1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.AdminAPI.InviteControllerTest do
6 use Pleroma.Web.ConnCase, async: false
11 alias Pleroma.UserInviteToken
14 admin = insert(:user, is_admin: true)
15 token = insert(:oauth_admin_token, user: admin)
19 |> assign(:user, admin)
20 |> assign(:token, token)
22 {:ok, %{admin: admin, token: token, conn: conn}}
25 describe "POST /api/pleroma/admin/users/email_invite, with valid config" do
27 clear_config([:instance, :registrations_open], false)
28 clear_config([:instance, :invites_enabled], true)
29 clear_config([:instance, :admin_privileges], [:users_manage_invites])
32 test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
33 clear_config([:instance, :admin_privileges], [])
37 |> put_req_header("content-type", "application/json;charset=utf-8")
38 |> post("/api/pleroma/admin/users/email_invite", %{
43 assert json_response(conn, :forbidden)
46 test "sends invitation and returns 204", %{admin: admin, conn: conn} do
47 recipient_email = "foo@bar.com"
48 recipient_name = "J. D."
52 |> put_req_header("content-type", "application/json;charset=utf-8")
53 |> post("/api/pleroma/admin/users/email_invite", %{
54 email: recipient_email,
58 assert json_response_and_validate_schema(conn, :no_content)
60 token_record = List.last(Repo.all(Pleroma.UserInviteToken))
62 refute token_record.used
64 notify_email = Config.get([:instance, :notify_email])
65 instance_name = Config.get([:instance, :name])
68 Pleroma.Emails.UserEmail.user_invitation_email(
75 Swoosh.TestAssertions.assert_email_sent(
76 from: {instance_name, notify_email},
77 to: {recipient_name, recipient_email},
78 html_body: email.html_body
82 test "it returns 403 if requested by a non-admin" do
83 non_admin_user = insert(:user)
84 token = insert(:oauth_token, user: non_admin_user)
88 |> assign(:user, non_admin_user)
89 |> assign(:token, token)
90 |> put_req_header("content-type", "application/json;charset=utf-8")
91 |> post("/api/pleroma/admin/users/email_invite", %{
96 assert json_response(conn, :forbidden)
99 test "email with +", %{conn: conn, admin: admin} do
100 recipient_email = "foo+bar@baz.com"
103 |> put_req_header("content-type", "application/json;charset=utf-8")
104 |> post("/api/pleroma/admin/users/email_invite", %{email: recipient_email})
105 |> json_response_and_validate_schema(:no_content)
108 Pleroma.UserInviteToken
113 refute token_record.used
115 notify_email = Config.get([:instance, :notify_email])
116 instance_name = Config.get([:instance, :name])
119 Pleroma.Emails.UserEmail.user_invitation_email(
125 Swoosh.TestAssertions.assert_email_sent(
126 from: {instance_name, notify_email},
128 html_body: email.html_body
133 describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
135 clear_config([:instance, :registrations_open])
136 clear_config([:instance, :invites_enabled])
137 clear_config([:instance, :admin_privileges], [:users_manage_invites])
140 test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
141 clear_config([:instance, :registrations_open], false)
142 clear_config([:instance, :invites_enabled], false)
146 |> put_req_header("content-type", "application/json")
147 |> post("/api/pleroma/admin/users/email_invite", %{
148 email: "foo@bar.com",
152 assert json_response_and_validate_schema(conn, :bad_request) ==
155 "To send invites you need to set the `invites_enabled` option to true."
159 test "it returns 500 if `registrations_open` is enabled", %{conn: conn} do
160 clear_config([:instance, :registrations_open], true)
161 clear_config([:instance, :invites_enabled], true)
165 |> put_req_header("content-type", "application/json")
166 |> post("/api/pleroma/admin/users/email_invite", %{
167 email: "foo@bar.com",
171 assert json_response_and_validate_schema(conn, :bad_request) ==
174 "To send invites you need to set the `registrations_open` option to false."
179 describe "POST /api/pleroma/admin/users/invite_token" do
181 clear_config([:instance, :admin_privileges], [:users_manage_invites])
184 test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
185 clear_config([:instance, :admin_privileges], [])
189 |> put_req_header("content-type", "application/json")
190 |> post("/api/pleroma/admin/users/invite_token")
192 assert json_response(conn, :forbidden)
195 test "without options", %{conn: conn} do
198 |> put_req_header("content-type", "application/json")
199 |> post("/api/pleroma/admin/users/invite_token")
201 invite_json = json_response_and_validate_schema(conn, 200)
202 invite = UserInviteToken.find_by_token!(invite_json["token"])
204 refute invite.expires_at
205 refute invite.max_use
206 assert invite.invite_type == "one_time"
209 test "with expires_at", %{conn: conn} do
212 |> put_req_header("content-type", "application/json")
213 |> post("/api/pleroma/admin/users/invite_token", %{
214 "expires_at" => Date.to_string(Date.utc_today())
217 invite_json = json_response_and_validate_schema(conn, 200)
218 invite = UserInviteToken.find_by_token!(invite_json["token"])
221 assert invite.expires_at == Date.utc_today()
222 refute invite.max_use
223 assert invite.invite_type == "date_limited"
226 test "with max_use", %{conn: conn} do
229 |> put_req_header("content-type", "application/json")
230 |> post("/api/pleroma/admin/users/invite_token", %{"max_use" => 150})
232 invite_json = json_response_and_validate_schema(conn, 200)
233 invite = UserInviteToken.find_by_token!(invite_json["token"])
235 refute invite.expires_at
236 assert invite.max_use == 150
237 assert invite.invite_type == "reusable"
240 test "with max use and expires_at", %{conn: conn} do
243 |> put_req_header("content-type", "application/json")
244 |> post("/api/pleroma/admin/users/invite_token", %{
246 "expires_at" => Date.to_string(Date.utc_today())
249 invite_json = json_response_and_validate_schema(conn, 200)
250 invite = UserInviteToken.find_by_token!(invite_json["token"])
252 assert invite.expires_at == Date.utc_today()
253 assert invite.max_use == 150
254 assert invite.invite_type == "reusable_date_limited"
258 describe "GET /api/pleroma/admin/users/invites" do
260 clear_config([:instance, :admin_privileges], [:users_manage_invites])
263 test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
264 clear_config([:instance, :admin_privileges], [])
266 conn = get(conn, "/api/pleroma/admin/users/invites")
268 assert json_response(conn, :forbidden)
271 test "no invites", %{conn: conn} do
272 conn = get(conn, "/api/pleroma/admin/users/invites")
274 assert json_response_and_validate_schema(conn, 200) == %{"invites" => []}
277 test "with invite", %{conn: conn} do
278 {:ok, invite} = UserInviteToken.create_invite()
280 conn = get(conn, "/api/pleroma/admin/users/invites")
282 assert json_response_and_validate_schema(conn, 200) == %{
287 "invite_type" => "one_time",
289 "token" => invite.token,
298 describe "POST /api/pleroma/admin/users/revoke_invite" do
300 clear_config([:instance, :admin_privileges], [:users_manage_invites])
303 test "returns 403 if not privileged with :users_manage_invites", %{conn: conn} do
304 clear_config([:instance, :admin_privileges], [])
308 |> put_req_header("content-type", "application/json")
309 |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
311 assert json_response(conn, :forbidden)
314 test "with token", %{conn: conn} do
315 {:ok, invite} = UserInviteToken.create_invite()
319 |> put_req_header("content-type", "application/json")
320 |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => invite.token})
322 assert json_response_and_validate_schema(conn, 200) == %{
325 "invite_type" => "one_time",
327 "token" => invite.token,
333 test "with invalid token", %{conn: conn} do
336 |> put_req_header("content-type", "application/json")
337 |> post("/api/pleroma/admin/users/revoke_invite", %{"token" => "foo"})
339 assert json_response_and_validate_schema(conn, :not_found) == %{"error" => "Not found"}