2020-05-26 03:13:39 -06:00
|
|
|
# Pleroma: A lightweight social networking server
|
2022-02-25 23:11:42 -07:00
|
|
|
# Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
|
2020-05-26 03:13:39 -06:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2020-05-26 05:21:33 -06:00
|
|
|
defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
|
2022-06-05 04:50:19 -06:00
|
|
|
use Pleroma.Web.ConnCase, async: false
|
2020-05-26 03:13:39 -06:00
|
|
|
|
|
|
|
import Pleroma.Factory
|
|
|
|
|
|
|
|
alias Pleroma.Repo
|
|
|
|
alias Pleroma.UserInviteToken
|
|
|
|
|
|
|
|
setup do
|
|
|
|
admin = insert(:user, is_admin: true)
|
|
|
|
token = insert(:oauth_admin_token, user: admin)
|
|
|
|
|
|
|
|
conn =
|
|
|
|
build_conn()
|
|
|
|
|> assign(:user, admin)
|
|
|
|
|> assign(:token, token)
|
|
|
|
|
|
|
|
{:ok, %{admin: admin, token: token, conn: conn}}
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /api/pleroma/admin/users/email_invite, with valid config" do
|
2022-05-28 00:51:49 -06:00
|
|
|
setup do
|
|
|
|
clear_config([:instance, :registrations_open], false)
|
|
|
|
clear_config([:instance, :invites_enabled], true)
|
2022-07-01 01:54:05 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [:users_manage_invites])
|
2022-05-28 00:51:49 -06:00
|
|
|
end
|
|
|
|
|
2022-07-01 01:54:05 -06:00
|
|
|
test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
|
2022-05-28 00:51:49 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json;charset=utf-8")
|
|
|
|
|> post("/api/pleroma/admin/users/email_invite", %{
|
|
|
|
email: "foo@bar.com",
|
|
|
|
name: "J. D."
|
|
|
|
})
|
|
|
|
|
|
|
|
assert json_response(conn, :forbidden)
|
|
|
|
end
|
2020-05-26 03:13:39 -06:00
|
|
|
|
|
|
|
test "sends invitation and returns 204", %{admin: admin, conn: conn} do
|
|
|
|
recipient_email = "foo@bar.com"
|
|
|
|
recipient_name = "J. D."
|
|
|
|
|
|
|
|
conn =
|
2020-05-26 05:02:51 -06:00
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json;charset=utf-8")
|
|
|
|
|> post("/api/pleroma/admin/users/email_invite", %{
|
|
|
|
email: recipient_email,
|
|
|
|
name: recipient_name
|
|
|
|
})
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
assert json_response_and_validate_schema(conn, :no_content)
|
2020-05-26 03:13:39 -06:00
|
|
|
|
|
|
|
token_record = List.last(Repo.all(Pleroma.UserInviteToken))
|
|
|
|
assert token_record
|
|
|
|
refute token_record.used
|
|
|
|
|
|
|
|
notify_email = Config.get([:instance, :notify_email])
|
|
|
|
instance_name = Config.get([:instance, :name])
|
|
|
|
|
|
|
|
email =
|
|
|
|
Pleroma.Emails.UserEmail.user_invitation_email(
|
|
|
|
admin,
|
|
|
|
token_record,
|
|
|
|
recipient_email,
|
|
|
|
recipient_name
|
|
|
|
)
|
|
|
|
|
|
|
|
Swoosh.TestAssertions.assert_email_sent(
|
|
|
|
from: {instance_name, notify_email},
|
|
|
|
to: {recipient_name, recipient_email},
|
|
|
|
html_body: email.html_body
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
test "it returns 403 if requested by a non-admin" do
|
|
|
|
non_admin_user = insert(:user)
|
|
|
|
token = insert(:oauth_token, user: non_admin_user)
|
|
|
|
|
|
|
|
conn =
|
|
|
|
build_conn()
|
|
|
|
|> assign(:user, non_admin_user)
|
|
|
|
|> assign(:token, token)
|
2020-05-26 05:02:51 -06:00
|
|
|
|> put_req_header("content-type", "application/json;charset=utf-8")
|
|
|
|
|> post("/api/pleroma/admin/users/email_invite", %{
|
|
|
|
email: "foo@bar.com",
|
|
|
|
name: "JD"
|
|
|
|
})
|
2020-05-26 03:13:39 -06:00
|
|
|
|
|
|
|
assert json_response(conn, :forbidden)
|
|
|
|
end
|
|
|
|
|
|
|
|
test "email with +", %{conn: conn, admin: admin} do
|
|
|
|
recipient_email = "foo+bar@baz.com"
|
|
|
|
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json;charset=utf-8")
|
|
|
|
|> post("/api/pleroma/admin/users/email_invite", %{email: recipient_email})
|
2020-05-26 05:02:51 -06:00
|
|
|
|> json_response_and_validate_schema(:no_content)
|
2020-05-26 03:13:39 -06:00
|
|
|
|
|
|
|
token_record =
|
|
|
|
Pleroma.UserInviteToken
|
|
|
|
|> Repo.all()
|
|
|
|
|> List.last()
|
|
|
|
|
|
|
|
assert token_record
|
|
|
|
refute token_record.used
|
|
|
|
|
|
|
|
notify_email = Config.get([:instance, :notify_email])
|
|
|
|
instance_name = Config.get([:instance, :name])
|
|
|
|
|
|
|
|
email =
|
|
|
|
Pleroma.Emails.UserEmail.user_invitation_email(
|
|
|
|
admin,
|
|
|
|
token_record,
|
|
|
|
recipient_email
|
|
|
|
)
|
|
|
|
|
|
|
|
Swoosh.TestAssertions.assert_email_sent(
|
|
|
|
from: {instance_name, notify_email},
|
|
|
|
to: recipient_email,
|
|
|
|
html_body: email.html_body
|
|
|
|
)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
|
2022-05-28 00:51:49 -06:00
|
|
|
setup do
|
|
|
|
clear_config([:instance, :registrations_open])
|
|
|
|
clear_config([:instance, :invites_enabled])
|
2022-07-01 01:54:05 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [:users_manage_invites])
|
2022-05-28 00:51:49 -06:00
|
|
|
end
|
2020-05-26 03:13:39 -06:00
|
|
|
|
|
|
|
test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
|
2021-01-26 10:58:43 -07:00
|
|
|
clear_config([:instance, :registrations_open], false)
|
|
|
|
clear_config([:instance, :invites_enabled], false)
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/email_invite", %{
|
|
|
|
email: "foo@bar.com",
|
|
|
|
name: "JD"
|
|
|
|
})
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
assert json_response_and_validate_schema(conn, :bad_request) ==
|
2020-05-26 03:13:39 -06:00
|
|
|
%{
|
|
|
|
"error" =>
|
|
|
|
"To send invites you need to set the `invites_enabled` option to true."
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
|
2021-01-26 10:58:43 -07:00
|
|
|
clear_config([:instance, :registrations_open], true)
|
|
|
|
clear_config([:instance, :invites_enabled], true)
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/email_invite", %{
|
|
|
|
email: "foo@bar.com",
|
|
|
|
name: "JD"
|
|
|
|
})
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
assert json_response_and_validate_schema(conn, :bad_request) ==
|
2020-05-26 03:13:39 -06:00
|
|
|
%{
|
|
|
|
"error" =>
|
|
|
|
"To send invites you need to set the `registrations_open` option to false."
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /api/pleroma/admin/users/invite_token" do
|
2022-05-28 00:51:49 -06:00
|
|
|
setup do
|
2022-07-01 01:54:05 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [:users_manage_invites])
|
2022-05-28 00:51:49 -06:00
|
|
|
end
|
|
|
|
|
2022-07-01 01:54:05 -06:00
|
|
|
test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
|
2022-05-28 00:51:49 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/invite_token")
|
|
|
|
|
|
|
|
assert json_response(conn, :forbidden)
|
|
|
|
end
|
|
|
|
|
2020-05-26 03:13:39 -06:00
|
|
|
test "without options", %{conn: conn} do
|
2020-05-26 05:02:51 -06:00
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/invite_token")
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
invite_json = json_response_and_validate_schema(conn, 200)
|
2020-05-26 03:13:39 -06:00
|
|
|
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
|
|
|
refute invite.used
|
|
|
|
refute invite.expires_at
|
|
|
|
refute invite.max_use
|
|
|
|
assert invite.invite_type == "one_time"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "with expires_at", %{conn: conn} do
|
|
|
|
conn =
|
2020-05-26 05:02:51 -06:00
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/invite_token", %{
|
2020-05-26 03:13:39 -06:00
|
|
|
"expires_at" => Date.to_string(Date.utc_today())
|
|
|
|
})
|
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
invite_json = json_response_and_validate_schema(conn, 200)
|
2020-05-26 03:13:39 -06:00
|
|
|
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
|
|
|
|
|
|
|
refute invite.used
|
|
|
|
assert invite.expires_at == Date.utc_today()
|
|
|
|
refute invite.max_use
|
|
|
|
assert invite.invite_type == "date_limited"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "with max_use", %{conn: conn} do
|
2020-05-26 05:02:51 -06:00
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/invite_token", %{"max_use" => 150})
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
invite_json = json_response_and_validate_schema(conn, 200)
|
2020-05-26 03:13:39 -06:00
|
|
|
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
|
|
|
refute invite.used
|
|
|
|
refute invite.expires_at
|
|
|
|
assert invite.max_use == 150
|
|
|
|
assert invite.invite_type == "reusable"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "with max use and expires_at", %{conn: conn} do
|
|
|
|
conn =
|
2020-05-26 05:02:51 -06:00
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/invite_token", %{
|
2020-05-26 03:13:39 -06:00
|
|
|
"max_use" => 150,
|
|
|
|
"expires_at" => Date.to_string(Date.utc_today())
|
|
|
|
})
|
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
invite_json = json_response_and_validate_schema(conn, 200)
|
2020-05-26 03:13:39 -06:00
|
|
|
invite = UserInviteToken.find_by_token!(invite_json["token"])
|
|
|
|
refute invite.used
|
|
|
|
assert invite.expires_at == Date.utc_today()
|
|
|
|
assert invite.max_use == 150
|
|
|
|
assert invite.invite_type == "reusable_date_limited"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "GET /api/pleroma/admin/users/invites" do
|
2022-05-28 00:51:49 -06:00
|
|
|
setup do
|
2022-07-01 01:54:05 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [:users_manage_invites])
|
2022-05-28 00:51:49 -06:00
|
|
|
end
|
|
|
|
|
2022-07-01 01:54:05 -06:00
|
|
|
test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
|
2022-05-28 00:51:49 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
|
|
|
|
conn = get(conn, "/api/pleroma/admin/users/invites")
|
|
|
|
|
|
|
|
assert json_response(conn, :forbidden)
|
|
|
|
end
|
|
|
|
|
2020-05-26 03:13:39 -06:00
|
|
|
test "no invites", %{conn: conn} do
|
|
|
|
conn = get(conn, "/api/pleroma/admin/users/invites")
|
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
assert json_response_and_validate_schema(conn, 200) == %{"invites" => []}
|
2020-05-26 03:13:39 -06:00
|
|
|
end
|
|
|
|
|
|
|
|
test "with invite", %{conn: conn} do
|
|
|
|
{:ok, invite} = UserInviteToken.create_invite()
|
|
|
|
|
|
|
|
conn = get(conn, "/api/pleroma/admin/users/invites")
|
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
assert json_response_and_validate_schema(conn, 200) == %{
|
2020-05-26 03:13:39 -06:00
|
|
|
"invites" => [
|
|
|
|
%{
|
|
|
|
"expires_at" => nil,
|
|
|
|
"id" => invite.id,
|
|
|
|
"invite_type" => "one_time",
|
|
|
|
"max_use" => nil,
|
|
|
|
"token" => invite.token,
|
|
|
|
"used" => false,
|
|
|
|
"uses" => 0
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe "POST /api/pleroma/admin/users/revoke_invite" do
|
2022-05-28 00:51:49 -06:00
|
|
|
setup do
|
2022-07-01 01:54:05 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [:users_manage_invites])
|
2022-05-28 00:51:49 -06:00
|
|
|
end
|
|
|
|
|
2022-07-01 01:54:05 -06:00
|
|
|
test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
|
2022-05-28 00:51:49 -06:00
|
|
|
clear_config([:instance, :admin_privileges], [])
|
|
|
|
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
|
|
|
|
|
|
|
|
assert json_response(conn, :forbidden)
|
|
|
|
end
|
|
|
|
|
2020-05-26 03:13:39 -06:00
|
|
|
test "with token", %{conn: conn} do
|
|
|
|
{:ok, invite} = UserInviteToken.create_invite()
|
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
assert json_response_and_validate_schema(conn, 200) == %{
|
2020-05-26 03:13:39 -06:00
|
|
|
"expires_at" => nil,
|
|
|
|
"id" => invite.id,
|
|
|
|
"invite_type" => "one_time",
|
|
|
|
"max_use" => nil,
|
|
|
|
"token" => invite.token,
|
|
|
|
"used" => true,
|
|
|
|
"uses" => 0
|
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
test "with invalid token", %{conn: conn} do
|
2020-05-26 05:02:51 -06:00
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header("content-type", "application/json")
|
|
|
|
|> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
|
2020-05-26 03:13:39 -06:00
|
|
|
|
2020-05-26 05:02:51 -06:00
|
|
|
assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}
|
2020-05-26 03:13:39 -06:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|