Merge pull request #14 from GTBitsOfGood/davidpang/user-register-mutation

dpang314 · web-flow · commit 11dd6b82d905 · 2025-02-05T10:35:35.000-05:00
diff --git a/src/app/api/users/route.test.ts b/src/app/api/users/route.test.ts
@@ -5,6 +5,7 @@ import { expect, test } from "@jest/globals";
 import { dbMock } from "@/test/dbMock";
 import { authMock } from "@/test/authMock";
 import { UserType } from "@prisma/client";
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 
 test("returns 401 on unauthenticated requests", async () => {
     await testApiHandler({
@@ -74,3 +75,118 @@ test("returns 200 and user list on succesful request", async () => {
         },
     });
 });
+
+test("bad form data", async () => {
+  await testApiHandler({
+    appHandler,
+    async test({ fetch }) {
+      const badFormData = new FormData();
+      badFormData.append('inviteTokenBad', 'test_token');
+      badFormData.append('passwordBad', 'test_password');
+
+      const res = await fetch({ method: "POST", body: badFormData });
+      await expect(res.status).toEqual(400);
+    },
+  });
+});
+
+const getGoodFormData = () => {
+    const goodFormData = new FormData();
+    goodFormData.append('inviteToken', 'test_token');
+    goodFormData.append('password', 'test_password');
+    return goodFormData;
+}
+
+test("missing user invite", async () => {
+    await testApiHandler({
+        appHandler,
+        async test({ fetch }) {
+            dbMock.userInvite.findUnique.mockResolvedValue(null);
+
+            const res = await fetch({ method: "POST", body: getGoodFormData() });
+            await expect(res.status).toEqual(404);
+        },
+    });
+});
+
+test("expired user invite", async () => {
+    await testApiHandler({
+        appHandler,
+        async test({ fetch }) {
+            const yearAgo = new Date();
+            yearAgo.setFullYear(new Date().getFullYear() - 1);
+
+            dbMock.userInvite.findUnique.mockResolvedValue({
+                token: 'test_token',
+                id: 0,
+                userType: UserType.SUPER_ADMIN,
+                email: "test_email@test.com",
+                expiration: yearAgo,
+                partnerDetails: null,
+                name: ""
+            });
+
+            const res = await fetch({ method: "POST", body: getGoodFormData() });
+            await expect(res.status).toEqual(400);
+        },
+    });
+});
+
+
+test("user already exists", async () => {
+    await testApiHandler({
+        appHandler,
+        async test({ fetch }) {
+            const yearLater = new Date();
+            yearLater.setFullYear(new Date().getFullYear() + 1);
+
+            dbMock.userInvite.findUnique.mockResolvedValue({
+                token: 'test_token',
+                id: 0,
+                userType: UserType.SUPER_ADMIN,
+                email: "test_email@test.com",
+                expiration: yearLater,
+                partnerDetails: null,
+                name: ""
+            });
+
+            dbMock.user.create.mockImplementation(() => {
+                throw new PrismaClientKnownRequestError(
+                    'violates uniqueness constraint', 
+                    {
+                        code: 'P2002', 
+                        clientVersion: 'mock', 
+                        meta: {}, 
+                        batchRequestIdx: 1
+                    }
+                );
+            });
+
+            const res = await fetch({ method: "POST", body: getGoodFormData() });
+            await expect(res.status).toEqual(409);
+        },
+    });
+});
+
+test("successful create", async () => {
+    await testApiHandler({
+        appHandler,
+        async test({ fetch }) {
+            const yearLater = new Date();
+            yearLater.setFullYear(new Date().getFullYear() + 1);
+
+            dbMock.userInvite.findUnique.mockResolvedValue({
+                token: 'test_token',
+                id: 0,
+                userType: UserType.SUPER_ADMIN,
+                email: "test_email@test.com",
+                expiration: yearLater,
+                partnerDetails: null,
+                name: ""
+            });
+
+            const res = await fetch({ method: "POST", body: getGoodFormData() });
+            await expect(res.status).toEqual(200);
+        },
+    });
+});
diff --git a/src/app/api/users/route.ts b/src/app/api/users/route.ts
@@ -1,8 +1,11 @@
 import { auth } from "@/auth";
 import { db } from "@/db";
-import { authenticationError, authorizationError } from "@/util/responses";
+import { argumentError, conflictError, notFoundError, authenticationError, authorizationError, ok } from "@/util/responses";
 import { UserType } from "@prisma/client";
-import { NextResponse } from "next/server";
+import { NextRequest, NextResponse } from "next/server";
+import { zfd } from "zod-form-data";
+import * as argon2 from 'argon2';
+import { PrismaClientKnownRequestError } from "@prisma/client/runtime/library";
 
 const ALLOWED_USER_TYPES: UserType[] = [
     UserType.ADMIN,
@@ -36,3 +39,55 @@ export async function GET() {
 
     return NextResponse.json(users, { status: 200 });
 }
+
+const schema = zfd.formData({
+    inviteToken: zfd.text(),
+    password: zfd.text()
+});
+
+/**
+ * Creates a new User record.
+ * Parameters are passed via form data.
+ * @param inviteToken Corresponds to token in existing UserInvite record
+ * @param password Password for new User account
+ * @returns 400 if bad form data or expired UserInvite
+ * @returns 404 if UserInvite does not exist
+ * @returns 409 if User record for corresponding UserInvite already exists
+ * @returns 200
+ */
+export async function POST(req: NextRequest) {
+    const parsed = schema.safeParse(await req.formData());
+    if (!parsed.success) {
+        return argumentError("Invalid user data");
+    }
+    
+    const { inviteToken, password } = parsed.data;
+    const userInvite = await db.userInvite.findUnique({
+        where: {
+            token: inviteToken
+        }
+    });
+    if (!userInvite) {
+        return notFoundError("Invite does not exist");
+    } else if (userInvite.expiration < new Date()) {
+        return argumentError("Invite has expired");
+    }
+    try {
+        await db.user.create({
+            data: {
+                name: userInvite.name,
+                email: userInvite.email,
+                passwordHash: await argon2.hash(password),
+                type: userInvite.userType
+            }
+        });
+    } catch (e) {
+        if (e instanceof PrismaClientKnownRequestError) {
+            if (e.code === 'P2002') {
+                return conflictError("User already exists");
+            }
+        }
+        throw e;
+    }
+    return ok();
+}
