gristlabs_grist-core/test/gen-server/lib/emails.ts

import {PermissionData, PermissionDelta} from 'app/common/UserAPI';
import axios from 'axios';
import {assert} from 'chai';
import {TestServer} from 'test/gen-server/apiUtils';
import {configForUser} from 'test/gen-server/testUtils';
import * as testUtils from 'test/server/testUtils';

describe('emails', function() {

  let server: TestServer;
  let serverUrl: string;
  testUtils.setTmpLogLevel('error');

  const regular = 'chimpy@getgrist.com';
  const variant = 'Chimpy@GETgrist.com';
  const apiKey = configForUser('Chimpy');
  let ref: (email: string) => Promise<string>;

  beforeEach(async function() {
    this.timeout(5000);
    server = new TestServer(this);
    ref = (email: string) => server.dbManager.getUserByLogin(email).then((user) => user.ref);
    serverUrl = await server.start();
  });

  afterEach(async function() {
    await server.stop();
  });

  it('email capitalization from provider is sticky', async function() {
    let cookie = await server.getCookieLogin('nasa', {email: regular, name: 'Chimpy'});
    const userRef = await ref(regular);
    // profile starts off with chimpy@ email
    let resp = await axios.get(`${serverUrl}/o/nasa/api/profile/user`, cookie);
    assert.equal(resp.status, 200);
    assert.deepEqual(resp.data, {
      id: 1, email: regular, name: "Chimpy", ref: userRef, picture: null, allowGoogleLogin: true
    });

    // now we log in with simulated provider giving a Chimpy@ capitalization.
    cookie = await server.getCookieLogin('nasa', {email: variant, name: 'Chimpy'});
    resp = await axios.get(`${serverUrl}/o/nasa/api/profile/user`, cookie);
    assert.equal(resp.status, 200);
    // Chimpy@ is now what we see in our profile, but our id is still the same.
    assert.deepEqual(resp.data, {
      id: 1, email: variant, loginEmail: regular, name: "Chimpy", ref: userRef, picture: null, allowGoogleLogin: true
    });

    // read our profile with api key (no session involved) and make sure result is the same.
    resp = await axios.get(`${serverUrl}/api/profile/user`, apiKey);
    assert.equal(resp.status, 200);
    assert.deepEqual(resp.data, {
      id: 1, email: variant, loginEmail: regular, name: "Chimpy", ref: userRef, picture: null, allowGoogleLogin: true
    });

  });

  it('access endpoints show and accept display emails', async function() {
    // emails are used in access endpoints - make sure they provide the display email.

    const resources = [
      { type: 'orgs', id: await server.dbManager.testGetId('NASA') },
      { type: 'workspaces', id: await server.dbManager.testGetId('Horizon') },
      { type: 'docs', id: await server.dbManager.testGetId('Jupiter') },
    ] as const;

    for (const res of resources) {
      // initially, should report regular chimpy address
      const resp = await axios.get(`${serverUrl}/api/${res.type}/${res.id}/access`, apiKey);
      assert.equal(resp.status, 200);
      const delta: PermissionData = resp.data;
      assert.notInclude(delta.users.map(u => u.email), variant);
      assert.include(delta.users.map(u => u.email), regular);
    }

    const cookie = await server.getCookieLogin('nasa', {email: variant, name: 'Chimpy'});
    await axios.get(`${serverUrl}/o/nasa/api/orgs`, cookie);

    for (const res of resources) {
      // now, should report variant chimpy address
      let resp = await axios.get(`${serverUrl}/api/${res.type}/${res.id}/access`, apiKey);
      assert.equal(resp.status, 200);
      const delta: PermissionData = resp.data;
      assert.include(delta.users.map(u => u.email), variant);
      assert.notInclude(delta.users.map(u => u.email), regular);

      // and make sure arbitrary capitalization is accepted and effective.
      const delta2: {delta: PermissionDelta} = {
        delta: {
          users: {
            'chImPy@getGRIst.com': 'viewers'
          }
        }
      };
      resp = await axios.patch(`${serverUrl}/api/${res.type}/${res.id}/access`, delta2, apiKey);
      // expect an error complaining about not being able to change own permissions.
      assert.match(resp.data.error, /own permissions/);
    }
  });

  it('PATCH access endpoints behave reasonably when multiple versions of email given', async function() {
    const orgId = await server.dbManager.testGetId('NASA');

    let resp = await axios.get(`${serverUrl}/api/orgs/${orgId}/access`, apiKey);
    assert.deepEqual(resp.data, { users: [
      {
        id: 1,
        name: 'Chimpy',
        email: 'chimpy@getgrist.com',
        ref: await ref('chimpy@getgrist.com'),
        picture: null,
        access: 'owners',
        isMember: true,
      },
      {
        id: 3,
        name: 'Charon',
        email: 'charon@getgrist.com',
        ref: await ref('charon@getgrist.com'),
        picture: null,
        access: 'guests',
        isMember: false,
      },
    ]});

    const delta: {delta: PermissionDelta} = {
      delta: {
        users: {
          'kiWI@getGRIst.com': 'viewers',
          'KIwi@getgrist.com': 'editors',
          'charON@getgrist.com': null,
        }
      }
    };
    resp = await axios.patch(`${serverUrl}/api/orgs/${orgId}/access`, delta, apiKey);
    assert.equal(resp.status, 200);

    resp = await axios.get(`${serverUrl}/api/orgs/${orgId}/access`, apiKey);
    assert.deepEqual(resp.data, { users: [
      {
        id: 1,
        name: 'Chimpy',
        email: 'chimpy@getgrist.com',
        ref: await ref('chimpy@getgrist.com'),
        picture: null,
        access: 'owners',
        isMember: true,
      },
      {
        id: 2,
        name: 'Kiwi',
        email: 'kiwi@getgrist.com',
        ref: await ref('kiwi@getgrist.com'),
        picture: null,
        access: 'editors',
        isMember: true,
      },
    ]});
  });
});
(core) test: move gen-server tests into core Summary: These are tests that we just never moved into the public repo. It's just a small chore to make them public. Test Plan: Make sure the tests still pass Reviewers: jarek Reviewed By: jarek Differential Revision: https://phab.getgrist.com/D4311 1 month ago			`import {PermissionData, PermissionDelta} from 'app/common/UserAPI';`
			`import axios from 'axios';`
			`import {assert} from 'chai';`
			`import {TestServer} from 'test/gen-server/apiUtils';`
			`import {configForUser} from 'test/gen-server/testUtils';`
			`import * as testUtils from 'test/server/testUtils';`

			`describe('emails', function() {`

			`let server: TestServer;`
			`let serverUrl: string;`
			`testUtils.setTmpLogLevel('error');`

			`const regular = 'chimpy@getgrist.com';`
			`const variant = 'Chimpy@GETgrist.com';`
			`const apiKey = configForUser('Chimpy');`
			`let ref: (email: string) => Promise<string>;`

			`beforeEach(async function() {`
			`this.timeout(5000);`
			`server = new TestServer(this);`
Add tests for UsersManager (#1149) Context HomeDBManager lacks of direct tests, which makes hard to make rework or refactorations. Proposed solution Specifically here, I introduce tests which call exposed UsersManager methods directly and check their result. Also: I removed updateUserName which seems to me useless (updateUser does the same work) Taking a look at the getUserByLogin methods, it appears that Typescirpt infers it returns a Promise<User\|null> while in no case it may resolve a nullish value, therefore I have forced to return a Promise<User> and have changed the call sites to reflect the change. Related issues I make this change for then working on #870 2 weeks ago			`ref = (email: string) => server.dbManager.getUserByLogin(email).then((user) => user.ref);`
(core) test: move gen-server tests into core Summary: These are tests that we just never moved into the public repo. It's just a small chore to make them public. Test Plan: Make sure the tests still pass Reviewers: jarek Reviewed By: jarek Differential Revision: https://phab.getgrist.com/D4311 1 month ago			`serverUrl = await server.start();`
			`});`

			`afterEach(async function() {`
			`await server.stop();`
			`});`

			`it('email capitalization from provider is sticky', async function() {`
			`let cookie = await server.getCookieLogin('nasa', {email: regular, name: 'Chimpy'});`
			`const userRef = await ref(regular);`
			`// profile starts off with chimpy@ email`
			let resp = await axios.get(`${serverUrl}/o/nasa/api/profile/user`, cookie);
			`assert.equal(resp.status, 200);`
			`assert.deepEqual(resp.data, {`
			`id: 1, email: regular, name: "Chimpy", ref: userRef, picture: null, allowGoogleLogin: true`
			`});`

			`// now we log in with simulated provider giving a Chimpy@ capitalization.`
			`cookie = await server.getCookieLogin('nasa', {email: variant, name: 'Chimpy'});`
			resp = await axios.get(`${serverUrl}/o/nasa/api/profile/user`, cookie);
			`assert.equal(resp.status, 200);`
			`// Chimpy@ is now what we see in our profile, but our id is still the same.`
			`assert.deepEqual(resp.data, {`
			`id: 1, email: variant, loginEmail: regular, name: "Chimpy", ref: userRef, picture: null, allowGoogleLogin: true`
			`});`

			`// read our profile with api key (no session involved) and make sure result is the same.`
			resp = await axios.get(`${serverUrl}/api/profile/user`, apiKey);
			`assert.equal(resp.status, 200);`
			`assert.deepEqual(resp.data, {`
			`id: 1, email: variant, loginEmail: regular, name: "Chimpy", ref: userRef, picture: null, allowGoogleLogin: true`
			`});`

			`});`

			`it('access endpoints show and accept display emails', async function() {`
			`// emails are used in access endpoints - make sure they provide the display email.`

			`const resources = [`
			`{ type: 'orgs', id: await server.dbManager.testGetId('NASA') },`
			`{ type: 'workspaces', id: await server.dbManager.testGetId('Horizon') },`
			`{ type: 'docs', id: await server.dbManager.testGetId('Jupiter') },`
			`] as const;`

			`for (const res of resources) {`
			`// initially, should report regular chimpy address`
			const resp = await axios.get(`${serverUrl}/api/${res.type}/${res.id}/access`, apiKey);
			`assert.equal(resp.status, 200);`
			`const delta: PermissionData = resp.data;`
			`assert.notInclude(delta.users.map(u => u.email), variant);`
			`assert.include(delta.users.map(u => u.email), regular);`
			`}`

			`const cookie = await server.getCookieLogin('nasa', {email: variant, name: 'Chimpy'});`
			await axios.get(`${serverUrl}/o/nasa/api/orgs`, cookie);

			`for (const res of resources) {`
			`// now, should report variant chimpy address`
			let resp = await axios.get(`${serverUrl}/api/${res.type}/${res.id}/access`, apiKey);
			`assert.equal(resp.status, 200);`
			`const delta: PermissionData = resp.data;`
			`assert.include(delta.users.map(u => u.email), variant);`
			`assert.notInclude(delta.users.map(u => u.email), regular);`

			`// and make sure arbitrary capitalization is accepted and effective.`
			`const delta2: {delta: PermissionDelta} = {`
			`delta: {`
			`users: {`
			`'chImPy@getGRIst.com': 'viewers'`
			`}`
			`}`
			`};`
			resp = await axios.patch(`${serverUrl}/api/${res.type}/${res.id}/access`, delta2, apiKey);
			`// expect an error complaining about not being able to change own permissions.`
			`assert.match(resp.data.error, /own permissions/);`
			`}`
			`});`

			`it('PATCH access endpoints behave reasonably when multiple versions of email given', async function() {`
			`const orgId = await server.dbManager.testGetId('NASA');`

			let resp = await axios.get(`${serverUrl}/api/orgs/${orgId}/access`, apiKey);
			`assert.deepEqual(resp.data, { users: [`
			`{`
			`id: 1,`
			`name: 'Chimpy',`
			`email: 'chimpy@getgrist.com',`
			`ref: await ref('chimpy@getgrist.com'),`
			`picture: null,`
			`access: 'owners',`
			`isMember: true,`
			`},`
			`{`
			`id: 3,`
			`name: 'Charon',`
			`email: 'charon@getgrist.com',`
			`ref: await ref('charon@getgrist.com'),`
			`picture: null,`
			`access: 'guests',`
			`isMember: false,`
			`},`
			`]});`

			`const delta: {delta: PermissionDelta} = {`
			`delta: {`
			`users: {`
			`'kiWI@getGRIst.com': 'viewers',`
			`'KIwi@getgrist.com': 'editors',`
			`'charON@getgrist.com': null,`
			`}`
			`}`
			`};`
			resp = await axios.patch(`${serverUrl}/api/orgs/${orgId}/access`, delta, apiKey);
			`assert.equal(resp.status, 200);`

			resp = await axios.get(`${serverUrl}/api/orgs/${orgId}/access`, apiKey);
			`assert.deepEqual(resp.data, { users: [`
			`{`
			`id: 1,`
			`name: 'Chimpy',`
			`email: 'chimpy@getgrist.com',`
			`ref: await ref('chimpy@getgrist.com'),`
			`picture: null,`
			`access: 'owners',`
			`isMember: true,`
			`},`
			`{`
			`id: 2,`
			`name: 'Kiwi',`
			`email: 'kiwi@getgrist.com',`
			`ref: await ref('kiwi@getgrist.com'),`
			`picture: null,`
			`access: 'editors',`
			`isMember: true,`
			`},`
			`]});`
			`});`
			`});`