diff --git a/server/realms/routes.ts b/server/realms/routes.ts index 2d476f02..e5fced4c 100644 --- a/server/realms/routes.ts +++ b/server/realms/routes.ts @@ -329,6 +329,29 @@ router.delete("/:realm_id/notifications", ensureLoggedIn, async (req, res) => { res.sendStatus(204); }); +// The data we collect in the invite process is outlined in the boba.social Privacy Policy. +// Should the data recorded change, the policy will need to be updated accordingly. +// The relevant sections of the policy currently read: + +// // Information collected upon invitation to a boba.social Realm + +// // // When you join your first Realm on boba.social, and thus create your user account, +// // // our system records which existing user created the invitation you used to join as part of your account information. + +// // // If you are invited to a Realm with an invite that is locked to your email address, +// // // that email is saved as part of the record of the invitation, but not connected to your account in our database. +// // // If you join using that invite, it will be recorded that that invite was used by someone with that email. +// // // If you decline or do not use the invite, it will be recorded as expired after a limited period of time. + +// // // If you are invited to a Realm with an invite that is not locked to an email, and decline, it will not be connected to you in any way. + +// // // Your account will be recorded as a member of all boba.social Realms you choose to join. + +// // Account Activity +// // // ... If you have the ability to create Realm invitations, your account will be recorded as the creator of any invites you create, +// // // and if someone uses one of your invites when they first create a boba.social account, +// // // your account will be recorded as the account they were invited by. + /** * @openapi * /realms/{realm_id}/invites: @@ -596,83 +619,6 @@ router.post( } ); -// This is an old version of the route at line 411, without the requires_email field in the response. -// Should I delete it? -/** - * @openapi - * /realms/{realm_id}/invites/{nonce}: - * get: - * summary: Get an invite's realm and status. - * operationId: getInviteByNonce - * tags: - * - /realms/ - * - unzodded - * parameters: - * - name: realm_id - * in: path - * description: The id of the realm. - * required: true - * schema: - * type: string - * format: uuid - * examples: - * twisted_minds: - * summary: the twisted-minds realm id - * value: 76ef4cc3-1603-4278-95d7-99c59f481d2e - * - name: nonce - * in: path - * description: The invite code. - * required: true - * schema: - * type: string - * examples: - * twisted_minds: - * summary: the invite code. - * value: 123invite_code456 - * responses: - * 200: - * description: The realm amd status of the requested invite. - * content: - * application/json: - * schema: - * $ref: "#/components/schemas/InviteStatus" - * examples: - * twisted_minds: - * value: - * realm_id: 76ef4cc3-1603-4278-95d7-99c59f481d2e - * realm_slug: twisted-minds - * invite_status: pending - * 404: - * description: The invite with the given code was not found. - * content: - * application/json: - * schema: - * $ref: "#/components/schemas/genericResponse" - */ - -router.get("/:realm_id/invites/:nonce", async (req, res) => { - const nonce = req.params.nonce; - const invite = await getInviteDetails({ nonce }); - if (!invite) { - throw new NotFound404Error("The invite was not found"); - } - const inviteRealm = await getRealmByExternalId({ - realmExternalId: invite.realmExternalId, - }); - if (!inviteRealm) { - throw new Internal500Error("failed to get realm ids"); - } - res.status(200).json({ - realm_id: inviteRealm.string_id, - realm_slug: inviteRealm.slug, - invite_status: invite.expired - ? "expired" - : invite.used - ? "used" - : "pending", - }); -}); - /** * @openapi * /realms/{realm_id}/invites/{nonce}: diff --git a/server/realms/tests/invites.test.ts b/server/realms/tests/invites.test.ts index f765a839..669c2260 100644 --- a/server/realms/tests/invites.test.ts +++ b/server/realms/tests/invites.test.ts @@ -329,7 +329,7 @@ describe("Tests get invites endpoint", () => { describe("Tests get invite by nonce endpoint", () => { const server = startTestServer(router); - test("correctly sends 404 if no invites exist", async () => { + test("correctly sends 404 if no invite exists", async () => { setLoggedInUser(BOBATAN_USER_ID); const res = await request(server.app).get( `/${TWISTED_MINDS_REALM_EXTERNAL_ID}/invites/${TWISTED_MINDS_INVITES[0].nonce}` @@ -356,7 +356,7 @@ describe("Tests get invite by nonce endpoint", () => { }); }); - test("Correctly gets invite realm and status for pending invite", async () => { + test("Correctly gets invite realm and status for pending invite locked to email", async () => { await wrapWithTransaction(async () => { insertInvites( TWISTED_MINDS_INVITES, @@ -371,6 +371,22 @@ describe("Tests get invite by nonce endpoint", () => { expect(res.body.realm_id).toBe(TWISTED_MINDS_REALM_EXTERNAL_ID); expect(res.body.realm_slug).toBe(TWISTED_MINDS_REALM_SLUG); expect(res.body.invite_status).toBe("pending"); + expect(res.body.requires_email).toBe(true); + }); + }); + + test("Correctly gets invite realm and status for pending invite not locked to email", async () => { + await wrapWithTransaction(async () => { + insertInvites(UWU_INVITES, ZODIAC_KILLER_USER_ID, UWU_REALM_EXTERNAL_ID); + const res = await request(server.app).get( + `/${UWU_REALM_EXTERNAL_ID}/invites/${UWU_INVITES[2].nonce}` + ); + + expect(res.status).toBe(200); + expect(res.body.realm_id).toBe(UWU_REALM_EXTERNAL_ID); + expect(res.body.realm_slug).toBe(UWU_REALM_SLUG); + expect(res.body.invite_status).toBe("pending"); + expect(res.body.requires_email).toBe(false); }); });