[DEV-148] Resend invitation backend (#1050)

* add resend-staff-invite path * add resend-user-invite path * add departments verification staff invite and ruby test * add user invite ruby tests * add resend invite paths and ruby tests
2021-10-08 19:04:25 -03:00 · 2021-10-08 19:04:25 -03:00 · 5d4fe0250b
parent af15d0116d
commit 5d4fe0250b
11 changed files with 412 additions and 2 deletions
--- a/server/controllers/staff.php
+++ b/server/controllers/staff.php
@ -14,5 +14,6 @@ $systemControllerGroup->addController(new GetAllStaffController);
 $systemControllerGroup->addController(new DeleteStaffController);
 $systemControllerGroup->addController(new EditStaffController);
 $systemControllerGroup->addController(new LastEventsStaffController);
+$systemControllerGroup->addController(new ResendInviteStaffController);

 $systemControllerGroup->finalize();
--- a/server/controllers/staff/invite.php
+++ b/server/controllers/staff/invite.php
@ -26,7 +26,8 @@ DataValidator::with('CustomValidations', true);
 * @apiUse INVALID_PASSWORD
 * @apiUse INVALID_LEVEL
 * @apiUse ALREADY_A_STAFF
- *
+ * @apiUse INVALID_DEPARTMENT
+ * 
 * @apiSuccess {Object} data Staff info object
 * @apiSuccess {Number} data.id Staff id
 *
@ -57,6 +58,10 @@ class InviteStaffController extends Controller {
                'level' => [
                    'validation' => DataValidator::between(1, 3, true),
                    'error' => ERRORS::INVALID_LEVEL
+                ],
+                'departments' => [
+                    'validation' => DataValidator::oneOf(DataValidator::validDepartmentsId(),DataValidator::nullType()),
+                    'error' => ERRORS::INVALID_DEPARTMENT
                ]
            ]
        ];
--- a/server/controllers/staff/resend-invite-staff.php
+++ b/server/controllers/staff/resend-invite-staff.php
@ -0,0 +1,75 @@
+<?php
+use Respect\Validation\Validator as DataValidator;
+DataValidator::with('CustomValidations', true);
+
+/**
+ * @api {post} /staff/resend-invite-staff resend invite staff
+ * @apiVersion 4.9.0
+ *
+ * @apiName Resend resend invite staff
+ *
+ * @apiGroup Staff
+ *
+ * @apiDescription This path resend invitation to a staff
+ *
+ * @apiPermission staff3
+ *
+ * @apiParam {String} email The email of the new staff member.
+ * 
+ * @apiUse NO_PERMISSION
+ * @apiUse INVALID_NAME
+ * @apiUse INVALID_EMAIL
+ * @apiUse INVALID_PASSWORD
+ * @apiUse INVALID_LEVEL
+ * @apiUse ALREADY_A_STAFF
+ *
+ * @apiSuccess {Object} data Empty object
+ *
+ */
+
+class ResendInviteStaffController extends Controller {
+    const PATH = '/resend-invite-staff';
+    const METHOD = 'POST';
+
+    private $email;
+
+    public function validations() {
+        return [
+            'permission' => 'staff_3',
+            'requestData' => [
+                'email' => [
+                    'validation' => DataValidator::email(),
+                    'error' => ERRORS::INVALID_EMAIL
+                ]                
+            ]
+        ];
+    }
+
+    public function handler() {
+        $this->email = Controller::request('email');
+
+        $staffRow = Staff::getDataStore($this->email, 'email');
+        $recoverPassword = RecoverPassword::getDataStore($this->email, 'email');
+
+        if($staffRow->isNull() || $recoverPassword->isNull() || $recoverPassword->staff != 1) throw new RequestException(ERRORS::INVALID_EMAIL);
+
+        $this->sendInvitationMail($staffRow, $recoverPassword->token);
+
+        Response::respondSuccess();
+
+        Log::createLog('INVITE', $staffRow->name);
+    }
+
+    public function sendInvitationMail($staffRow, $token) {
+        $mailSender = MailSender::getInstance();
+
+        $mailSender->setTemplate(MailTemplate::USER_INVITE, [
+            'to' => $staffRow->email,
+            'name' => $staffRow->name,
+            'url' => Setting::getSetting('url')->getValue(),
+            'token' => $token
+        ]);
+
+        $mailSender->send();
+    }
+}
--- a/server/controllers/user.php
+++ b/server/controllers/user.php
@ -25,4 +25,6 @@ $userControllers->addController(new EditCustomFieldsController);
 $userControllers->addController(new EditSupervisedListController);
 $userControllers->addController(new GetSupervisedTicketController);

+$userControllers->addController(new ResendInviteUserController);
+
 $userControllers->finalize();
--- a/server/controllers/user/resend-invite-user.php
+++ b/server/controllers/user/resend-invite-user.php
@ -0,0 +1,71 @@
+<?php
+use Respect\Validation\Validator as DataValidator;
+DataValidator::with('CustomValidations', true);
+
+/**
+ * @api {post} /user/resend-invite-user resend invite user
+ * @apiVersion 4.9.0
+ *
+ * @apiName Resend resend invite user
+ *
+ * @apiGroup User
+ *
+ * @apiDescription This path resend invitation to a user
+ *
+ * @apiPermission staff1
+ *
+ * @apiParam {String} email The email of the new user.
+ * 
+ * @apiUse ALREADY_BANNED
+ * @apiUse INVALID_EMAIL
+ *
+ * @apiSuccess {Object} data Empty object
+ *
+ */
+
+class ResendInviteUserController extends Controller {
+    const PATH = '/resend-invite-user';
+    const METHOD = 'POST';
+
+    public function validations() {
+        return [
+            'permission' => 'staff_1',
+            'requestData' => [
+                'email' => [
+                    'validation' => DataValidator::email(),
+                    'error' => ERRORS::INVALID_EMAIL
+                ]                
+            ]
+        ];
+    }
+
+    public function handler() {
+        $email = Controller::request('email');
+
+        $userRow = User::getDataStore($email, 'email');
+        $banRow = Ban::getDataStore($email,'email');
+        $recoverPassword = RecoverPassword::getDataStore($email, 'email');
+
+        if(!$banRow->isNull()) throw new RequestException(ERRORS::ALREADY_BANNED);
+        if($userRow->isNull() || $recoverPassword->isNull() || $recoverPassword->staff != 0) throw new RequestException(ERRORS::INVALID_EMAIL);
+
+        $this->sendInvitationMail($userRow, $recoverPassword->token);
+
+        Response::respondSuccess();
+
+        Log::createLog('INVITE', $userRow->name);
+    }
+
+    public function sendInvitationMail($userRow, $token) {
+        $mailSender = MailSender::getInstance();
+
+        $mailSender->setTemplate(MailTemplate::USER_INVITE, [
+            'to' => $userRow->email,
+            'name' => $userRow->name,
+            'url' => Setting::getSetting('url')->getValue(),
+            'token' => $token
+        ]);
+
+        $mailSender->send();
+    }
+}
--- a/tests/init.rb
+++ b/tests/init.rb
@ -79,4 +79,7 @@ require './system/default-department.rb'
 require './user/edit-supervised-list.rb'
 require './user/get-supervised-tickets.rb'
 require './system/apikey-permissions.rb'
-require './system/get-stats.rb'
+require './system/get-stats.rb'
+require './user/invite.rb'
+require './user/resend-invite-user.rb'
+require './staff/resend-invite-staff.rb'
--- a/tests/scripts.rb
+++ b/tests/scripts.rb
@ -16,6 +16,22 @@ class Scripts
        })
    end

+    def self.inviteUser(email, name='genericName')
+        response = request('/user/invite', {
+            :name => name,
+            :email => email,
+        })
+    end
+
+    def self.inviteStaff(email, name='validName', level=1, profilePic='', departments: '[1]')
+        response = request('/staff/invite', {
+            :name => name,
+            :email => email,
+            :level => level,
+            :departments => departments.to_string
+        })
+    end
+    
    def self.createStaff(email, password, name, level='1') # WARNING: NOT USED ANYWHERE
        departments = request('/system/get-settings', {
          csrf_userid: $csrf_userid,
--- a/tests/staff/invite.rb
+++ b/tests/staff/invite.rb
@ -2,6 +2,81 @@ describe'/staff/invite' do
    request('/user/logout')
    Scripts.login($staff[:email], $staff[:password], true)

+    it 'should if data is wrong' do
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Tyrion Lannister',
+            email: 'tyrion@opensupports.com',
+            level: 5,
+            profilePic: '',
+            departments: '[1]'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_LEVEL')
+        
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Tyrion Lannister',
+            email: 'tyrion@opensupports.com',
+            level: 0,
+            profilePic: '',
+            departments: '[1]'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_LEVEL')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Tyrion Lannister',
+            email: 'tyrion@opensupports.com',
+            level: 1,
+            profilePic: '',
+            departments: '[1,100]'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_DEPARTMENT')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Tyrion Lannister',
+            email: 'tyrion@opensupports.com',
+            level: 1,
+            profilePic: '',
+            departments: 'xd'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_DEPARTMENT')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'Tyrion LannisterLannisterLannisterLannisterLannisterLannisterLannisterLannisterLannisterLannisterLannisterLannisterLannisterLannister',
+            email: 'tyrion@opensupports.com',
+            level: 1,
+            profilePic: '',
+            departments: '[1]'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_NAME')
+
+        result = request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'T',
+            email: 'tyrion@opensupports.com',
+            level: 1,
+            profilePic: '',
+            departments: '[1]'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_NAME')
+    end
+
    it 'should add staff member' do

        result = request('/staff/invite', {
--- a/tests/staff/resend-invite-staff.rb
+++ b/tests/staff/resend-invite-staff.rb
@ -0,0 +1,45 @@
+describe'/staff/resend-invite-staff' do
+    request('/user/logout')
+    Scripts.login($staff[:email], $staff[:password], true)
+
+    it 'should if data is wrong' do
+
+        result = request('/staff/resend-invite-staff', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            email: 'invalid email'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_EMAIL')
+        
+        result = request('/staff/resend-invite-staff', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            email: 'thisemaildoesnotexists@opensupports.com'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_EMAIL')
+
+    end
+
+    it 'should resend invite staff' do
+
+        request('/staff/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'invented name',
+            email: 'invitedstaff2@opensupports.com',
+            level: 2,
+            profilePic: '',
+            departments: '[1]'
+        })
+
+        result = request('/staff/resend-invite-staff', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            email: 'invitedstaff2@opensupports.com'
+        })
+        
+        (result['status']).should.equal('success')
+    end
+end
--- a/tests/user/invite.rb
+++ b/tests/user/invite.rb
@ -0,0 +1,75 @@
+describe'/user/invite' do
+    request('/user/logout')
+    Scripts.login($staff[:email], $staff[:password], true)
+
+    it 'should if data is wrong' do
+
+        result = request('/user/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'i',
+            email: 'inviteduser2@opensupports.com'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_NAME')
+        
+        result = request('/user/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'invited userinvited userinvited userinvited userinvited userinvited userinvited userinvited userinvited userinvited user',
+            email: 'inviteduser2@opensupports.com'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_NAME')
+
+        result = request('/user/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'invited user',
+            email: 'inviiited user email'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_EMAIL')
+
+    end
+
+    it 'should invite user' do
+
+        result = request('/user/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'invited user',
+            email: 'inviteduser2@opensupports.com'
+        })
+        
+        (result['status']).should.equal('success')
+
+        recoverpassword = $database.getRow('recoverpassword', 'inviteduser2@opensupports.com', 'email')
+
+        request('/user/recover-password', {
+            email: 'inviteduser2@opensupports.com',
+            password: 'testpassword',
+            token: recoverpassword['token']
+        })
+
+        row = $database.getRow('user', 'inviteduser2@opensupports.com', 'email')
+
+        (row['name']).should.equal('invited user')
+        (row['email']).should.equal('inviteduser2@opensupports.com')
+
+        lastLog = $database.getLastRow('log')
+        (lastLog['type']).should.equal('INVITE')
+
+    end
+    it 'should fail if user is already exists' do
+        result = request('/user/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'invited user',
+            email: 'inviteduser2@opensupports.com'
+        })
+
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('USER_EXISTS')
+    end
+end
--- a/tests/user/resend-invite-user.rb
+++ b/tests/user/resend-invite-user.rb
@ -0,0 +1,42 @@
+describe'/user/resend-invite-user' do
+    request('/user/logout')
+    Scripts.login($staff[:email], $staff[:password], true)
+
+    it 'should if data is wrong' do
+
+        result = request('/user/resend-invite-user', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            email: 'invalid email'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_EMAIL')
+        
+        result = request('/user/resend-invite-user', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            email: 'thisemaildoesnotexists@opensupports.com'
+        })
+        (result['status']).should.equal('fail')
+        (result['message']).should.equal('INVALID_EMAIL')
+
+    end
+
+    it 'should resend invite user' do
+        
+        result = request('/user/invite', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            name: 'inviteduser3',
+            email: 'inviteduser3@opensupports.com'
+        })
+        
+        result = request('/user/resend-invite-user', {
+            csrf_userid: $csrf_userid,
+            csrf_token: $csrf_token,
+            email: 'inviteduser3@opensupports.com'
+        })
+        
+        (result['status']).should.equal('success')
+    end
+end