akkoma/test/web/admin_api/controllers/invite_controller_test.exs

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
  use Pleroma.Web.ConnCase, async: true

  import Pleroma.Factory

  alias Pleroma.Config
  alias Pleroma.Repo
  alias Pleroma.UserInviteToken

  setup do
    admin = insert(:user, is_admin: true)
    token = insert(:oauth_admin_token, user: admin)

    conn =
      build_conn()
      |> assign(:user, admin)
      |> assign(:token, token)

    {:ok, %{admin: admin, token: token, conn: conn}}
  end

  describe "POST /api/pleroma/admin/users/email_invite, with valid config" do
    setup do: clear_config([:instance, :registrations_open], false)
    setup do: clear_config([:instance, :invites_enabled], true)

    test "sends invitation and returns 204", %{admin: admin, conn: conn} do
      recipient_email = "foo@bar.com"
      recipient_name = "J. D."

      conn =
        conn
        |> put_req_header("content-type", "application/json;charset=utf-8")
        |> post("/api/pleroma/admin/users/email_invite", %{
          email: recipient_email,
          name: recipient_name
        })

      assert json_response_and_validate_schema(conn, :no_content)

      token_record = List.last(Repo.all(Pleroma.UserInviteToken))
      assert token_record
      refute token_record.used

      notify_email = Config.get([:instance, :notify_email])
      instance_name = Config.get([:instance, :name])

      email =
        Pleroma.Emails.UserEmail.user_invitation_email(
          admin,
          token_record,
          recipient_email,
          recipient_name
        )

      Swoosh.TestAssertions.assert_email_sent(
        from: {instance_name, notify_email},
        to: {recipient_name, recipient_email},
        html_body: email.html_body
      )
    end

    test "it returns 403 if requested by a non-admin" do
      non_admin_user = insert(:user)
      token = insert(:oauth_token, user: non_admin_user)

      conn =
        build_conn()
        |> assign(:user, non_admin_user)
        |> assign(:token, token)
        |> put_req_header("content-type", "application/json;charset=utf-8")
        |> post("/api/pleroma/admin/users/email_invite", %{
          email: "foo@bar.com",
          name: "JD"
        })

      assert json_response(conn, :forbidden)
    end

    test "email with +", %{conn: conn, admin: admin} do
      recipient_email = "foo+bar@baz.com"

      conn
      |> put_req_header("content-type", "application/json;charset=utf-8")
      |> post("/api/pleroma/admin/users/email_invite", %{email: recipient_email})
      |> json_response_and_validate_schema(:no_content)

      token_record =
        Pleroma.UserInviteToken
        |> Repo.all()
        |> List.last()

      assert token_record
      refute token_record.used

      notify_email = Config.get([:instance, :notify_email])
      instance_name = Config.get([:instance, :name])

      email =
        Pleroma.Emails.UserEmail.user_invitation_email(
          admin,
          token_record,
          recipient_email
        )

      Swoosh.TestAssertions.assert_email_sent(
        from: {instance_name, notify_email},
        to: recipient_email,
        html_body: email.html_body
      )
    end
  end

  describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
    setup do: clear_config([:instance, :registrations_open])
    setup do: clear_config([:instance, :invites_enabled])

    test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
      Config.put([:instance, :registrations_open], false)
      Config.put([:instance, :invites_enabled], false)

      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/email_invite", %{
          email: "foo@bar.com",
          name: "JD"
        })

      assert json_response_and_validate_schema(conn, :bad_request) ==
               %{
                 "error" =>
                   "To send invites you need to set the `invites_enabled` option to true."
               }
    end

    test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
      Config.put([:instance, :registrations_open], true)
      Config.put([:instance, :invites_enabled], true)

      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/email_invite", %{
          email: "foo@bar.com",
          name: "JD"
        })

      assert json_response_and_validate_schema(conn, :bad_request) ==
               %{
                 "error" =>
                   "To send invites you need to set the `registrations_open` option to false."
               }
    end
  end

  describe "POST /api/pleroma/admin/users/invite_token" do
    test "without options", %{conn: conn} do
      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/invite_token")

      invite_json = json_response_and_validate_schema(conn, 200)
      invite = UserInviteToken.find_by_token!(invite_json["token"])
      refute invite.used
      refute invite.expires_at
      refute invite.max_use
      assert invite.invite_type == "one_time"
    end

    test "with expires_at", %{conn: conn} do
      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/invite_token", %{
          "expires_at" => Date.to_string(Date.utc_today())
        })

      invite_json = json_response_and_validate_schema(conn, 200)
      invite = UserInviteToken.find_by_token!(invite_json["token"])

      refute invite.used
      assert invite.expires_at == Date.utc_today()
      refute invite.max_use
      assert invite.invite_type == "date_limited"
    end

    test "with max_use", %{conn: conn} do
      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/invite_token", %{"max_use" => 150})

      invite_json = json_response_and_validate_schema(conn, 200)
      invite = UserInviteToken.find_by_token!(invite_json["token"])
      refute invite.used
      refute invite.expires_at
      assert invite.max_use == 150
      assert invite.invite_type == "reusable"
    end

    test "with max use and expires_at", %{conn: conn} do
      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/invite_token", %{
          "max_use" => 150,
          "expires_at" => Date.to_string(Date.utc_today())
        })

      invite_json = json_response_and_validate_schema(conn, 200)
      invite = UserInviteToken.find_by_token!(invite_json["token"])
      refute invite.used
      assert invite.expires_at == Date.utc_today()
      assert invite.max_use == 150
      assert invite.invite_type == "reusable_date_limited"
    end
  end

  describe "GET /api/pleroma/admin/users/invites" do
    test "no invites", %{conn: conn} do
      conn = get(conn, "/api/pleroma/admin/users/invites")

      assert json_response_and_validate_schema(conn, 200) == %{"invites" => []}
    end

    test "with invite", %{conn: conn} do
      {:ok, invite} = UserInviteToken.create_invite()

      conn = get(conn, "/api/pleroma/admin/users/invites")

      assert json_response_and_validate_schema(conn, 200) == %{
               "invites" => [
                 %{
                   "expires_at" => nil,
                   "id" => invite.id,
                   "invite_type" => "one_time",
                   "max_use" => nil,
                   "token" => invite.token,
                   "used" => false,
                   "uses" => 0
                 }
               ]
             }
    end
  end

  describe "POST /api/pleroma/admin/users/revoke_invite" do
    test "with token", %{conn: conn} do
      {:ok, invite} = UserInviteToken.create_invite()

      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})

      assert json_response_and_validate_schema(conn, 200) == %{
               "expires_at" => nil,
               "id" => invite.id,
               "invite_type" => "one_time",
               "max_use" => nil,
               "token" => invite.token,
               "used" => true,
               "uses" => 0
             }
    end

    test "with invalid token", %{conn: conn} do
      conn =
        conn
        |> put_req_header("content-type", "application/json")
        |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})

      assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
    end
  end
end
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`# Pleroma: A lightweight social networking server`
			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
			`# SPDX-License-Identifier: AGPL-3.0-only`

Add AdminAPI.InviteView 2020-05-26 11:21:33 +00:00			`defmodule Pleroma.Web.AdminAPI.InviteControllerTest do`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`use Pleroma.Web.ConnCase, async: true`

			`import Pleroma.Factory`

			`alias Pleroma.Config`
			`alias Pleroma.Repo`
			`alias Pleroma.UserInviteToken`

			`setup do`
			`admin = insert(:user, is_admin: true)`
			`token = insert(:oauth_admin_token, user: admin)`

			`conn =`
			`build_conn()`
			`\|> assign(:user, admin)`
			`\|> assign(:token, token)`

			`{:ok, %{admin: admin, token: token, conn: conn}}`
			`end`

			`describe "POST /api/pleroma/admin/users/email_invite, with valid config" do`
			`setup do: clear_config([:instance, :registrations_open], false)`
			`setup do: clear_config([:instance, :invites_enabled], true)`

			`test "sends invitation and returns 204", %{admin: admin, conn: conn} do`
			`recipient_email = "foo@bar.com"`
			`recipient_name = "J. D."`

			`conn =`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn`
			`\|> put_req_header("content-type", "application/json;charset=utf-8")`
			`\|> post("/api/pleroma/admin/users/email_invite", %{`
			`email: recipient_email,`
			`name: recipient_name`
			`})`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`assert json_response_and_validate_schema(conn, :no_content)`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
			`token_record = List.last(Repo.all(Pleroma.UserInviteToken))`
			`assert token_record`
			`refute token_record.used`

			`notify_email = Config.get([:instance, :notify_email])`
			`instance_name = Config.get([:instance, :name])`

			`email =`
			`Pleroma.Emails.UserEmail.user_invitation_email(`
			`admin,`
			`token_record,`
			`recipient_email,`
			`recipient_name`
			`)`

			`Swoosh.TestAssertions.assert_email_sent(`
			`from: {instance_name, notify_email},`
			`to: {recipient_name, recipient_email},`
			`html_body: email.html_body`
			`)`
			`end`

			`test "it returns 403 if requested by a non-admin" do`
			`non_admin_user = insert(:user)`
			`token = insert(:oauth_token, user: non_admin_user)`

			`conn =`
			`build_conn()`
			`\|> assign(:user, non_admin_user)`
			`\|> assign(:token, token)`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`\|> put_req_header("content-type", "application/json;charset=utf-8")`
			`\|> post("/api/pleroma/admin/users/email_invite", %{`
			`email: "foo@bar.com",`
			`name: "JD"`
			`})`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
			`assert json_response(conn, :forbidden)`
			`end`

			`test "email with +", %{conn: conn, admin: admin} do`
			`recipient_email = "foo+bar@baz.com"`

			`conn`
			`\|> put_req_header("content-type", "application/json;charset=utf-8")`
			`\|> post("/api/pleroma/admin/users/email_invite", %{email: recipient_email})`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`\|> json_response_and_validate_schema(:no_content)`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
			`token_record =`
			`Pleroma.UserInviteToken`
			`\|> Repo.all()`
			`\|> List.last()`

			`assert token_record`
			`refute token_record.used`

			`notify_email = Config.get([:instance, :notify_email])`
			`instance_name = Config.get([:instance, :name])`

			`email =`
			`Pleroma.Emails.UserEmail.user_invitation_email(`
			`admin,`
			`token_record,`
			`recipient_email`
			`)`

			`Swoosh.TestAssertions.assert_email_sent(`
			`from: {instance_name, notify_email},`
			`to: recipient_email,`
			`html_body: email.html_body`
			`)`
			`end`
			`end`

			`describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do`
			`setup do: clear_config([:instance, :registrations_open])`
			`setup do: clear_config([:instance, :invites_enabled])`

			test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
			`Config.put([:instance, :registrations_open], false)`
			`Config.put([:instance, :invites_enabled], false)`

Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn =`
			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/email_invite", %{`
			`email: "foo@bar.com",`
			`name: "JD"`
			`})`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`assert json_response_and_validate_schema(conn, :bad_request) ==`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`%{`
			`"error" =>`
			"To send invites you need to set the `invites_enabled` option to true."
			`}`
			`end`

			test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
			`Config.put([:instance, :registrations_open], true)`
			`Config.put([:instance, :invites_enabled], true)`

Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn =`
			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/email_invite", %{`
			`email: "foo@bar.com",`
			`name: "JD"`
			`})`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`assert json_response_and_validate_schema(conn, :bad_request) ==`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`%{`
			`"error" =>`
			"To send invites you need to set the `registrations_open` option to false."
			`}`
			`end`
			`end`

			`describe "POST /api/pleroma/admin/users/invite_token" do`
			`test "without options", %{conn: conn} do`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn =`
			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/invite_token")`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`invite_json = json_response_and_validate_schema(conn, 200)`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`invite = UserInviteToken.find_by_token!(invite_json["token"])`
			`refute invite.used`
			`refute invite.expires_at`
			`refute invite.max_use`
			`assert invite.invite_type == "one_time"`
			`end`

			`test "with expires_at", %{conn: conn} do`
			`conn =`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/invite_token", %{`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`"expires_at" => Date.to_string(Date.utc_today())`
			`})`

Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`invite_json = json_response_and_validate_schema(conn, 200)`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`invite = UserInviteToken.find_by_token!(invite_json["token"])`

			`refute invite.used`
			`assert invite.expires_at == Date.utc_today()`
			`refute invite.max_use`
			`assert invite.invite_type == "date_limited"`
			`end`

			`test "with max_use", %{conn: conn} do`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn =`
			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/invite_token", %{"max_use" => 150})`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`invite_json = json_response_and_validate_schema(conn, 200)`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`invite = UserInviteToken.find_by_token!(invite_json["token"])`
			`refute invite.used`
			`refute invite.expires_at`
			`assert invite.max_use == 150`
			`assert invite.invite_type == "reusable"`
			`end`

			`test "with max use and expires_at", %{conn: conn} do`
			`conn =`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/invite_token", %{`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`"max_use" => 150,`
			`"expires_at" => Date.to_string(Date.utc_today())`
			`})`

Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`invite_json = json_response_and_validate_schema(conn, 200)`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`invite = UserInviteToken.find_by_token!(invite_json["token"])`
			`refute invite.used`
			`assert invite.expires_at == Date.utc_today()`
			`assert invite.max_use == 150`
			`assert invite.invite_type == "reusable_date_limited"`
			`end`
			`end`

			`describe "GET /api/pleroma/admin/users/invites" do`
			`test "no invites", %{conn: conn} do`
			`conn = get(conn, "/api/pleroma/admin/users/invites")`

Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`assert json_response_and_validate_schema(conn, 200) == %{"invites" => []}`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`end`

			`test "with invite", %{conn: conn} do`
			`{:ok, invite} = UserInviteToken.create_invite()`

			`conn = get(conn, "/api/pleroma/admin/users/invites")`

Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`assert json_response_and_validate_schema(conn, 200) == %{`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`"invites" => [`
			`%{`
			`"expires_at" => nil,`
			`"id" => invite.id,`
			`"invite_type" => "one_time",`
			`"max_use" => nil,`
			`"token" => invite.token,`
			`"used" => false,`
			`"uses" => 0`
			`}`
			`]`
			`}`
			`end`
			`end`

			`describe "POST /api/pleroma/admin/users/revoke_invite" do`
			`test "with token", %{conn: conn} do`
			`{:ok, invite} = UserInviteToken.create_invite()`

Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn =`
			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`assert json_response_and_validate_schema(conn, 200) == %{`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`"expires_at" => nil,`
			`"id" => invite.id,`
			`"invite_type" => "one_time",`
			`"max_use" => nil,`
			`"token" => invite.token,`
			`"used" => true,`
			`"uses" => 0`
			`}`
			`end`

			`test "with invalid token", %{conn: conn} do`
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`conn =`
			`conn`
			`\|> put_req_header("content-type", "application/json")`
			`\|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00
Add OpenAPI spec for AdminAPI.InviteTokenController 2020-05-26 11:02:51 +00:00			`assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}`
Move invite actions to AdminAPI.InviteTokenController 2020-05-26 09:13:39 +00:00			`end`
			`end`
			`end`