Merge pull request #167 from hackmcgill/feature/15-userinvitations

15-Account invitation logic

Author: pierreTklein

assets/email/AccountInvitation.hbs

@@ -0,0 +1,4 @@
+<b>
+    Create Your Account:
+    <a href="{{link}}">here</a>
+</b>

constants/general.constant.js

@@ -73,11 +73,12 @@ EMAIL_SUBJECTS[HACKER_STATUS_CONFIRMED] = `Thanks for confirming your attendance
 EMAIL_SUBJECTS[HACKER_STATUS_CANCELLED] = "Sorry to see you go";
 EMAIL_SUBJECTS[HACKER_STATUS_CHECKED_IN] = `Welcome to ${HACKATHON_NAME}`;
 
-const CONFIRM_ACC_EMAIL_SUBJECTS = {};
-CONFIRM_ACC_EMAIL_SUBJECTS[HACKER] = `Please complete your hacker application for ${HACKATHON_NAME}`;
-CONFIRM_ACC_EMAIL_SUBJECTS[SPONSOR] = `You've been invited to create a sponsor account for ${HACKATHON_NAME}`;
-CONFIRM_ACC_EMAIL_SUBJECTS[VOLUNTEER] = `You've been invited to create a volunteer account for ${HACKATHON_NAME}`;
-CONFIRM_ACC_EMAIL_SUBJECTS[STAFF] = `You've been invited to create a staff account for ${HACKATHON_NAME}`;
+const CONFIRM_ACC_EMAIL_SUBJECT = `Please complete your hacker application for ${HACKATHON_NAME}`;
+const CREATE_ACC_EMAIL_SUBJECTS = {};
+CREATE_ACC_EMAIL_SUBJECTS[HACKER] = `You've been invited to create a hacker account for ${HACKATHON_NAME}`;
+CREATE_ACC_EMAIL_SUBJECTS[SPONSOR] = `You've been invited to create a sponsor account for ${HACKATHON_NAME}`;
+CREATE_ACC_EMAIL_SUBJECTS[VOLUNTEER] = `You've been invited to create a volunteer account for ${HACKATHON_NAME}`;
+CREATE_ACC_EMAIL_SUBJECTS[STAFF] = `You've been invited to create a staff account for ${HACKATHON_NAME}`;
 
 module.exports = {
     HACKATHON_NAME: HACKATHON_NAME,
@@ -99,7 +100,8 @@ module.exports = {
     EXTENDED_USER_TYPES: EXTENDED_USER_TYPES,
     URL_REGEX: URL_REGEX,
     EMAIL_SUBJECTS: EMAIL_SUBJECTS,
-    CONFIRM_ACC_EMAIL_SUBJECTS: CONFIRM_ACC_EMAIL_SUBJECTS,
+    CREATE_ACC_EMAIL_SUBJECTS: CREATE_ACC_EMAIL_SUBJECTS,
+    CONFIRM_ACC_EMAIL_SUBJECT: CONFIRM_ACC_EMAIL_SUBJECT,
     HACKER: HACKER,
     SPONSOR: SPONSOR,
     VOLUNTEER: VOLUNTEER,

constants/routes.constant.js

@@ -48,6 +48,10 @@ const accountRoutes = {
     "patchAnyById": {
         requestType: Constants.REQUEST_TYPES.PATCH,
         uri: "/api/account/" + Constants.ROLE_CATEGORIES.ALL,
+    },
+    "inviteAccount": {
+        requestType: Constants.REQUEST_TYPES.POST,
+        uri: "/api/account/invite"
     }
 };
 

controllers/account.controller.js

@@ -105,6 +105,14 @@ async function updateAccount(req, res) {
     }
 }
 
+function invitedAccount(req, res){
+    return res.status(200).json({
+        message: "Successfully invited user",
+        data: {}
+    })
+}
+
+
 module.exports = {
     getUserByEmail: Util.asyncMiddleware(getUserByEmail),
     getUserById: Util.asyncMiddleware(getUserById),
@@ -113,4 +121,5 @@ module.exports = {
     addUser: Util.asyncMiddleware(addUser),
 
     updateAccount: Util.asyncMiddleware(updateAccount),
+    invitedAccount: invitedAccount
 };

middlewares/account.middleware.js

@@ -5,7 +5,9 @@ const mongoose = require("mongoose");
 const Services = {
     RoleBinding: require("../services/roleBinding.service"),
     Logger: require("../services/logger.service"),
-    Account: require("../services/account.service")
+    Account: require("../services/account.service"),
+    AccountConfirmation: require("../services/accountConfirmation.service"),
+    Email: require("../services/email.service")
 };
 
 const Middleware = {
@@ -113,12 +115,44 @@ async function addAccount(req, res, next) {
     next();
 }
 
+/**
+ * @function inviteAccount
+ * @param {{body: {email: string, accountType: string}}} req 
+ * @param {*} res 
+ * @param {(err?)=>void} next 
+ * @return {void}
+ * Creates email to provide a link for the user to create an account
+ */
+async function inviteAccount(req, res, next) {
+    const email = req.body.email;
+    const accountType = req.body.accountType;
+    const confirmationObj = await Services.AccountConfirmation.create(accountType, email);
+    const confirmationToken = Services.AccountConfirmation.generateToken(confirmationObj.id);
+
+    const mailData = Services.AccountConfirmation.generateAccountInvitationEmail(req.hostname, email, accountType, confirmationToken);
+    if (mailData !== undefined) {
+        Services.Email.send(mailData, (err) => {
+            if (err) {
+                next(err);
+            } else {
+                next();
+            }
+        });
+    } else {
+        return next({
+            message: Constants.Error.EMAIL_500_MESSAGE,
+        });
+    }
+
+}
+
 module.exports = {
     parsePatch: parsePatch,
     parseAccount: parseAccount,
     // untested
     addDefaultHackerPermissions: Middleware.Util.asyncMiddleware(addDefaultHackerPermissions),
     // untested
     updatePassword: Middleware.Util.asyncMiddleware(updatePassword),
-    addAccount: Middleware.Util.asyncMiddleware(addAccount)
+    addAccount: Middleware.Util.asyncMiddleware(addAccount),
+    inviteAccount: Middleware.Util.asyncMiddleware(inviteAccount)
 };

middlewares/validators/account.validator.js

@@ -23,5 +23,9 @@ module.exports = {
         VALIDATOR.shirtSizeValidator("body", "shirtSize", true),
         VALIDATOR.dateValidator("body", "birthDate", true),
         VALIDATOR.phoneNumberValidator("body", "phoneNumber", true)
+    ],
+    inviteAccountValidator: [
+        VALIDATOR.emailValidator("body", "email", false),
+        VALIDATOR.accountTypeValidator("body", "accountType", false)
     ]
 };

middlewares/validators/validator.helper.js

@@ -552,6 +552,26 @@ function phoneNumberValidator(fieldLocation, fieldname, optional = true) {
     }
 }
 
+/**
+ * Validates that field must be a valid account type
+ * @param {"query" | "body" | "header" | "param"} fieldLocation the location where the field should be found 
+ * @param {string} fieldname name of the field that needs to be validated.
+ * @param {boolean} optional whether the field is optional or not.
+ */
+function accountTypeValidator(fieldLocation, fieldname, optional = true) {
+    const accountType = setProperValidationChainBuilder(fieldLocation, fieldname, "Invalid account type");
+    if (optional) {
+        return accountType.optional({
+            checkFalsy: true
+        }).isIn(Constants.EXTENDED_USER_TYPES);
+    }
+    else{
+        return accountType.exists()
+            .withMessage("Account type must be provided")
+            .isIn(Constants.EXTENDED_USER_TYPES);
+    }
+}
+
 /**
  *
  * @param {"query" | "body" | "header" | "param"} fieldLocation the location where the field should be found
@@ -601,5 +621,6 @@ module.exports = {
     searchValidator: searchValidator,
     searchSortValidator: searchSortValidator,
     phoneNumberValidator: phoneNumberValidator,
-    dateValidator: dateValidator
+    dateValidator: dateValidator,
+    accountTypeValidator: accountTypeValidator
 };

routes/api/account.js

@@ -179,6 +179,33 @@ module.exports = {
             Controllers.Account.getUserById
         );
 
+        /**
+         * @api {post} /account/invite invites a user to create an account with the specified accountType
+         * @apiName inviteAccount
+         * @apiGroup Account
+         * @apiVersion 0.0.8
+         * @apiDescription sends link with token to be used with the account/create route
+         * 
+         * @apiParam (body) {String} [email] email of the account to be created and where to send the link
+         * @apiParam (body) {String} [accountType] the type of the account which the user can create, for sponsor this should specify tier as well
+         * 
+         * @apiSuccess {string} message Success message
+         * @apiSuccess {object} data Account object
+         * @apiSuccessExample {object} Success-Response: 
+         *      {
+                    "message": "Successfully invited user  ", 
+                    "data": {}
+                }
+         */
+        accountRouter.route("/invite").post(
+            Middleware.Auth.ensureAuthenticated(),
+            Middleware.Auth.ensureAuthorized(),
+            Middleware.Validator.Account.inviteAccountValidator,
+            Middleware.parseBody.middleware,
+            Middleware.Account.inviteAccount,
+            Controllers.Account.invitedAccount
+        );
+
         apiRouter.use("/account", accountRouter);
     }
 };

services/accountConfirmation.service.js

@@ -57,7 +57,7 @@ async function create(type, email, accountId) {
  * @param {ObjectId} accountId
  * @returns {string} JWT Token containing accountId and accountConfirmationId
  */
-function generateToken(accountConfirmationId, accountId) {
+function generateToken(accountConfirmationId, accountId = null) {
     const token = jwt.sign({
         accountConfirmationId: accountConfirmationId,
         accountId: accountId
@@ -68,34 +68,48 @@ function generateToken(accountConfirmationId, accountId) {
 }
 
 /**
- * Generates the link that the user will use to access the page to finish account creation
+ * Generates the link that the user will use to access the page to begin account creationg
  * @param {'http'|'https'} httpOrHttps 
  * @param {string} domain the domain of the current
  * @param {string} type the model that the 
  * @param {string} token the reset token
  * @returns {string} the string, of form: [http|https]://{domain}/{model}/create?token={token}
  */
-function generateTokenLink(httpOrHttps, domain, type, token) {
+function generateCreateAccountTokenLink(httpOrHttps, domain, type, token) {
     const link = `${httpOrHttps}://${domain}/${type}/create?token=${token}`;
     return link;
 }
 
 /**
- * Generates the mailData for the account confirmation Email.
+ * Generates the link that the user will use to confirm account and proceed with account creationg
+ * @param {'http'|'https'} httpOrHttps 
+ * @param {string} domain the domain of the current
+ * @param {string} type the model that the 
+ * @param {string} token the reset token
+ * @returns {string} the string, of form: [http|https]://{domain}/{model}/create?token={token}
+ */
+function generateConfirmTokenLink(httpOrHttps, domain, type, token) {
+    const link = `${httpOrHttps}://${domain}/${type}/confirm?token=${token}`;
+    return link;
+}
+/**
+ * Generates the mailData for the account confirmation Email. This really only applies to
+ * hackers as all other accounts are intrinsically confirmed via the email they recieve to invite them
  * @param {string} hostname The hostname that this service is running on
  * @param {string} receiverEmail The receiver of the email
+ * @param {string} type the user type
  * @param {string} token The account confirmation token
  */
 function generateAccountConfirmationEmail(hostname, receiverEmail, type, token) {
     const httpOrHttps = (hostname === "localhost") ? "http" : "https";
     const address = (hostname === "localhost") ? `localhost:${process.env.PORT}` : hostname;
-    const tokenLink = generateTokenLink(httpOrHttps, address, type, token);
+    const tokenLink = generateConfirmTokenLink(httpOrHttps, address, type, token);
     var emailSubject = "";
     if (token === undefined || tokenLink === undefined) {
         return undefined;
     }
     if (type === Constants.HACKER) {
-        emailSubject = Constants.CONFIRM_ACC_EMAIL_SUBJECTS[Constants.HACKER];
+        emailSubject = Constants.CONFIRM_ACC_EMAIL_SUBJECT
     }
     const handlebarPath = path.join(__dirname, `../assets/email/AccountConfirmation.hbs`);
 
@@ -109,10 +123,50 @@ function generateAccountConfirmationEmail(hostname, receiverEmail, type, token)
     };
     return mailData;
 }
+
+/*
+* Generates the mailData for the account invitation Email.
+* @param {string} hostname The hostname that this service is running on
+* @param {string} receiverEmail The receiver of the email
+* @param {string} type The user type
+* @param {string} token The account confirmation token
+ */
+function generateAccountInvitationEmail(hostname, receiverEmail, type, token) {
+    const httpOrHttps = (hostname === "localhost") ? "http" : "https";
+    const address = (hostname === "localhost") ? `localhost:${process.env.PORT}` : hostname;
+    const tokenLink = generateCreateAccountTokenLink(httpOrHttps, address, type, token);
+    var emailSubject = "";
+    if (token === undefined || tokenLink === undefined) {
+        return undefined;
+    }
+    if (type === Constants.HACKER) {
+        emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.HACKER];
+    }
+    else if(type === Constants.VOLUNTEER){
+        emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.VOLUNTEER];
+    }
+    else if(Constants.SPONSOR_TIERS.includes(type)){
+        emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.SPONSOR];
+    }
+    else if(type === Constants.STAFF){
+        emailSubject = Constants.CREATE_ACC_EMAIL_SUBJECTS[Constants.STAFF];
+    }
+    const handlebarPath = path.join(__dirname, `../assets/email/AccountInvitation.hbs`);
+    const mailData = {
+        from: process.env.NO_REPLY_EMAIL,
+        to: receiverEmail,
+        subject: emailSubject,
+        html: Services.Email.renderEmail(handlebarPath, {
+            link: tokenLink
+        })
+    };
+    return mailData;
+}
 module.exports = {
     findById: findById,
     findByAccountId: findByAccountId,
     create: create,
     generateToken: generateToken,
     generateAccountConfirmationEmail: generateAccountConfirmationEmail,
+    generateAccountInvitationEmail: generateAccountInvitationEmail
 }

tests/account.test.js

@@ -8,6 +8,7 @@ const Account = require("../models/account.model");
 const should = chai.should();
 const Constants = {
     Error: require("../constants/error.constant"),
+    General: require("../constants/general.constant")
 };
 
 
@@ -218,7 +219,18 @@ describe("POST confirm account", function () {
                 res.body.message.should.equal(Constants.Error.ACCOUNT_TOKEN_401_MESSAGE);
                 done();
             })
-    })
+    });
+    it("should FAIL to confirm account that has token with email but no account", function(done) {
+        chai.request(server.app)
+        .post('/api/auth/confirm/' + fakeToken)
+        .type("application/json")
+        .end(function (err, res) {
+            res.should.have.status(401);
+            res.body.should.have.property("message");
+            res.body.message.should.equal(Constants.Error.ACCOUNT_TOKEN_401_MESSAGE);
+            done();
+        })
+    });
 })
 
 describe("PATCH update account", function () {
@@ -430,4 +442,30 @@ describe("GET resend confirmation email", function () {
                 })
         })
     })
+});
+
+describe("POST invite account", function () {
+    it("Should succeed to invite a user to create an account", function(done){
+        util.auth.login(agent, Admin1, (error) => {
+            if (error) {
+                agent.close();
+                return done(error);
+            }
+            return agent
+                .post("/api/account/invite")
+                .type("application/json")
+                .send({email: newAccount1.email,
+                    accountType: Constants.General.VOLUNTEER})
+                // does not have password because of to stripped json
+                .end(function (err, res) {
+                    if (err) {
+                        return done(err);
+                    }
+                    res.should.have.status(200);
+                    res.body.should.have.property("message");
+                    res.body.message.should.equal("Successfully invited user");
+                    done();
+                });
+        });
+    })
 });