groups.join, 'administrators', adminUid),
|
||||
async.apply(groups.join, 'cid:0:privileges:invite', inviterUid),
|
||||
], done);
|
||||
});
|
||||
});
|
||||
|
||||
it('should error with invalid data', function (done) {
|
||||
socketUser.invite({ uid: inviterUid }, null, function (err) {
|
||||
assert.equal(err.message, '[[error:invalid-data]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
describe('when inviter is not an admin and does not have invite privilege', function () {
|
||||
var csrf_token;
|
||||
var jar;
|
||||
|
||||
it('should eror if forum is not invite only', function (done) {
|
||||
socketUser.invite({ uid: inviterUid }, 'invite1@test.com', function (err) {
|
||||
assert.equal(err.message, '[[error:forum-not-invite-only]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should error if user is not admin and type is admin-invite-only', function (done) {
|
||||
meta.config.registrationType = 'admin-invite-only';
|
||||
socketUser.invite({ uid: inviterUid }, 'invite1@test.com', function (err) {
|
||||
assert.equal(err.message, '[[error:no-privileges]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should send invitation email', function (done) {
|
||||
meta.config.registrationType = 'invite-only';
|
||||
socketUser.invite({ uid: inviterUid }, 'invite1@test.com', function (err) {
|
||||
assert.ifError(err);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should error if ouf of invitations', function (done) {
|
||||
meta.config.maximumInvites = 1;
|
||||
socketUser.invite({ uid: inviterUid }, 'invite2@test.com', function (err) {
|
||||
assert.equal(err.message, '[[error:invite-maximum-met, ' + 1 + ', ' + 1 + ']]');
|
||||
meta.config.maximumInvites = 5;
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should error if email exists', function (done) {
|
||||
socketUser.invite({ uid: inviterUid }, 'inviter@nodebb.org', function (err) {
|
||||
assert.equal(err.message, '[[error:email-taken]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should send invitation email', function (done) {
|
||||
socketUser.invite({ uid: inviterUid }, 'invite2@test.com', function (err) {
|
||||
assert.ifError(err);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should get user\'s invites', function (done) {
|
||||
User.getInvites(inviterUid, function (err, data) {
|
||||
assert.ifError(err);
|
||||
assert.notEqual(data.indexOf('invite1@test.com'), -1);
|
||||
assert.notEqual(data.indexOf('invite2@test.com'), -1);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should get all invites', function (done) {
|
||||
User.getAllInvites(function (err, data) {
|
||||
assert.ifError(err);
|
||||
assert.equal(data[0].uid, inviterUid);
|
||||
assert.notEqual(data[0].invitations.indexOf('invite1@test.com'), -1);
|
||||
assert.notEqual(data[0].invitations.indexOf('invite2@test.com'), -1);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to verify invitation with invalid data', function (done) {
|
||||
User.verifyInvitation({ token: '', email: '' }, function (err) {
|
||||
assert.equal(err.message, '[[error:invalid-data]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to verify invitation with invalid email', function (done) {
|
||||
User.verifyInvitation({ token: 'test', email: 'doesnotexist@test.com' }, function (err) {
|
||||
assert.equal(err.message, '[[error:invalid-token]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should verify installation with no errors', function (done) {
|
||||
var email = 'invite1@test.com';
|
||||
db.get('invitation:email:' + email, function (err, token) {
|
||||
assert.ifError(err);
|
||||
User.verifyInvitation({ token: token, email: 'invite1@test.com' }, function (err) {
|
||||
before(function (done) {
|
||||
helpers.loginUser('notAnInviter', COMMON_PW, function (err, _jar) {
|
||||
assert.ifError(err);
|
||||
jar = _jar;
|
||||
|
||||
request({
|
||||
url: nconf.get('url') + '/api/config',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should error if user does not have invite privilege', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, notAnInviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, '[[error:no-privileges]]');
|
||||
});
|
||||
|
||||
it('should error out if user tries to use an inviter\'s uid via the API', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
const numInvites = await User.getInvitesNumber(inviterUid);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, '[[error:no-privileges]]');
|
||||
assert.strictEqual(numInvites, 0);
|
||||
});
|
||||
});
|
||||
|
||||
describe('when inviter has invite privilege', function () {
|
||||
var csrf_token;
|
||||
var jar;
|
||||
|
||||
before(function (done) {
|
||||
helpers.loginUser('inviter', COMMON_PW, function (err, _jar) {
|
||||
assert.ifError(err);
|
||||
jar = _jar;
|
||||
|
||||
request({
|
||||
url: nconf.get('url') + '/api/config',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should error with invalid data', async () => {
|
||||
const { res } = await helpers.invite({}, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 400);
|
||||
assert.strictEqual(res.body.status.message, '[[error:invalid-data]]');
|
||||
});
|
||||
|
||||
it('should error if user is not admin and type is admin-invite-only', async () => {
|
||||
meta.config.registrationType = 'admin-invite-only';
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, '[[error:no-privileges]]');
|
||||
});
|
||||
|
||||
it('should send invitation email (without groups to be joined)', async () => {
|
||||
meta.config.registrationType = 'normal';
|
||||
const { res } = await helpers.invite({ emails: 'invite1@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should send multiple invitation emails (with a public group to be joined)', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite2@test.com,invite3@test.com', groupsToJoin: [PUBLIC_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should error if the user has not permission to invite to the group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: [PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, '[[error:no-privileges]]');
|
||||
});
|
||||
|
||||
it('should error if a non-admin tries to invite to the administrators group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: ['administrators'] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, '[[error:no-privileges]]');
|
||||
});
|
||||
|
||||
it('should to invite to own private group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite4@test.com', groupsToJoin: [OWN_PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should to invite to multiple groups', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite5@test.com', groupsToJoin: [PUBLIC_GROUP, OWN_PRIVATE_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should error if tries to invite to hidden group', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [HIDDEN_GROUP] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
});
|
||||
|
||||
it('should error if ouf of invitations', async () => {
|
||||
meta.config.maximumInvites = 1;
|
||||
const { res } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, '[[error:invite-maximum-met, ' + 5 + ', ' + 1 + ']]');
|
||||
meta.config.maximumInvites = 10;
|
||||
});
|
||||
|
||||
it('should send invitation email after maximumInvites increased', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite6@test.com', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
});
|
||||
|
||||
it('should error if invite is sent via API with a different UID', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'inviter@nodebb.org', groupsToJoin: [] }, adminUid, jar, csrf_token);
|
||||
const numInvites = await User.getInvitesNumber(adminUid);
|
||||
assert.strictEqual(res.statusCode, 403);
|
||||
assert.strictEqual(res.body.status.message, '[[error:no-privileges]]');
|
||||
assert.strictEqual(numInvites, 0);
|
||||
});
|
||||
|
||||
it('should error if email exists', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'inviter@nodebb.org', groupsToJoin: [] }, inviterUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 400);
|
||||
assert.strictEqual(res.body.status.message, '[[error:email-taken]]');
|
||||
});
|
||||
});
|
||||
|
||||
describe('when inviter is an admin', function () {
|
||||
var csrf_token;
|
||||
var jar;
|
||||
|
||||
before(function (done) {
|
||||
helpers.loginUser('adminInvite', COMMON_PW, function (err, _jar) {
|
||||
assert.ifError(err);
|
||||
jar = _jar;
|
||||
|
||||
request({
|
||||
url: nconf.get('url') + '/api/config',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should escape email', async () => {
|
||||
await helpers.invite({ emails: '<script>alert("ok");</script>', groupsToJoin: [] }, adminUid, jar, csrf_token);
|
||||
const data = await User.getInvites(adminUid);
|
||||
assert.strictEqual(data[0], '<script>alert("ok");</script>');
|
||||
await User.deleteInvitationKey('<script>alert("ok");</script>');
|
||||
});
|
||||
|
||||
it('should invite to the administrators group if inviter is an admin', async () => {
|
||||
const { res } = await helpers.invite({ emails: 'invite99@test.com', groupsToJoin: ['administrators'] }, adminUid, jar, csrf_token);
|
||||
assert.strictEqual(res.statusCode, 200);
|
||||
});
|
||||
});
|
||||
|
||||
describe('after invites checks', function () {
|
||||
it('should get user\'s invites', function (done) {
|
||||
User.getInvites(inviterUid, function (err, data) {
|
||||
assert.ifError(err);
|
||||
Array.from(Array(6)).forEach((_, i) => {
|
||||
assert.notEqual(data.indexOf('invite' + (i + 1) + '@test.com'), -1);
|
||||
});
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should error with invalid username', function (done) {
|
||||
User.deleteInvitation('doesnotexist', 'test@test.com', function (err) {
|
||||
assert.equal(err.message, '[[error:invalid-username]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should delete invitation', function (done) {
|
||||
var socketUser = require('../src/socket.io/user');
|
||||
socketUser.deleteInvitation({ uid: adminUid }, { invitedBy: 'inviter', email: 'invite1@test.com' }, function (err) {
|
||||
assert.ifError(err);
|
||||
db.isSetMember('invitation:uid:' + inviterUid, 'invite1@test.com', function (err, isMember) {
|
||||
it('should get all invites', function (done) {
|
||||
User.getAllInvites(function (err, data) {
|
||||
assert.ifError(err);
|
||||
assert.equal(isMember, false);
|
||||
|
||||
var adminData = data.filter(d => parseInt(d.uid, 10) === adminUid)[0];
|
||||
assert.notEqual(adminData.invitations.indexOf('invite99@test.com'), -1);
|
||||
|
||||
var inviterData = data.filter(d => parseInt(d.uid, 10) === inviterUid)[0];
|
||||
Array.from(Array(6)).forEach((_, i) => {
|
||||
assert.notEqual(inviterData.invitations.indexOf('invite' + (i + 1) + '@test.com'), -1);
|
||||
});
|
||||
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should delete invitation key', function (done) {
|
||||
User.deleteInvitationKey('invite2@test.com', function (err) {
|
||||
assert.ifError(err);
|
||||
db.isSetMember('invitation:uid:' + inviterUid, 'invite2@test.com', function (err, isMember) {
|
||||
it('should fail to verify invitation with invalid data', function (done) {
|
||||
User.verifyInvitation({ token: '', email: '' }, function (err) {
|
||||
assert.equal(err.message, '[[error:invalid-data]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should fail to verify invitation with invalid email', function (done) {
|
||||
User.verifyInvitation({ token: 'test', email: 'doesnotexist@test.com' }, function (err) {
|
||||
assert.equal(err.message, '[[error:invalid-token]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should verify installation with no errors', function (done) {
|
||||
var email = 'invite1@test.com';
|
||||
db.getObjectField('invitation:email:' + email, 'token', function (err, token) {
|
||||
assert.ifError(err);
|
||||
assert.equal(isMember, false);
|
||||
db.isSetMember('invitation:uids', inviterUid, function (err, isMember) {
|
||||
User.verifyInvitation({ token: token, email: 'invite1@test.com' }, function (err) {
|
||||
assert.ifError(err);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should error with invalid username', function (done) {
|
||||
User.deleteInvitation('doesnotexist', 'test@test.com', function (err) {
|
||||
assert.equal(err.message, '[[error:invalid-username]]');
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should delete invitation', function (done) {
|
||||
var socketUser = require('../src/socket.io/user');
|
||||
socketUser.deleteInvitation({ uid: adminUid }, { invitedBy: 'inviter', email: 'invite1@test.com' }, function (err) {
|
||||
assert.ifError(err);
|
||||
db.isSetMember('invitation:uid:' + inviterUid, 'invite1@test.com', function (err, isMember) {
|
||||
assert.ifError(err);
|
||||
assert.equal(isMember, false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should delete invitation key', function (done) {
|
||||
User.deleteInvitationKey('invite99@test.com', function (err) {
|
||||
assert.ifError(err);
|
||||
db.isSetMember('invitation:uid:' + adminUid, 'invite99@test.com', function (err, isMember) {
|
||||
assert.ifError(err);
|
||||
assert.equal(isMember, false);
|
||||
db.isSetMember('invitation:uids', adminUid, function (err, isMember) {
|
||||
assert.ifError(err);
|
||||
assert.equal(isMember, false);
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should joined the groups from invitation after registration', async function () {
|
||||
var email = 'invite5@test.com';
|
||||
var groupsToJoin = [PUBLIC_GROUP, OWN_PRIVATE_GROUP];
|
||||
var token = await db.getObjectField('invitation:email:' + email, 'token');
|
||||
|
||||
await new Promise(function (resolve, reject) {
|
||||
helpers.registerUser({
|
||||
username: 'invite5',
|
||||
password: '123456',
|
||||
'password-confirm': '123456',
|
||||
email: email,
|
||||
gdpr_consent: true,
|
||||
token: token,
|
||||
}, async function (err, jar, response, body) {
|
||||
if (err) {
|
||||
reject(err);
|
||||
}
|
||||
|
||||
var memberships = await groups.isMemberOfGroups(body.uid, groupsToJoin);
|
||||
var joinedToAll = memberships.filter(Boolean);
|
||||
|
||||
if (joinedToAll.length !== groupsToJoin.length) {
|
||||
reject(new Error('Not joined to the groups'));
|
||||
}
|
||||
|
||||
resolve();
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should escape email', function (done) {
|
||||
socketUser.invite({ uid: inviterUid }, '<script>alert("ok");</script>', function (err) {
|
||||
assert.ifError(err);
|
||||
User.getInvites(inviterUid, function (err, data) {
|
||||
describe('invite groups', () => {
|
||||
var csrf_token;
|
||||
var jar;
|
||||
|
||||
before(function (done) {
|
||||
helpers.loginUser('inviter', COMMON_PW, function (err, _jar) {
|
||||
assert.ifError(err);
|
||||
assert.equal(data[0], '<script>alert("ok");</script>');
|
||||
done();
|
||||
jar = _jar;
|
||||
|
||||
request({
|
||||
url: nconf.get('url') + '/api/config',
|
||||
json: true,
|
||||
jar: jar,
|
||||
}, function (err, response, body) {
|
||||
assert.ifError(err);
|
||||
csrf_token = body.csrf_token;
|
||||
done();
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
it('should show a list of groups for adding to an invite', async () => {
|
||||
const body = await requestAsync({
|
||||
url: `${nconf.get('url')}/api/v3/users/${inviterUid}/invites/groups`,
|
||||
json: true,
|
||||
jar,
|
||||
});
|
||||
|
||||
assert(Array.isArray(body.response));
|
||||
assert.strictEqual(2, body.response.length);
|
||||
assert.deepStrictEqual(body.response, ['ownPrivateGroup', 'publicGroup']);
|
||||
});
|
||||
|
||||
it('should error out if you request invite groups for another uid', async () => {
|
||||
const res = await requestAsync({
|
||||
url: `${nconf.get('url')}/api/v3/users/${adminUid}/invites/groups`,
|
||||
json: true,
|
||||
jar,
|
||||
simple: false,
|
||||
resolveWithFullResponse: true,
|
||||
});
|
||||
|
||||
assert.strictEqual(res.statusCode, 401);
|
||||
assert.deepStrictEqual(res.body, {
|
||||
status: {
|
||||
code: 'not-authorised',
|
||||
message: 'A valid login session was not found. Please log in and try again.',
|
||||
},
|
||||
response: {},
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
Reference in New Issue
Block a user