3pp-mirror/penpot
1
0
Fork 0
mirror of https://github.com/penpot/penpot.git synced 2025-05-21 17:46:11 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improve invitation token validation

Browse source
This commit is contained in:
Pablo Alba 2022-09-26 23:56:58 +02:00 committed by Andrey Antukh
parent b74631bf4a
commit 47363d96f1
6 changed files with 325 additions and 155 deletions
Download patch file Download diff file Expand all files Collapse all files

1
CHANGES.md
View file

@ -37,6 +37,7 @@
- Fix inconsistent message on deleting library when a library is linked from deleted files - Fix inconsistent message on deleting library when a library is linked from deleted files
- Fix change multiple colors with SVG [Taiga #3889](https://tree.taiga.io/project/penpot/issue/3889) - Fix change multiple colors with SVG [Taiga #3889](https://tree.taiga.io/project/penpot/issue/3889)
- Fix ungroup does not work for typographies [Taiga #4195](https://tree.taiga.io/project/penpot/issue/4195) - Fix ungroup does not work for typographies [Taiga #4195](https://tree.taiga.io/project/penpot/issue/4195)
- Fix inviting to non existing users can fail [Taiga #4108](https://tree.taiga.io/project/penpot/issue/4108)
### :arrow_up: Deps updates ### :arrow_up: Deps updates
### :heart: Community contributions by (Thank you!) ### :heart: Community contributions by (Thank you!)

46
backend/src/app/db.clj
View file

@ -5,6 +5,7 @@
;; Copyright (c) KALEIDOS INC ;; Copyright (c) KALEIDOS INC
(ns app.db (ns app.db
(:refer-clojure :exclude [get])
(:require (:require
[app.common.data :as d] [app.common.data :as d]
[app.common.exceptions :as ex] [app.common.exceptions :as ex]
@ -270,28 +271,55 @@
(sql/delete table params opts) (sql/delete table params opts)
(assoc opts :return-keys true)))) (assoc opts :return-keys true))))
(defn- is-deleted? (defn is-row-deleted?
[{:keys [deleted-at]}] [{:keys [deleted-at]}]
(and (dt/instant? deleted-at) (and (dt/instant? deleted-at)
(< (inst-ms deleted-at) (< (inst-ms deleted-at)
(inst-ms (dt/now))))) (inst-ms (dt/now)))))
(defn get-by-params (defn get*
"Internal function for retrieve a single row from database that
matches a simple filters."
([ds table params] ([ds table params]
(get-by-params ds table params nil)) (get* ds table params nil))
([ds table params {:keys [check-not-found] :or {check-not-found true} :as opts}] ([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
(let [res (exec-one! ds (sql/select table params opts))] (let [rows (exec! ds (sql/select table params opts))
(when (and check-not-found (or (not res) (is-deleted? res))) rows (cond->> rows
check-deleted?
(remove is-row-deleted?))]
(first rows))))
(defn get
([ds table params]
(get ds table params nil))
([ds table params {:keys [check-deleted?] :or {check-deleted? true} :as opts}]
(let [row (get* ds table params opts)]
(when (and (not row) check-deleted?)
(ex/raise :type :not-found (ex/raise :type :not-found
:table table :table table
:hint "database object not found")) :hint "database object not found"))
res))) row)))
(defn get-by-params
"DEPRECATED"
([ds table params]
(get-by-params ds table params nil))
([ds table params {:keys [check-not-found] :or {check-not-found true} :as opts}]
(let [row (get* ds table params (assoc opts :check-deleted? check-not-found))]
(when (and (not row) check-not-found)
(ex/raise :type :not-found
:table table
:hint "database object not found"))
row)))
(defn get-by-id (defn get-by-id
([ds table id] ([ds table id]
(get-by-params ds table {:id id} nil)) (get ds table {:id id} nil))
([ds table id opts] ([ds table id opts]
(get-by-params ds table {:id id} opts))) (let [opts (cond-> opts
(contains? opts :check-not-found)
(assoc :check-deleted? (:check-not-found opts)))]
(get ds table {:id id} opts))))
(defn query (defn query
([ds table params] ([ds table params]

95
backend/src/app/rpc/commands/verify_token.clj
View file

@ -80,16 +80,19 @@
;; --- Team Invitation ;; --- Team Invitation
(defn- accept-invitation (defn- accept-invitation
[{:keys [conn] :as cfg} {:keys [member-id team-id role member-email] :as claims} invitation] [{:keys [conn] :as cfg} {:keys [team-id role member-email] :as claims} invitation member]
(let [member (profile/retrieve-profile conn member-id) (let [;; Update the role if there is an invitation
;; Update the role if there is an invitation
role (or (some-> invitation :role keyword) role) role (or (some-> invitation :role keyword) role)
params (merge params (merge
{:team-id team-id {:team-id team-id
:profile-id member-id} :profile-id (:id member)}
(teams/role->params role))] (teams/role->params role))]
;; Do not allow blocked users accept invitations.
(when (:is-blocked member)
(ex/raise :type :restriction
:code :profile-blocked))
;; Insert the invited member to the team ;; Insert the invited member to the team
(db/insert! conn :team-profile-rel params {:on-conflict-do-nothing true}) (db/insert! conn :team-profile-rel params {:on-conflict-do-nothing true})
@ -98,7 +101,7 @@
(when-not (:is-active member) (when-not (:is-active member)
(db/update! conn :profile (db/update! conn :profile
{:is-active true} {:is-active true}
{:id member-id})) {:id (:id member)}))
;; Delete the invitation ;; Delete the invitation
(db/delete! conn :team-invitation (db/delete! conn :team-invitation
@ -106,7 +109,6 @@
(assoc member :is-active true))) (assoc member :is-active true)))
(s/def ::spec.team-invitation/profile-id ::us/uuid) (s/def ::spec.team-invitation/profile-id ::us/uuid)
(s/def ::spec.team-invitation/role ::us/keyword) (s/def ::spec.team-invitation/role ::us/keyword)
(s/def ::spec.team-invitation/team-id ::us/uuid) (s/def ::spec.team-invitation/team-id ::us/uuid)
@ -122,23 +124,28 @@
:opt-un [::spec.team-invitation/member-id])) :opt-un [::spec.team-invitation/member-id]))
(defmethod process-token :team-invitation (defmethod process-token :team-invitation
[{:keys [conn session] :as cfg} {:keys [profile-id token]} {:keys [member-id team-id member-email] :as claims}] [{:keys [conn session] :as cfg} {:keys [profile-id token]}
{:keys [member-id team-id member-email] :as claims}]
(us/assert ::team-invitation-claims claims) (us/assert ::team-invitation-claims claims)
(let [invitation (db/get-by-params conn :team-invitation (let [invitation (db/get* conn :team-invitation
{:team-id team-id :email-to member-email} {:team-id team-id :email-to member-email})
{:check-not-found false})] profile (db/get* conn :profile
{:id profile-id}
{:columns [:id :email]})]
(when (nil? invitation) (when (nil? invitation)
(ex/raise :type :validation (ex/raise :type :validation
:code :invalid-token :code :invalid-token
:hint "no invitation associated with the token")) :hint "no invitation associated with the token"))
(cond (if (some? profile)
;; This happens when token is filled with member-id and current (if (or (= member-id profile-id)
;; user is already logged in with exactly invited account. (= member-email (:email profile)))
(and (uuid? profile-id) (uuid? member-id)) ;; if we have logged-in user and it matches the invitation we
(if (= member-id profile-id) ;; proceed with accepting the invitation and joining the
(let [profile (accept-invitation cfg claims invitation)] ;; current profile to the invited team.
(let [profile (accept-invitation cfg claims invitation profile)]
(with-meta (with-meta
(assoc claims :state :created) (assoc claims :state :created)
{::audit/name "accept-team-invitation" {::audit/name "accept-team-invitation"
@ -146,40 +153,36 @@
(audit/profile->props profile) (audit/profile->props profile)
{:team-id (:team-id claims) {:team-id (:team-id claims)
:role (:role claims)}) :role (:role claims)})
::audit/profile-id member-id})) ::audit/profile-id profile-id}))
(ex/raise :type :validation (ex/raise :type :validation
:code :invalid-token :code :invalid-token
:hint "logged-in user does not matches the invitation")) :hint "logged-in user does not matches the invitation"))
;; This happens when an unlogged user, uses an invitation link. ;; If we have not logged-in user, we try find the invited
(and (not profile-id) (uuid? member-id)) ;; profile by member-id or member-email props of the invitation
(let [profile (accept-invitation cfg claims invitation)] ;; token; If profile is found, we accept the invitation and
(with-meta ;; leave the user logged-in.
(assoc claims :state :created) (if-let [member (db/get* conn :profile
{:transform-response ((:create session) (:id profile)) (if member-id
::audit/name "accept-team-invitation" {:id member-id}
::audit/props (merge {:email member-email})
(audit/profile->props profile) {:columns [:id :email]})]
{:team-id (:team-id claims) (let [profile (accept-invitation cfg claims invitation member)]
:role (:role claims)}) (with-meta
::audit/profile-id member-id})) (assoc claims :state :created)
{:transform-response ((:create session) (:id profile))
::audit/name "accept-team-invitation"
::audit/props (merge
(audit/profile->props profile)
{:team-id (:team-id claims)
:role (:role claims)})
::audit/profile-id member-id}))
;; This case means that invitation token does not match with {:invitation-token token
;; registred user, so we need to indicate to frontend to redirect :iss :team-invitation
;; it to register page. :redirect-to :auth-register
(and (not profile-id) (nil? member-id)) :state :pending}))))
{:invitation-token token
:iss :team-invitation
:redirect-to :auth-register
:state :pending}
;; In all other cases, just tell to fontend to redirect the user
;; to the login page.
:else
{:invitation-token token
:iss :team-invitation
:redirect-to :auth-login
:state :pending})))
;; --- Default ;; --- Default

32
backend/src/app/rpc/mutations/teams.clj
View file

@ -376,18 +376,17 @@
:code :profile-is-muted :code :profile-is-muted
:hint "looks like the profile has reported repeatedly as spam or has permanent bounces")) :hint "looks like the profile has reported repeatedly as spam or has permanent bounces"))
(doseq [email emails] (let [invitations (->> emails
(create-team-invitation (map (fn [email]
(assoc cfg (assoc cfg
:email email :email email
:conn conn :conn conn
:team team :team team
:profile profile :profile profile
:role role)) :role role)))
) (map create-team-invitation))]
(with-meta (vec invitations)
(with-meta {} {::audit/props {:invitations (count invitations)}})))))
{::audit/props {:invitations (count emails)}}))))
(def sql:upsert-team-invitation (def sql:upsert-team-invitation
"insert into team_invitation(team_id, email_to, role, valid_until) "insert into team_invitation(team_id, email_to, role, valid_until)
@ -449,10 +448,7 @@
(when-not (:is-active member) (when-not (:is-active member)
(db/update! conn :profile (db/update! conn :profile
{:is-active true} {:is-active true}
{:id (:id member)})) {:id (:id member)})))
(assoc member :is-active true))
(do (do
(db/exec-one! conn [sql:upsert-team-invitation (db/exec-one! conn [sql:upsert-team-invitation
(:id team) (str/lower email) (name role) (:id team) (str/lower email) (name role)
@ -464,7 +460,9 @@
:invited-by (:fullname profile) :invited-by (:fullname profile)
:team (:name team) :team (:name team)
:token itoken :token itoken
:extra-data ptoken}))))) :extra-data ptoken})))
itoken))
;; --- Mutation: Create Team & Invite Members ;; --- Mutation: Create Team & Invite Members

10
backend/src/app/tokens.clj
View file

@ -26,10 +26,14 @@
(t/encode))] (t/encode))]
(jwe/encrypt payload tokens-key {:alg :a256kw :enc :a256gcm}))) (jwe/encrypt payload tokens-key {:alg :a256kw :enc :a256gcm})))
(defn decode
[{:keys [tokens-key]} token]
(let [payload (jwe/decrypt token tokens-key {:alg :a256kw :enc :a256gcm})]
(t/decode payload)))
(defn verify (defn verify
[{:keys [tokens-key]} {:keys [token] :as params}] [sprops {:keys [token] :as params}]
(let [payload (jwe/decrypt token tokens-key {:alg :a256kw :enc :a256gcm}) (let [claims (decode sprops token)]
claims (t/decode payload)]
(when (and (dt/instant? (:exp claims)) (when (and (dt/instant? (:exp claims))
(dt/is-before? (:exp claims) (dt/now))) (dt/is-before? (:exp claims) (dt/now)))
(ex/raise :type :validation (ex/raise :type :validation

296
backend/test/app/services_teams_test.clj
View file

@ -11,6 +11,7 @@
[app.http :as http] [app.http :as http]
[app.storage :as sto] [app.storage :as sto]
[app.test-helpers :as th] [app.test-helpers :as th]
[app.tokens :as tokens]
[app.util.time :as dt] [app.util.time :as dt]
[clojure.test :as t] [clojure.test :as t]
[datoteka.core :as fs] [datoteka.core :as fs]
@ -19,7 +20,7 @@
(t/use-fixtures :once th/state-init) (t/use-fixtures :once th/state-init)
(t/use-fixtures :each th/database-reset) (t/use-fixtures :each th/database-reset)
(t/deftest test-invite-team-member (t/deftest invite-team-member
(with-mocks [mock {:target 'app.emails/send! :return nil}] (with-mocks [mock {:target 'app.emails/send! :return nil}]
(let [profile1 (th/create-profile* 1 {:is-active true}) (let [profile1 (th/create-profile* 1 {:is-active true})
profile2 (th/create-profile* 2 {:is-active true}) profile2 (th/create-profile* 2 {:is-active true})
@ -34,17 +35,16 @@
:profile-id (:id profile1)}] :profile-id (:id profile1)}]
;; invite external user without complaints ;; invite external user without complaints
(let [data (assoc data :email "foo@bar.com") (let [data (assoc data :email "foo@bar.com")
out (th/mutation! data) out (th/mutation! data)
;;retrieve the value from the database and check its content ;; retrieve the value from the database and check its content
invitation (db/exec-one! invitation (db/exec-one!
th/*pool* th/*pool*
["select count(*) as num from team_invitation where team_id = ? and email_to = ?" ["select count(*) as num from team_invitation where team_id = ? and email_to = ?"
(:team-id data) "foo@bar.com"])] (:team-id data) "foo@bar.com"])]
;; (th/print-result! out) ;; (th/print-result! out)
(t/is (th/success? out))
(t/is (= {} (:result out)))
(t/is (= 1 (:call-count (deref mock)))) (t/is (= 1 (:call-count (deref mock))))
(t/is (= 1 (:num invitation)))) (t/is (= 1 (:num invitation))))
@ -52,7 +52,7 @@
(th/reset-mock! mock) (th/reset-mock! mock)
(let [data (assoc data :email (:email profile2)) (let [data (assoc data :email (:email profile2))
out (th/mutation! data)] out (th/mutation! data)]
(t/is (= {} (:result out))) (t/is (th/success? out))
(t/is (= 1 (:call-count (deref mock))))) (t/is (= 1 (:call-count (deref mock)))))
;; invite user with complaint ;; invite user with complaint
@ -60,35 +60,183 @@
(th/reset-mock! mock) (th/reset-mock! mock)
(let [data (assoc data :email "foo@bar.com") (let [data (assoc data :email "foo@bar.com")
out (th/mutation! data)] out (th/mutation! data)]
(t/is (= {} (:result out))) (t/is (th/success? out))
(t/is (= 1 (:call-count (deref mock))))) (t/is (= 1 (:call-count (deref mock)))))
;; invite user with bounce ;; invite user with bounce
(th/reset-mock! mock) (th/reset-mock! mock)
(th/create-global-complaint-for pool {:type :bounce :email "foo@bar.com"}) (th/create-global-complaint-for pool {:type :bounce :email "foo@bar.com"})
(let [data (assoc data :email "foo@bar.com") (let [data (assoc data :email "foo@bar.com")
out (th/mutation! data) out (th/mutation! data)]
error (:error out)]
(t/is (th/ex-info? error)) (t/is (not (th/success? out)))
(t/is (th/ex-of-type? error :validation)) (t/is (= 0 (:call-count @mock)))
(t/is (th/ex-of-code? error :email-has-permanent-bounces))
(t/is (= 0 (:call-count (deref mock))))) (let [edata (-> out :error ex-data)]
(t/is (= :validation (:type edata)))
(t/is (= :email-has-permanent-bounces (:code edata)))))
;; invite internal user that is muted ;; invite internal user that is muted
(th/reset-mock! mock) (th/reset-mock! mock)
(let [data (assoc data :email (:email profile3))
out (th/mutation! data)
error (:error out)]
(t/is (th/ex-info? error)) (let [data (assoc data :email (:email profile3))
(t/is (th/ex-of-type? error :validation)) out (th/mutation! data)]
(t/is (th/ex-of-code? error :member-is-muted))
(t/is (= 0 (:call-count (deref mock))))) (t/is (not (th/success? out)))
(t/is (= 0 (:call-count @mock)))
(let [edata (-> out :error ex-data)]
(t/is (= :validation (:type edata)))
(t/is (= :member-is-muted (:code edata)))))
))) )))
(t/deftest invitation-tokens
(with-mocks [mock {:target 'app.emails/send! :return nil}]
(let [profile1 (th/create-profile* 1 {:is-active true})
profile2 (th/create-profile* 2 {:is-active true})
team (th/create-team* 1 {:profile-id (:id profile1)})
sprops (:app.setup/props th/*system*)
pool (:app.db/pool th/*system*)]
;; Try to invite a not existing user
(let [data {::th/type :invite-team-member
:email "notexisting@example.com"
:team-id (:id team)
:role :editor
:profile-id (:id profile1)}
out (th/mutation! data)]
;; (th/print-result! out)
(t/is (th/success? out))
(t/is (= 1 (:call-count @mock)))
(t/is (= 1 (-> out :result count)))
(let [token (-> out :result first)
claims (tokens/decode sprops token)]
(t/is (= :team-invitation (:iss claims)))
(t/is (= (:id profile1) (:profile-id claims)))
(t/is (= :editor (:role claims)))
(t/is (= (:id team) (:team-id claims)))
(t/is (= (:email data) (:member-email claims)))
(t/is (nil? (:member-id claims)))))
(th/reset-mock! mock)
;; Try to invite existing user
(let [data {::th/type :invite-team-member
:email (:email profile2)
:team-id (:id team)
:role :editor
:profile-id (:id profile1)}
out (th/mutation! data)]
;; (th/print-result! out)
(t/is (th/success? out))
(t/is (= 1 (:call-count @mock)))
(t/is (= 1 (-> out :result count)))
(let [token (-> out :result first)
claims (tokens/decode sprops token)]
(t/is (= :team-invitation (:iss claims)))
(t/is (= (:id profile1) (:profile-id claims)))
(t/is (= :editor (:role claims)))
(t/is (= (:id team) (:team-id claims)))
(t/is (= (:email data) (:member-email claims)))
(t/is (= (:id profile2) (:member-id claims)))))
)))
(t/deftest accept-invitation-tokens
(let [profile1 (th/create-profile* 1 {:is-active true})
profile2 (th/create-profile* 2 {:is-active true})
team (th/create-team* 1 {:profile-id (:id profile1)})
sprops (:app.setup/props th/*system*)
pool (:app.db/pool th/*system*)]
(let [token (tokens/generate sprops
{:iss :team-invitation
:exp (dt/in-future "1h")
:profile-id (:id profile1)
:role :editor
:team-id (:id team)
:member-email (:email profile2)
:member-id (:id profile2)})]
;; --- Verify token as anonymous user
(db/insert! pool :team-invitation
{:team-id (:id team)
:email-to (:email profile2)
:role "editor"
:valid-until (dt/in-future "48h")})
(let [data {::th/type :verify-token :token token}
out (th/mutation! data)]
;; (th/print-result! out)
(t/is (th/success? out))
(let [result (:result out)]
(t/is (= :created (:state result)))
(t/is (= (:email profile2) (:member-email result)))
(t/is (= (:id profile2) (:member-id result))))
(let [rows (db/query pool :team-profile-rel {:team-id (:id team)})]
(t/is (= 2 (count rows)))))
;; Clean members
(db/delete! pool :team-profile-rel
{:team-id (:id team)
:profile-id (:id profile2)})
;; --- Verify token as logged-in user
(db/insert! pool :team-invitation
{:team-id (:id team)
:email-to (:email profile2)
:role "editor"
:valid-until (dt/in-future "48h")})
(let [data {::th/type :verify-token :token token :profile-id (:id profile2)}
out (th/mutation! data)]
;; (th/print-result! out)
(t/is (th/success? out))
(let [result (:result out)]
(t/is (= :created (:state result)))
(t/is (= (:email profile2) (:member-email result)))
(t/is (= (:id profile2) (:member-id result))))
(let [rows (db/query pool :team-profile-rel {:team-id (:id team)})]
(t/is (= 2 (count rows)))))
;; --- Verify token as logged-in wrong user
(db/insert! pool :team-invitation
{:team-id (:id team)
:email-to (:email profile2)
:role "editor"
:valid-until (dt/in-future "48h")})
(let [data {::th/type :verify-token :token token :profile-id (:id profile1)}
out (th/mutation! data)]
;; (th/print-result! out)
(t/is (not (th/success? out)))
(let [edata (-> out :error ex-data)]
(t/is (= :validation (:type edata)))
(t/is (= :invalid-token (:code edata)))))
)))
(t/deftest invite-team-member-with-email-verification-disabled (t/deftest invite-team-member-with-email-verification-disabled
(with-mocks [mock {:target 'app.emails/send! :return nil}] (with-mocks [mock {:target 'app.emails/send! :return nil}]
(let [profile1 (th/create-profile* 1 {:is-active true}) (let [profile1 (th/create-profile* 1 {:is-active true})
@ -108,20 +256,17 @@
(th/reset-mock! mock) (th/reset-mock! mock)
(let [data (assoc data :email (:email profile2)) (let [data (assoc data :email (:email profile2))
out (th/mutation! data)] out (th/mutation! data)]
(t/is (= {} (:result out))) (t/is (th/success? out))
(t/is (= 0 (:call-count (deref mock))))) (t/is (= 0 (:call-count (deref mock)))))
(let [members (db/query pool :team-profile-rel (let [members (db/query pool :team-profile-rel
{:team-id (:id team) {:team-id (:id team)
:profile-id (:id profile2)})] :profile-id (:id profile2)})]
(t/is (= 1 (count members))) (t/is (= 1 (count members)))
(t/is (true? (-> members first :can-edit)))))))) (t/is (true? (-> members first :can-edit))))))))
(t/deftest team-deletion
(t/deftest test-deletion (let [profile1 (th/create-profile* 1 {:is-active true})
(let [task (:app.tasks.objects-gc/handler th/*system*)
profile1 (th/create-profile* 1 {:is-active true})
team (th/create-team* 1 {:profile-id (:id profile1)}) team (th/create-team* 1 {:profile-id (:id profile1)})
pool (:app.db/pool th/*system*) pool (:app.db/pool th/*system*)
data {::th/type :delete-team data {::th/type :delete-team
@ -130,7 +275,7 @@
;; team is not deleted because it does not meet all ;; team is not deleted because it does not meet all
;; conditions to be deleted. ;; conditions to be deleted.
(let [result (task {:min-age (dt/duration 0)})] (let [result (th/run-task! :objects-gc {:min-age (dt/duration 0)})]
(t/is (= 0 (:processed result)))) (t/is (= 0 (:processed result))))
;; query the list of teams ;; query the list of teams
@ -138,7 +283,7 @@
:profile-id (:id profile1)} :profile-id (:id profile1)}
out (th/query! data)] out (th/query! data)]
;; (th/print-result! out) ;; (th/print-result! out)
(t/is (nil? (:error out))) (t/is (th/success? out))
(let [result (:result out)] (let [result (:result out)]
(t/is (= 2 (count result))) (t/is (= 2 (count result)))
(t/is (= (:id team) (get-in result [1 :id]))) (t/is (= (:id team) (get-in result [1 :id])))
@ -149,21 +294,20 @@
:id (:id team) :id (:id team)
:profile-id (:id profile1)} :profile-id (:id profile1)}
out (th/mutation! params)] out (th/mutation! params)]
;; (th/print-result! out) (t/is (th/success? out)))
(t/is (nil? (:error out))))
;; query the list of teams after soft deletion ;; query the list of teams after soft deletion
(let [data {::th/type :teams (let [data {::th/type :teams
:profile-id (:id profile1)} :profile-id (:id profile1)}
out (th/query! data)] out (th/query! data)]
;; (th/print-result! out) ;; (th/print-result! out)
(t/is (nil? (:error out))) (t/is (th/success? out))
(let [result (:result out)] (let [result (:result out)]
(t/is (= 1 (count result))) (t/is (= 1 (count result)))
(t/is (= (:default-team-id profile1) (get-in result [0 :id]))))) (t/is (= (:default-team-id profile1) (get-in result [0 :id])))))
;; run permanent deletion (should be noop) ;; run permanent deletion (should be noop)
(let [result (task {:min-age (dt/duration {:minutes 1})})] (let [result (th/run-task! :objects-gc {:min-age (dt/duration {:minutes 1})})]
(t/is (= 0 (:processed result)))) (t/is (= 0 (:processed result))))
;; query the list of projects after hard deletion ;; query the list of projects after hard deletion
@ -172,13 +316,12 @@
:profile-id (:id profile1)} :profile-id (:id profile1)}
out (th/query! data)] out (th/query! data)]
;; (th/print-result! out) ;; (th/print-result! out)
(let [error (:error out) (t/is (not (th/success? out)))
error-data (ex-data error)] (let [edata (-> out :error ex-data)]
(t/is (th/ex-info? error)) (t/is (= :not-found (:type edata)))))
(t/is (= (:type error-data) :not-found))))
;; run permanent deletion ;; run permanent deletion
(let [result (task {:min-age (dt/duration 0)})] (let [result (th/run-task! :objects-gc {:min-age (dt/duration 0)})]
(t/is (= 1 (:processed result)))) (t/is (= 1 (:processed result))))
;; query the list of projects of a after hard deletion ;; query the list of projects of a after hard deletion
@ -187,31 +330,27 @@
:profile-id (:id profile1)} :profile-id (:id profile1)}
out (th/query! data)] out (th/query! data)]
;; (th/print-result! out) ;; (th/print-result! out)
(let [error (:error out)
error-data (ex-data error)] (t/is (not (th/success? out)))
(t/is (th/ex-info? error)) (let [edata (-> out :error ex-data)]
(t/is (= (:type error-data) :not-found)))) (t/is (= :not-found (:type edata)))))
)) ))
(t/deftest query-team-invitations (t/deftest query-team-invitations
(let [prof (th/create-profile* 1 {:is-active true}) (let [prof (th/create-profile* 1 {:is-active true})
team (th/create-team* 1 {:profile-id (:id prof)}) team (th/create-team* 1 {:profile-id (:id prof)})
data {::th/type :team-invitations data {::th/type :team-invitations
:profile-id (:id prof) :profile-id (:id prof)
:team-id (:id team)}] :team-id (:id team)}]
;;insert an entry on the database with an enabled invitation ;; insert an entry on the database with an enabled invitation
(db/insert! th/*pool* :team-invitation (db/insert! th/*pool* :team-invitation
{:team-id (:team-id data) {:team-id (:team-id data)
:email-to "test1@mail.com" :email-to "test1@mail.com"
:role "editor" :role "editor"
:valid-until (dt/in-future "48h")}) :valid-until (dt/in-future "48h")})
;; insert an entry on the database with an expired invitation
;;insert an entry on the database with an expired invitation
(db/insert! th/*pool* :team-invitation (db/insert! th/*pool* :team-invitation
{:team-id (:team-id data) {:team-id (:team-id data)
:email-to "test2@mail.com" :email-to "test2@mail.com"
@ -219,27 +358,26 @@
:valid-until (dt/in-past "48h")}) :valid-until (dt/in-past "48h")})
(let [out (th/query! data)] (let [out (th/query! data)]
(t/is (nil? (:error out))) (t/is (th/success? out))
(let [result (:result out) (let [result (:result out)
one (first result) one (first result)
two (second result)] two (second result)]
(t/is (= 2 (count result))) (t/is (= 2 (count result)))
(t/is (= "test1@mail.com" (:email one))) (t/is (= "test1@mail.com" (:email one)))
(t/is (= "test2@mail.com" (:email two))) (t/is (= "test2@mail.com" (:email two)))
(t/is (false? (:expired one))) (t/is (false? (:expired one)))
(t/is (true? (:expired two))))))) (t/is (true? (:expired two)))))))
(t/deftest update-team-invitation-role (t/deftest update-team-invitation-role
(let [prof (th/create-profile* 1 {:is-active true}) (let [prof (th/create-profile* 1 {:is-active true})
team (th/create-team* 1 {:profile-id (:id prof)}) team (th/create-team* 1 {:profile-id (:id prof)})
data {::th/type :update-team-invitation-role data {::th/type :update-team-invitation-role
:profile-id (:id prof) :profile-id (:id prof)
:team-id (:id team) :team-id (:id team)
:email "TEST1@mail.com" :email "TEST1@mail.com"
:role :admin}] :role :admin}]
;;insert an entry on the database with an invitation ;; insert an entry on the database with an invitation
(db/insert! th/*pool* :team-invitation (db/insert! th/*pool* :team-invitation
{:team-id (:team-id data) {:team-id (:team-id data)
:email-to "test1@mail.com" :email-to "test1@mail.com"
@ -247,24 +385,22 @@
:valid-until (dt/in-future "48h")}) :valid-until (dt/in-future "48h")})
(let [out (th/mutation! data) (let [out (th/mutation! data)
;;retrieve the value from the database and check its content ;; retrieve the value from the database and check its content
result (db/get-by-params th/*pool* :team-invitation res (db/get* th/*pool* :team-invitation
{:team-id (:team-id data) :email-to "test1@mail.com"} {:team-id (:team-id data) :email-to "test1@mail.com"})]
{:check-not-found false})] (t/is (th/success? out))
(t/is (nil? (:error out)))
(t/is (nil? (:result out))) (t/is (nil? (:result out)))
(t/is (= "admin" (:role result)))))) (t/is (= "admin" (:role res))))))
(t/deftest delete-team-invitation (t/deftest delete-team-invitation
(let [prof (th/create-profile* 1 {:is-active true}) (let [prof (th/create-profile* 1 {:is-active true})
team (th/create-team* 1 {:profile-id (:id prof)}) team (th/create-team* 1 {:profile-id (:id prof)})
data {::th/type :delete-team-invitation data {::th/type :delete-team-invitation
:profile-id (:id prof) :profile-id (:id prof)
:team-id (:id team) :team-id (:id team)
:email "TEST1@mail.com"}] :email "TEST1@mail.com"}]
;;insert an entry on the database with an invitation ;; insert an entry on the database with an invitation
(db/insert! th/*pool* :team-invitation (db/insert! th/*pool* :team-invitation
{:team-id (:team-id data) {:team-id (:team-id data)
:email-to "test1@mail.com" :email-to "test1@mail.com"
@ -272,10 +408,10 @@
:valid-until (dt/in-future "48h")}) :valid-until (dt/in-future "48h")})
(let [out (th/mutation! data) (let [out (th/mutation! data)
;;retrieve the value from the database and check its content ;; retrieve the value from the database and check its content
result (db/get-by-params th/*pool* :team-invitation res (db/get* th/*pool* :team-invitation
{:team-id (:team-id data) :email-to "test1@mail.com"} {:team-id (:team-id data) :email-to "test1@mail.com"})]
{:check-not-found false})]
(t/is (nil? (:error out))) (t/is (th/success? out))
(t/is (nil? (:result out))) (t/is (nil? (:result out)))
(t/is (nil? result))))) (t/is (nil? res)))))