diff --git a/test/user.js b/test/user.js index e1a7149c46..63f200f198 100644 --- a/test/user.js +++ b/test/user.js @@ -20,6 +20,7 @@ const groups = require('../src/groups'); const messaging = require('../src/messaging'); const helpers = require('./helpers'); const meta = require('../src/meta'); +const file = require('../src/file'); const socketUser = require('../src/socket.io/user'); const apiUser = require('../src/api/users'); @@ -2849,4 +2850,18 @@ describe('User', () => { }); }); }); + + describe('User\'s', async () => { + let files; + + before(async () => { + files = await file.walk(path.resolve(__dirname, './user')); + }); + + it('subfolder tests', () => { + files.forEach((filePath) => { + require(filePath); + }); + }); + }); }); diff --git a/test/user/emails.js b/test/user/emails.js new file mode 100644 index 0000000000..c99f47ff88 --- /dev/null +++ b/test/user/emails.js @@ -0,0 +1,107 @@ +'use strict'; + +const assert = require('assert'); +const nconf = require('nconf'); +const util = require('util'); + +const db = require('../mocks/databasemock'); + +const helpers = require('../helpers'); + +const user = require('../../src/user'); +const groups = require('../../src/groups'); + +describe('email confirmation (v3 api)', () => { + let userObj; + let jar; + const register = data => new Promise((resolve, reject) => { + helpers.registerUser(data, (err, jar, response, body) => { + if (err) { + return reject(err); + } + + resolve({ jar, response, body }); + }); + }); + const login = util.promisify(helpers.loginUser); + + before(async () => { + // If you're running this file directly, uncomment these lines + await register({ + username: 'fake-user', + password: 'derpioansdosa', + email: 'b@c.com', + gdpr_consent: true, + }); + + ({ body: userObj, jar } = await register({ + username: 'email-test', + password: 'abcdef', + email: 'test@example.org', + gdpr_consent: true, + })); + }); + + it('should have a pending validation', async () => { + const code = await db.get(`confirm:byUid:${userObj.uid}`); + assert.strictEqual(await user.email.isValidationPending(userObj.uid, 'test@example.org'), true); + }); + + it('should not list their email', async () => { + const { res, body } = await helpers.request('get', `/api/v3/users/${userObj.uid}/emails`, { + jar, + json: true, + }); + + assert.strictEqual(res.statusCode, 200); + assert.deepStrictEqual(body, JSON.parse('{"status":{"code":"ok","message":"OK"},"response":{"emails":[]}}')); + }); + + it('should not allow confirmation if they are not an admin', async () => { + const { res } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, { + jar, + json: true, + }); + + assert.strictEqual(res.statusCode, 403); + }); + + it('should not confirm an email that is not pending or set', async () => { + await groups.join('administrators', userObj.uid); + const { res, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('fake@example.org')}/confirm`, { + jar, + json: true, + }); + + assert.strictEqual(res.statusCode, 404); + await groups.leave('administrators', userObj.uid); + }); + + it('should confirm their email (using the pending validation)', async () => { + await groups.join('administrators', userObj.uid); + const { res, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, { + jar, + json: true, + }); + + assert.strictEqual(res.statusCode, 200); + assert.deepStrictEqual(body, JSON.parse('{"status":{"code":"ok","message":"OK"},"response":{}}')); + await groups.leave('administrators', userObj.uid); + }); + + it('should still confirm the email (as email is set in user hash)', async () => { + await user.email.remove(userObj.uid); + await user.setUserField(userObj.uid, 'email', 'test@example.org'); + ({ jar } = await login('email-test', 'abcdef')); // email removal logs out everybody + await groups.join('administrators', userObj.uid); + + const { res, body } = await helpers.request('post', `/api/v3/users/${userObj.uid}/emails/${encodeURIComponent('test@example.org')}/confirm`, { + jar, + json: true, + }); + + assert.strictEqual(res.statusCode, 200); + assert.deepStrictEqual(body, JSON.parse('{"status":{"code":"ok","message":"OK"},"response":{}}')); + await groups.leave('administrators', userObj.uid); + }); +});