/api/user/organizations/create-invitation (POST)
Account information like email addresses is generated with faker-js it is not real user information.
await global.api.user.organizations.CreateInvitation.post(req)Returns object
{
"invitationid": "invt_c849de932872a337",
"organizationid": "orgn_8c90788251cb1fc2",
"accountid": "acct_f30eb9d2094b6123",
"object": "invitation",
"appid": "tests_1656039700",
"secretCode": "secret0012",
"multi": true,
"acceptedAt": null,
"terminatedAt": null,
"createdAt": "2022-06-24T03:01:40.650Z",
"updatedAt": "2022-06-24T03:01:40.650Z"
}Receives
API routes may receive parameters from the URL and POST supporting simple and multipart:
| Field | Value | Required | Type |
|---|---|---|---|
| secret-code | string | required | POST |
Exceptions
These exceptions are thrown (NodeJS) or returned as JSON (HTTP) if you provide incorrect data or do not meet the requirements:
| Exception | Circumstances |
|---|---|
| invalid-account | accessing account is not organization owner |
| invalid-lifespan | missing posted lifespan |
| invalid posted lifespan | |
| invalid-organizationid | missing querystring organizationid |
| invalid querystring organizationid | |
| invalid-secret-code | missing posted secret-code |
| invalid-secret-code-length | posted secret-code too short |
| posted secret-code too long |
NodeJS source (view on github)
const organizations = require('../../../../../index.js')
module.exports = {
post: async (req) => {
if (!req.query || !req.query.organizationid) {
throw new Error('invalid-organizationid')
}
if (!req.body || !req.body['secret-code']) {
throw new Error('invalid-secret-code')
}
if (req.body['secret-code'].match(/^[a-z0-9]+$/i) === null) {
throw new Error('invalid-secret-code')
}
if (global.minimumInvitationCodeLength > req.body['secret-code'].length ||
global.maximumInvitationCodeLength < req.body['secret-code'].length) {
throw new Error('invalid-secret-code-length')
}
if (req.body.lifespan !== 'single' && req.body.lifespan !== 'multi') {
throw new Error('invalid-lifespan')
}
const organization = await global.api.user.organizations.Organization.get(req)
if (!organization) {
throw new Error('invalid-organizationid')
}
if (organization.ownerid !== req.account.accountid) {
throw new Error('invalid-account')
}
const secretCode = req.body['secret-code']
const invitationInfo = {
appid: req.appid || global.appid,
accountid: req.account.accountid,
organizationid: req.query.organizationid,
secretCode,
multi: req.body.lifespan === 'multi'
}
const existing = await organizations.Storage.Invitation.findOne({
where: {
secretCode,
organizationid: req.query.organizationid,
appid: req.appid || global.appid
}
})
if (existing && existing.dataValues && existing.dataValues.invitationid) {
throw new Error('duplicate-secret-code')
}
const invitation = await organizations.Storage.Invitation.create(invitationInfo)
req.query.invitationid = invitation.dataValues.invitationid
return global.api.user.organizations.Invitation.get(req)
}
}
Test source (view on github)
/* eslint-env mocha */
const assert = require('assert')
const TestHelper = require('../../../../../test-helper.js')
describe('/api/user/organizations/create-invitation', () => {
describe('exceptions', () => {
describe('invalid-organizationid', () => {
it('missing querystring organizationid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/organizations/create-invitation')
req.account = user.account
req.session = user.session
req.body = {
'secret-code': 'secret0001',
lifespan: 'multi'
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-organizationid')
})
it('invalid querystring organizationid', async () => {
const user = await TestHelper.createUser()
const req = TestHelper.createRequest('/api/user/organizations/create-invitation?organizationid=invalid')
req.account = user.account
req.session = user.session
req.body = {
'secret-code': 'secret0002',
lifespan: 'multi'
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-organizationid')
})
})
describe('invalid-lifespan', () => {
it('missing posted lifespan', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = owner.account
req.session = owner.session
req.body = {
'secret-code': 'oijoijoijoijoij',
lifespan: ''
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-lifespan')
})
it('invalid posted lifespan', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = owner.account
req.session = owner.session
req.body = {
'secret-code': 'oijoijoijoijoij',
lifespan: 'invalid'
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-lifespan')
})
})
describe('invalid-secret-code', () => {
it('missing posted secret-code', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = owner.account
req.session = owner.session
req.body = {
'secret-code': '',
lifespan: 'multi'
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-secret-code')
})
})
describe('invalid-secret-code-length', () => {
it('posted secret-code too short', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = owner.account
req.session = owner.session
req.body = {
'secret-code': '1',
lifespan: 'multi'
}
global.minimumInvitationCodeLength = 100
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-secret-code-length')
})
it('posted secret-code too long', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = owner.account
req.session = owner.session
req.body = {
'secret-code': '123456',
lifespan: 'multi'
}
global.maximumInvitationCodeLength = 1
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-secret-code-length')
})
})
describe('invalid-account', () => {
it('accessing account is not organization owner', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const user = await TestHelper.createUser()
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = user.account
req.session = user.session
req.body = {
'secret-code': 'secret0000',
lifespan: 'multi'
}
let errorMessage
try {
await req.post()
} catch (error) {
errorMessage = error.message
}
assert.strictEqual(errorMessage, 'invalid-account')
})
})
})
describe('receives', () => {
it('required posted secret-code', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = owner.account
req.session = owner.session
req.body = {
'secret-code': '1234567890',
lifespan: 'multi'
}
const invitation = await req.post()
assert.strictEqual(invitation.object, 'invitation')
})
})
describe('returns', () => {
it('object', async () => {
const owner = await TestHelper.createUser()
global.userProfileFields = ['display-name', 'display-email']
await TestHelper.createProfile(owner, {
'display-name': owner.profile.fullName,
'display-email': owner.profile.contactEmail
})
await TestHelper.createOrganization(owner, {
email: owner.profile.displayEmail,
name: 'My organization',
profileid: owner.profile.profileid,
pin: '4321'
})
const req = TestHelper.createRequest(`/api/user/organizations/create-invitation?organizationid=${owner.organization.organizationid}`)
req.account = owner.account
req.session = owner.session
req.body = {
'secret-code': 'secret0012',
lifespan: 'multi'
}
req.filename = __filename
req.saveResponse = true
const invitation = await req.post()
assert.strictEqual(invitation.object, 'invitation')
})
})
})