Fixed GuestInvitation to validate the token

jezzsantos · Oct 25, 2024 · 063f3bd · 063f3bd
1 parent 84f41be
commit 063f3bd
Show file tree

Hide file tree

Showing 9 changed files with 87 additions and 32 deletions.
diff --git a/src/EndUsersApplication.UnitTests/EndUsersApplicationSpec.cs b/src/EndUsersApplication.UnitTests/EndUsersApplicationSpec.cs
@@ -155,6 +155,8 @@ public async Task WhenRegisterPersonAsyncAndWasInvitedAsGuest_ThenCompletesRegis
             It.IsAny<CancellationToken>()), Times.Never);
     }
 
+    private const string TestingToken = "Ll4qhv77XhiXSqsTUc6icu56ZLrqu5p1gH9kT5IlHio";
+
     [Fact]
     public async Task WhenRegisterPersonAsyncAndAcceptingGuestInvitation_ThenCompletesRegistration()
     {
@@ -164,7 +166,7 @@ public async Task WhenRegisterPersonAsyncAndAcceptingGuestInvitation_ThenComplet
             .Returns("acallid");
         var tokensService = new Mock<ITokensService>();
         tokensService.Setup(ts => ts.CreateGuestInvitationToken())
-            .Returns("aninvitationtoken");
+            .Returns(TestingToken);
         var invitee = EndUserRoot.Create(_recorder.Object, _idFactory.Object, UserClassification.Person).Value;
         await invitee.InviteGuestAsync(tokensService.Object, "aninviterid".ToId(),
             EmailAddress.Create("[email protected]").Value, (_, _) => Task.FromResult(Result.Ok));
@@ -204,7 +206,7 @@ await invitee.InviteGuestAsync(tokensService.Object, "aninviterid".ToId(),
                 }
             });
 
-        var result = await _application.RegisterPersonAsync(_caller.Object, "aninvitationtoken", "[email protected]",
+        var result = await _application.RegisterPersonAsync(_caller.Object, TestingToken, "[email protected]",
             "afirstname", "alastname", null, null, true, CancellationToken.None);
 
         result.Should().BeSuccess();
@@ -215,7 +217,7 @@ await invitee.InviteGuestAsync(tokensService.Object, "aninviterid".ToId(),
         result.Value.Roles.Should().OnlyContain(role => role == PlatformRoles.Standard.Name);
         result.Value.Features.Should().ContainInOrder(PlatformFeatures.PaidTrial.Name, PlatformFeatures.Basic.Name);
         _invitationRepository.Verify(rep =>
-            rep.FindInvitedGuestByTokenAsync("aninvitationtoken", It.IsAny<CancellationToken>()));
+            rep.FindInvitedGuestByTokenAsync(TestingToken, It.IsAny<CancellationToken>()));
         _notificationsService.Verify(ns => ns.NotifyPasswordRegistrationRepeatCourtesyAsync(It.IsAny<ICallerContext>(),
             It.IsAny<string>(),
             It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(), It.IsAny<string>(),

diff --git a/src/EndUsersApplication.UnitTests/InvitationsApplication.DomainEventHandlersSpec.cs b/src/EndUsersApplication.UnitTests/InvitationsApplication.DomainEventHandlersSpec.cs
@@ -50,13 +50,14 @@ public InvitationsApplicationDomainEventHandlersSpec()
         _notificationsService = new Mock<IUserNotificationsService>();
         _tokensService = new Mock<ITokensService>();
         _tokensService.Setup(ts => ts.CreateGuestInvitationToken())
-            .Returns("aninvitationtoken");
+            .Returns(TestingToken);
 
         _application =
             new InvitationsApplication(_recorder.Object, idFactory.Object, _tokensService.Object,
                 _notificationsService.Object, _userProfilesService.Object, _repository.Object);
     }
 
+    private const string TestingToken = "Ll4qhv77XhiXSqsTUc6icu56ZLrqu5p1gH9kT5IlHio";
     [Fact]
     public async Task WhenHandleOrganizationMemberInvitedAsyncAndNoUserIdNorEmailAddress_ThenReturnsError()
     {
@@ -179,7 +180,7 @@ await _application.HandleOrganizationMemberInvitedAsync(_caller.Object, domainEv
         _userProfilesService.Verify(ups =>
             ups.FindPersonByEmailAddressPrivateAsync(_caller.Object, "[email protected]",
                 It.IsAny<CancellationToken>()));
-        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, "aninvitationtoken",
+        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, TestingToken,
             "[email protected]", "Aninvitee", "aninviterdisplayname", It.IsAny<CancellationToken>()));
         _repository.Verify(rep => rep.LoadAsync("anid".ToId(), It.IsAny<CancellationToken>()), Times.Never);
         _repository.Verify(rep => rep.LoadAsync("aninviterid".ToId(), It.IsAny<CancellationToken>()));
@@ -229,7 +230,7 @@ await _application.HandleOrganizationMemberInvitedAsync(_caller.Object, domainEv
             && eu.GuestInvitation.IsInvited
             && eu.GuestInvitation.InvitedById! == "aninviterid".ToId()
         ), It.IsAny<CancellationToken>()));
-        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, "aninvitationtoken",
+        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, TestingToken,
             "[email protected]", "Aninvitee", "aninviterdisplayname", It.IsAny<CancellationToken>()));
         _userProfilesService.Verify(ups =>
             ups.GetProfilePrivateAsync(_caller.Object, "aninviterid", It.IsAny<CancellationToken>()));

diff --git a/src/EndUsersApplication.UnitTests/InvitationsApplicationSpec.cs b/src/EndUsersApplication.UnitTests/InvitationsApplicationSpec.cs
@@ -22,6 +22,7 @@ namespace EndUsersApplication.UnitTests;
 [Trait("Category", "Unit")]
 public class InvitationsApplicationSpec
 {
+    private const string TestingToken = "Ll4qhv77XhiXSqsTUc6icu56ZLrqu5p1gH9kT5IlHio";
     private readonly InvitationsApplication _application;
     private readonly Mock<ICallerContext> _caller;
     private readonly Mock<IUserNotificationsService> _notificationsService;
@@ -48,7 +49,7 @@ public InvitationsApplicationSpec()
         _notificationsService = new Mock<IUserNotificationsService>();
         _tokensService = new Mock<ITokensService>();
         _tokensService.Setup(ts => ts.CreateGuestInvitationToken())
-            .Returns("aninvitationtoken");
+            .Returns(TestingToken);
 
         _application =
             new InvitationsApplication(_recorder.Object, idFactory.Object, _tokensService.Object,
@@ -192,7 +193,7 @@ await invitee.InviteGuestAsync(_tokensService.Object, "aninviterid".ToId(),
         result.Value.EmailAddress.Should().Be("[email protected]");
         result.Value.FirstName.Should().Be("Aninvitee");
         result.Value.LastName.Should().BeNull();
-        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, "aninvitationtoken",
+        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, TestingToken,
             "[email protected]", "Aninvitee", "aninviterdisplayname", It.IsAny<CancellationToken>()));
     }
 
@@ -240,7 +241,7 @@ public async Task WhenInviteGuestAsync_ThenInvitesGuest()
         _userProfilesService.Verify(ups =>
             ups.FindPersonByEmailAddressPrivateAsync(_caller.Object, "[email protected]",
                 It.IsAny<CancellationToken>()));
-        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, "aninvitationtoken",
+        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, TestingToken,
             "[email protected]", "Aninvitee", "aninviterdisplayname", It.IsAny<CancellationToken>()));
         _repository.Verify(rep => rep.LoadAsync("anid".ToId(), It.IsAny<CancellationToken>()), Times.Never);
         _repository.Verify(rep => rep.LoadAsync("aninviterid".ToId(), It.IsAny<CancellationToken>()));
@@ -260,7 +261,7 @@ public async Task WhenResendGuestInvitationAsyncAndInvitationNotExists_ThenRetur
             .ReturnsAsync(Optional<EndUserRoot>.None);
 
         var result =
-            await _application.ResendGuestInvitationAsync(_caller.Object, "aninvitationtoken", CancellationToken.None);
+            await _application.ResendGuestInvitationAsync(_caller.Object, TestingToken, CancellationToken.None);
 
         result.Should().BeError(ErrorCode.EntityNotFound);
     }
@@ -295,10 +296,10 @@ await invitee.InviteGuestAsync(_tokensService.Object, "aninviterid".ToId(),
             });
 
         var result =
-            await _application.ResendGuestInvitationAsync(_caller.Object, "aninvitationtoken", CancellationToken.None);
+            await _application.ResendGuestInvitationAsync(_caller.Object, TestingToken, CancellationToken.None);
 
         result.Should().BeSuccess();
-        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, "aninvitationtoken",
+        _notificationsService.Verify(ns => ns.NotifyGuestInvitationToPlatformAsync(_caller.Object, TestingToken,
             "[email protected]", "Aninvitee", "aninviterdisplayname", It.IsAny<CancellationToken>()));
         _repository.Verify(rep => rep.LoadAsync("anid".ToId(), It.IsAny<CancellationToken>()), Times.Never);
         _repository.Verify(rep => rep.LoadAsync("aninviterid".ToId(), It.IsAny<CancellationToken>()));
@@ -318,7 +319,7 @@ public async Task WhenVerifyGuestInvitationAsyncAndInvitationNotExists_ThenRetur
             .ReturnsAsync(Optional<EndUserRoot>.None);
 
         var result =
-            await _application.VerifyGuestInvitationAsync(_caller.Object, "aninvitationtoken", CancellationToken.None);
+            await _application.VerifyGuestInvitationAsync(_caller.Object, TestingToken, CancellationToken.None);
 
         result.Should().BeError(ErrorCode.EntityNotFound);
     }
@@ -341,7 +342,7 @@ await invitee.InviteGuestAsync(_tokensService.Object, "aninviterid".ToId(),
             .ReturnsAsync(invitee.ToOptional());
 
         var result =
-            await _application.VerifyGuestInvitationAsync(_caller.Object, "aninvitationtoken", CancellationToken.None);
+            await _application.VerifyGuestInvitationAsync(_caller.Object, TestingToken, CancellationToken.None);
 
         result.Should().BeSuccess();
         result.Value.EmailAddress.Should().Be("[email protected]");

diff --git a/src/EndUsersDomain.UnitTests/EndUserRootSpec.cs b/src/EndUsersDomain.UnitTests/EndUserRootSpec.cs
@@ -22,6 +22,7 @@ namespace EndUsersDomain.UnitTests;
 [UsedImplicitly]
 public class EndUserRootSpec
 {
+    private const string TestingToken = "Ll4qhv77XhiXSqsTUc6icu56ZLrqu5p1gH9kT5IlHio";
     private static EndUserRoot CreateOrgOwner(Mock<IRecorder> recorder, string organizationId,
         UserClassification classification = UserClassification.Person)
     {
@@ -86,7 +87,7 @@ public GivenAPerson()
                 });
             _tokensService = new Mock<ITokensService>();
             _tokensService.Setup(ts => ts.CreateGuestInvitationToken())
-                .Returns("aninvitationtoken");
+                .Returns(TestingToken);
 
             _user = EndUserRoot.Create(_recorder.Object, _identifierFactory.Object, UserClassification.Person).Value;
         }

diff --git a/src/EndUsersDomain.UnitTests/GuestInvitationSpec.cs b/src/EndUsersDomain.UnitTests/GuestInvitationSpec.cs
@@ -12,7 +12,8 @@ namespace EndUsersDomain.UnitTests;
 public class GuestInvitationSpec
 {
     private readonly EmailAddress _inviteeEmailAddress;
-
+    private const string TestingToken = "Ll4qhv77XhiXSqsTUc6icu56ZLrqu5p1gH9kT5IlHio";
+
     public GuestInvitationSpec()
     {
         _inviteeEmailAddress = EmailAddress.Create("[email protected]").Value;
@@ -35,14 +36,24 @@ public void WhenCreateEmpty_ThenAssigned()
         invitation.AcceptedAtUtc.Should().BeNull();
     }
 
+    [Fact]
+    public void WhenInviteAndInvalidToken_ThenReturnsError()
+    {
+        var invitation = GuestInvitation.Empty;
+
+        var result = invitation.Invite("aninvalidtoken", _inviteeEmailAddress, "aninviterid".ToId());
+
+        result.Should().BeError(ErrorCode.Validation, Resources.GuestInvitation_InvalidToken);
+    }
+
     [Fact]
     public void WhenInviteAndAlreadyInvited_ThenReturnsError()
     {
         var invitation = GuestInvitation.Empty;
-        invitation = invitation.Invite("atoken", _inviteeEmailAddress,
+        invitation = invitation.Invite(TestingToken, _inviteeEmailAddress,
             "aninviterid".ToId()).Value;
 
-        var result = invitation.Invite("atoken", _inviteeEmailAddress, "aninviterid".ToId());
+        var result = invitation.Invite(TestingToken, _inviteeEmailAddress, "aninviterid".ToId());
 
         result.Should().BeError(ErrorCode.RuleViolation, Resources.GuestInvitation_AlreadyInvited);
     }
@@ -51,11 +62,11 @@ public void WhenInviteAndAlreadyInvited_ThenReturnsError()
     public void WhenInviteAndAlreadyAccepted_ThenReturnsError()
     {
         var invitation = GuestInvitation.Empty;
-        invitation = invitation.Invite("atoken", _inviteeEmailAddress,
+        invitation = invitation.Invite(TestingToken, _inviteeEmailAddress,
             "aninviterid".ToId()).Value;
         invitation = invitation.Accept(_inviteeEmailAddress).Value;
 
-        var result = invitation.Invite("atoken", _inviteeEmailAddress, "aninviterid".ToId());
+        var result = invitation.Invite(TestingToken, _inviteeEmailAddress, "aninviterid".ToId());
 
         result.Should().BeError(ErrorCode.RuleViolation, Resources.GuestInvitation_AlreadyInvited);
     }
@@ -65,13 +76,13 @@ public void WhenInvite_ThenIsInvited()
     {
         var invitation = GuestInvitation.Empty;
 
-        invitation = invitation.Invite("atoken", _inviteeEmailAddress,
+        invitation = invitation.Invite(TestingToken, _inviteeEmailAddress,
             "aninviterid".ToId()).Value;
 
         invitation.IsInvited.Should().BeTrue();
         invitation.IsStillOpen.Should().BeTrue();
         invitation.IsAccepted.Should().BeFalse();
-        invitation.Token.Should().Be("atoken");
+        invitation.Token.Should().Be(TestingToken);
         invitation.ExpiresOnUtc.Should().BeNear(DateTime.UtcNow.Add(GuestInvitation.DefaultTokenExpiry));
         invitation.InvitedById.Should().Be("aninviterid".ToId());
         invitation.InviteeEmailAddress!.Address.Should().Be("[email protected]");
@@ -80,12 +91,22 @@ public void WhenInvite_ThenIsInvited()
         invitation.AcceptedAtUtc.Should().BeNull();
     }
 
+    [Fact]
+    public void WhenRenewAndInvalidToken_ThenReturnsError()
+    {
+        var invitation = GuestInvitation.Empty;
+
+        var result = invitation.Renew("aninvalidtoken", _inviteeEmailAddress);
+
+        result.Should().BeError(ErrorCode.Validation, Resources.GuestInvitation_InvalidToken);
+    }
+
     [Fact]
     public void WhenRenewAndNotInvited_ThenReturnsError()
     {
         var invitation = GuestInvitation.Empty;
 
-        var result = invitation.Renew("atoken", _inviteeEmailAddress);
+        var result = invitation.Renew(TestingToken, _inviteeEmailAddress);
 
         result.Should().BeError(ErrorCode.RuleViolation, Resources.GuestInvitation_NotInvited);
     }
@@ -94,11 +115,11 @@ public void WhenRenewAndNotInvited_ThenReturnsError()
     public void WhenRenewAndAlreadyAccepted_ThenReturnsError()
     {
         var invitation = GuestInvitation.Empty;
-        invitation = invitation.Invite("atoken", _inviteeEmailAddress,
+        invitation = invitation.Invite(TestingToken, _inviteeEmailAddress,
             "aninviterid".ToId()).Value;
         invitation = invitation.Accept(_inviteeEmailAddress).Value;
 
-        var result = invitation.Renew("atoken", _inviteeEmailAddress);
+        var result = invitation.Renew(TestingToken, _inviteeEmailAddress);
 
         result.Should().BeError(ErrorCode.RuleViolation, Resources.GuestInvitation_AlreadyAccepted);
     }
@@ -107,15 +128,15 @@ public void WhenRenewAndAlreadyAccepted_ThenReturnsError()
     public void WhenRenewAndInvited_ThenIsRenewed()
     {
         var invitation = GuestInvitation.Empty;
-        invitation = invitation.Invite("atoken", _inviteeEmailAddress,
+        invitation = invitation.Invite(TestingToken, _inviteeEmailAddress,
             "aninviterid".ToId()).Value;
 
-        invitation = invitation.Renew("atoken", _inviteeEmailAddress).Value;
+        invitation = invitation.Renew(TestingToken, _inviteeEmailAddress).Value;
 
         invitation.IsInvited.Should().BeTrue();
         invitation.IsStillOpen.Should().BeTrue();
         invitation.IsAccepted.Should().BeFalse();
-        invitation.Token.Should().Be("atoken");
+        invitation.Token.Should().Be(TestingToken);
         invitation.ExpiresOnUtc.Should().BeNear(DateTime.UtcNow.Add(GuestInvitation.DefaultTokenExpiry));
         invitation.InvitedById.Should().Be("aninviterid".ToId());
         invitation.InviteeEmailAddress!.Address.Should().Be("[email protected]");
@@ -138,7 +159,7 @@ public void WhenAcceptAndNotInvited_ThenReturnsError()
     public void WhenAcceptAndAlreadyAccepted_ThenReturnsError()
     {
         var invitation = GuestInvitation.Empty;
-        invitation = invitation.Invite("atoken", _inviteeEmailAddress,
+        invitation = invitation.Invite(TestingToken, _inviteeEmailAddress,
             "aninviterid".ToId()).Value;
         invitation = invitation.Accept(_inviteeEmailAddress).Value;
 
@@ -152,15 +173,15 @@ public void WhenAcceptAndInvited_ThenIsAccepted()
     {
         var invitation = GuestInvitation.Empty;
 
-        invitation = invitation.Invite("atoken", _inviteeEmailAddress,
+        invitation = invitation.Invite(TestingToken, _inviteeEmailAddress,
             "aninviterid".ToId()).Value;
 
         invitation = invitation.Accept(_inviteeEmailAddress).Value;
 
         invitation.IsInvited.Should().BeTrue();
         invitation.IsStillOpen.Should().BeFalse();
         invitation.IsAccepted.Should().BeTrue();
-        invitation.Token.Should().Be("atoken");
+        invitation.Token.Should().Be(TestingToken);
         invitation.ExpiresOnUtc.Should().BeNull();
         invitation.InvitedById.Should().Be("aninviterid".ToId());
         invitation.InviteeEmailAddress!.Address.Should().Be("[email protected]");

diff --git a/src/EndUsersDomain/EndUserRoot.cs b/src/EndUsersDomain/EndUserRoot.cs
@@ -19,6 +19,10 @@ namespace EndUsersDomain;
 
 public sealed partial class EndUserRoot : AggregateRootBase
 {
+#if TESTINGONLY
+    private const string TestingToken = "Ll4qhv77XhiXSqsTUc6icu56ZLrqu5p1gH9kT5IlHio";
+#endif
+
     public static Result<EndUserRoot, Error> Create(IRecorder recorder, IIdentifierFactory idFactory,
         UserClassification classification)
     {
@@ -613,7 +617,7 @@ public void TestingOnly_ExpireGuestInvitation()
 #if TESTINGONLY
     public void TestingOnly_InviteGuest(EmailAddress emailAddress)
     {
-        GuestInvitation = GuestInvitation.Invite("atoken", emailAddress, "aninviter".ToId()).Value;
+        GuestInvitation = GuestInvitation.Invite(TestingToken, emailAddress, "aninviter".ToId()).Value;
     }
 #endif
 

diff --git a/src/EndUsersDomain/GuestInvitation.cs b/src/EndUsersDomain/GuestInvitation.cs
@@ -1,5 +1,6 @@
 using Common;
 using Common.Extensions;
+using Domain.Common.Extensions;
 using Domain.Common.ValueObjects;
 using Domain.Interfaces;
 using Domain.Shared;
@@ -102,6 +103,12 @@ public Result<GuestInvitation, Error> Accept(EmailAddress acceptedWithEmail)
 
     public Result<GuestInvitation, Error> Invite(string token, EmailAddress inviteeEmailAddress, Identifier invitedById)
     {
+        if (token.IsInvalidParameter(Validations.Invitation.Token, nameof(token),
+                Resources.GuestInvitation_InvalidToken, out var error))
+        {
+            return error;
+        }
+
         if (IsInvited)
         {
             return Error.RuleViolation(Resources.GuestInvitation_AlreadyInvited);
@@ -118,6 +125,12 @@ public Result<GuestInvitation, Error> Invite(string token, EmailAddress inviteeE
 
     public Result<GuestInvitation, Error> Renew(string token, EmailAddress inviteeEmailAddress)
     {
+        if (token.IsInvalidParameter(Validations.Invitation.Token, nameof(token),
+                Resources.GuestInvitation_InvalidToken, out var error))
+        {
+            return error;
+        }
+
         if (!IsInvited)
         {
             return Error.RuleViolation(Resources.GuestInvitation_NotInvited);

diff --git a/src/EndUsersDomain/Resources.Designer.cs b/src/EndUsersDomain/Resources.Designer.cs
diff --git a/src/EndUsersDomain/Resources.resx b/src/EndUsersDomain/Resources.resx
@@ -99,6 +99,9 @@
     <data name="GuestInvitation_AlreadyAccepted" xml:space="preserve">
         <value>This invitation has already been accepted</value>
     </data>
+    <data name="GuestInvitation_InvalidToken" xml:space="preserve">
+        <value>The Token for this invitation is invalid</value>
+    </data>
     <data name="EndUserRoot_GuestInvitationNeverSent" xml:space="preserve">
         <value>A guest invitation has not been sent yet</value>
     </data>