No OneTemporary
Actions

Size

6 KB

Referenced Files

None

Subscribers

None

View Options

	diff --git a/lib/app/base-chips/collections/users.subtest.js b/lib/app/base-chips/collections/users.subtest.js
	index a7c9f112..ffcf4a6d 100644
	--- a/lib/app/base-chips/collections/users.subtest.js
	+++ b/lib/app/base-chips/collections/users.subtest.js
	@@ -1,110 +1,128 @@
	const locreq = require("locreq")(__dirname);
	const assert = require("assert");
	const { with_running_app } = locreq("test_utils/with-test-app.js");
	const assert_throws_async = locreq("test_utils/assert_throws_async.js");

	describe("users", () => {
	describe("auto create admin", () => {
	it("should automatically create a registration intent for the admin user", async () =>
	- with_running_app(async ({ app, mail_api }) => {
	+ with_running_app(async ({ app }) => {
	const { items: registration_intents } = await app.run_action(
	new app.Sealious.SuperContext(),
	["collections", "registration-intents"],
	"show",
	{ filter: { email: app.manifest.admin_email } }
	);
	assert.equal(registration_intents.length, 1);
	assert.equal(registration_intents[0].body.role, "admin");
	}));
	+
	+ it("should properly handle route to account cration", async () =>
	+ with_running_app(async ({ app, rest_api }) => {
	+ const {
	+ items: [registration_intent],
	+ } = await app.run_action(
	+ new app.Sealious.SuperContext(),
	+ ["collections", "registration-intents"],
	+ "show",
	+ { filter: { email: app.manifest.admin_email } }
	+ );
	+
	+ const { email, token } = registration_intent.body;
	+ const response = await rest_api.get(
	+ `/account-creation-details?token=${token}&email=${email}`
	+ );
	+ assert(response.includes("Uzupełnij dane o Twoim koncie"));
	+ }));
	});

	describe("users routes", () => {
	it("should correctly handle me when not logged in", async () =>
	with_running_app(async ({ app, rest_api }) => {
	await assert_throws_async(
	async () =>
	await rest_api.get(
	"/api/v1/users/me?format%5Broles%5D=expand"
	),
	e => {
	assert.equal(e.response.status, 401);
	assert.equal(
	e.response.data.message,
	"You're not logged in!"
	);
	}
	);
	}));
	});

	describe("login", () => {
	it("correctly rejects when provided incorrect password", async () =>
	with_running_app(async ({ app, rest_api }) => {
	await add_user(app);
	const incorrect_password_variants = [
	{ password: "", message: "Missing password!" },
	{
	password: "incorrect_password",
	message: "Incorrect password!",
	},
	];
	for (let variant of incorrect_password_variants) {
	await assert_throws_async(
	async () =>
	await rest_api.login({
	username: "seal",
	password: variant.password,
	}),
	e => {
	assert.equal(e.response.status, 401);
	assert.equal(
	e.response.data.message,
	variant.message
	);
	}
	);
	}
	}));

	async function add_user(app) {
	return app.run_action(
	new app.Sealious.SuperContext(),
	["collections", "users"],
	"create",
	{
	username: "seal",
	password: "seal",
	email: "seal@sealious.com",
	}
	);
	}

	it("correctly rejects when provided incorrect username", async () =>
	with_running_app(async ({ app, rest_api }) => {
	await add_user(app);
	const incorrect_username_variants = [
	{ username: "", message: "Missing username!" },
	{
	username: "incorrect_username",
	message: "Incorrect username!",
	},
	];
	for (let variant of incorrect_username_variants) {
	await assert_throws_async(
	async () =>
	await rest_api.login({
	username: variant.username,
	password: "seal",
	}),
	e => {
	assert.equal(e.response.status, 401);
	assert.equal(
	e.response.data.message,
	variant.message
	);
	}
	);
	}
	}));
	});
	});
	diff --git a/lib/http/routes/account-creation-details.js b/lib/http/routes/account-creation-details.js
	index 131d3c7b..a219ff8a 100644
	--- a/lib/http/routes/account-creation-details.js
	+++ b/lib/http/routes/account-creation-details.js
	@@ -1,109 +1,109 @@
	const assert = require("assert");
	const locreq = require("locreq")(__dirname);
	const fs = require("fs");

	let css;
	let get_css = async () => {
	if (!css) {
	css = await new Promise((resolve, reject) => {
	fs.readFile(
	locreq.resolve("lib/assets/vertical-rhythm.css"),
	(err, data) => {
	if (err) reject(err);
	else resolve(data);
	}
	);
	});
	}
	return css;
	};
	-let render_form = async (app, token, email) => `
	+let render_form = async (app, { token, email }) => `
	<!DOCTYPE html>
	<html>
	<style>
	${await get_css()}
	html {
	background-color: #edeaea;
	}
	body {
	max-width: 21cm;
	margin: 1cm auto;
	font-family: sans-serif;
	background-color: white;
	padding: 1cm;
	box-sizing: border-box;
	}
	.reveal-button{
	margin-left: -.5rem;
	}
	img{
	max-height: 55vh;
	max-width: 100%;
	}
	</style>
	<meta charset="utf-8">
	<title>${app.manifest.name} - ${app.i18n("registration_intent_cta")}</title>
	<img src="/api/v1/logo" alt="${app.manifest.name} - logo"/>
	<h1>${app.i18n("registration_intent_cta")}</h1>
	<form method="POST" id="form" action="/finalize-registration-intent" onkeypress="checkSubmit(event)">
	<input type="hidden" name="token" value="${token}"/>
	<fieldset>
	<legend>${app.i18n("registration_intent_form_description")}</legend>
	<label for="email">
	Email
	<input type="email" disabled id="email" value="${email}"/>
	</label>
	<br/>
	<label for="username">
	Login
	<input type="text" id="username" name="username"/>
	</label>
	<br/>
	<label for="pwd">
	${app.i18n("password").capitalize()}
	<input id="pwd" name="password" type="password" size="32"/>
	<button id="reveal" class="reveal-button" onclick="toggle(event)" title="${app.i18n(
	"reveal_password"
	)}" >🙈</button>
	</label>
	<br/>
	<input type="submit" value="${app.i18n("registration_intent_cta")}"/>
	</fieldset>
	</form>
	<script>
	function toggle(event){
	event.preventDefault();
	if(pwd.type=="password"){
	pwd.type="text";
	reveal.textContent="👀";
	}else{
	pwd.type="password";
	reveal.textContent="🙈";
	}
	return null;
	}
	function checkSubmit(event) {
	if (event.keyCode == 13 && document.activeElement.id != "reveal") {
	event.preventDefault();
	document.querySelector("#form").submit();
	}
	}
	-
	+
	</script>
	</html>
	`;

	module.exports = app => {
	app.WwwServer.custom_route(
	"GET",
	"/account-creation-details",
	async (app, context, params) => {
	assert(params.token);
	assert(params.email);
	return new app.Sealious.VirtualFile(
	- render_form(app, params.token, params.email),
	+ await render_form(app, params),
	"text/html"
	);
	}
	);
	};

File Metadata

Mime Type: text/x-diff
Expires: Sat, Nov 8, 03:37 (15 h, 22 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 1033980
Default Alt Text: (6 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions