Migrated authentication.isInvitation method to v2

2025-03-11 02:12:21 -05:00 · 2019-07-24 14:53:09 +02:00 · 2019-07-24 14:53:09 +02:00 · 132e278a22
commit 132e278a22
parent f4b97d3bc8
7 changed files with 81 additions and 2 deletions
--- a/core/server/api/v2/authentication.js
+++ b/core/server/api/v2/authentication.js
@ -1,5 +1,6 @@
 const api = require('./index');
 const web = require('../../web');
+const models = require('../../models');
 const auth = require('../../services/auth');
 const invitations = require('../../services/invitations');

@ -73,5 +74,23 @@ module.exports = {
                    return invitations.accept(frame.data);
                });
        }
+    },
+
+    isInvitation: {
+        validation: {
+            docName: 'invitations'
+        },
+        permissions: false,
+        query(frame) {
+            return Promise.resolve()
+                .then(() => {
+                    return auth.setup.assertSetupCompleted(true);
+                })
+                .then(() => {
+                    const email = frame.data.email;
+
+                    return models.Invite.findOne({email: email, status: 'sent'}, frame.options)
+                });
+        }
    }
 };
--- a/core/server/api/v2/utils/serializers/output/authentication.js
+++ b/core/server/api/v2/utils/serializers/output/authentication.js
@ -10,5 +10,15 @@ module.exports = {
                {message: common.i18n.t('common.api.authentication.mail.invitationAccepted')}
            ]
        };
+    },
+
+    isInvitation(data, apiConfig, frame) {
+        debug('acceptInvitation');
+
+        frame.response = {
+            invitation: [{
+                valid: !!data
+            }]
+        };
    }
 };
--- a/core/server/api/v2/utils/serializers/output/index.js
+++ b/core/server/api/v2/utils/serializers/output/index.js
@ -3,6 +3,10 @@ module.exports = {
        return require('./all');
    },

+    get authentication() {
+        return require('./authentication');
+    },
+
    get db() {
        return require('./db');
    },
--- a/core/server/api/v2/utils/validators/input/index.js
+++ b/core/server/api/v2/utils/validators/input/index.js
@ -15,6 +15,10 @@ module.exports = {
        return require('./invites');
    },

+    get invitations() {
+        return require('./invitations');
+    },
+
    get settings() {
        return require('./settings');
    },
--- a/core/server/api/v2/utils/validators/input/invitations.js
+++ b/core/server/api/v2/utils/validators/input/invitations.js
@ -1,4 +1,5 @@
 const Promise = require('bluebird');
+const validator = require('validator');
 const debug = require('ghost-ignition').debug('api:v2:utils:validators:input:invitation');
 const common = require('../../../../../lib/common');

@ -23,6 +24,17 @@ module.exports = {
        if (!data.name) {
            return Promise.reject(new common.errors.ValidationError({message: common.i18n.t('errors.api.authentication.noNameProvided')}));
        }
+    },
+
+    isInvitation(apiConfig, frame) {
+        debug('isInvitation');
+
+        const email = frame.data.email;
+
+        if (typeof email !== 'string' || !validator.isEmail(email)) {
+            throw new common.errors.BadRequestError({
+                message: common.i18n.t('errors.api.authentication.invalidEmailReceived')
+            });
+        }
    }
 };
-
--- a/core/server/web/api/v2/admin/routes.js
+++ b/core/server/web/api/v2/admin/routes.js
@ -188,7 +188,7 @@ module.exports = function apiRoutes() {
    );
    router.put('/authentication/passwordreset', shared.middlewares.brute.globalBlock, api.http(apiv2.authentication.resetPassword));
    router.post('/authentication/invitation', api.http(apiv2.authentication.acceptInvitation));
-    router.get('/authentication/invitation', api.http(api.authentication.isInvitation));
+    router.get('/authentication/invitation', api.http(apiv2.authentication.isInvitation));
    router.post('/authentication/setup', api.http(api.authentication.setup));
    router.put('/authentication/setup', mw.authAdminApi, api.http(api.authentication.updateSetup));
    router.get('/authentication/setup', api.http(api.authentication.isSetup));
--- a/core/test/regression/api/v2/admin/authentication_spec.js
+++ b/core/test/regression/api/v2/admin/authentication_spec.js
@ -397,6 +397,36 @@ describe.only('Authentication API v2', function () {
                });
        });

+        it('check invite with invalid email', function () {
+            return request
+                .get(localUtils.API.getApiQuery('authentication/invitation?email=invalidemail'))
+                .set('Origin', config.get('url'))
+                .expect('Content-Type', /json/)
+                .expect(400);
+        });
+
+        it('check valid invite', function () {
+            return request
+                .get(localUtils.API.getApiQuery(`authentication/invitation?email=${testUtils.DataGenerator.forKnex.invites[0].email}`))
+                .set('Origin', config.get('url'))
+                .expect('Content-Type', /json/)
+                .expect(200)
+                .then((res) => {
+                    res.body.invitation[0].valid.should.equal(true);
+                });
+        });
+
+        it('check invalid invite', function () {
+            return request
+                .get(localUtils.API.getApiQuery(`authentication/invitation?email=notinvited@example.org`))
+                .set('Origin', config.get('url'))
+                .expect('Content-Type', /json/)
+                .expect(200)
+                .then((res) => {
+                    res.body.invitation[0].valid.should.equal(false);
+                });
+        });
+
        it('try to accept without invite', function () {
            return request
                .post(localUtils.API.getApiQuery('authentication/invitation'))