Delete Old GET Invite-by-Nonce Route and Update Tests

server/realms/routes.ts

@@ -329,6 +329,29 @@ router.delete("/:realm_id/notifications", ensureLoggedIn, async (req, res) => {
   res.sendStatus(204);
 });
 
+// The data we collect in the invite process is outlined in the boba.social Privacy Policy.
+// Should the data recorded change, the policy will need to be updated accordingly.
+// The relevant sections of the policy currently read:
+
+// // Information collected upon invitation to a boba.social Realm
+
+// // // When you join your first Realm on boba.social, and thus create your user account,
+// // // our system records which existing user created the invitation you used to join as part of your account information.
+
+// // // If you are invited to a Realm with an invite that is locked to your email address,
+// // // that email is saved as part of the record of the invitation, but not connected to your account in our database.
+// // // If you join using that invite, it will be recorded that that invite was used by someone with that email.
+// // // If you decline or do not use the invite, it will be recorded as expired after a limited period of time.
+
+// // // If you are invited to a Realm with an invite that is not locked to an email, and decline, it will not be connected to you in any way.
+
+// // // Your account will be recorded as a member of all boba.social Realms you choose to join.
+
+// // Account Activity
+// // // ... If you have the ability to create Realm invitations, your account will be recorded as the creator of any invites you create,
+// // // and if someone uses one of your invites when they first create a boba.social account,
+// // // your account will be recorded as the account they were invited by.
+
 /**
  * @openapi
  * /realms/{realm_id}/invites:
@@ -596,83 +619,6 @@ router.post(
   }
 );
 
-// This is an old version of the route at line 411, without the requires_email field in the response.
-// Should I delete it?
-/**
- * @openapi
- * /realms/{realm_id}/invites/{nonce}:
- *   get:
- *     summary: Get an invite's realm and status.
- *     operationId: getInviteByNonce
- *     tags:
- *       - /realms/
- *       - unzodded
- *     parameters:
- *       - name: realm_id
- *         in: path
- *         description: The id of the realm.
- *         required: true
- *         schema:
- *           type: string
- *           format: uuid
- *         examples:
- *           twisted_minds:
- *             summary: the twisted-minds realm id
- *             value: 76ef4cc3-1603-4278-95d7-99c59f481d2e
- *       - name: nonce
- *         in: path
- *         description: The invite code.
- *         required: true
- *         schema:
- *           type: string
- *         examples:
- *           twisted_minds:
- *             summary: the invite code.
- *             value: 123invite_code456
- *     responses:
- *       200:
- *         description: The realm amd status of the requested invite.
- *         content:
- *           application/json:
- *             schema:
- *               $ref: "#/components/schemas/InviteStatus"
- *             examples:
- *               twisted_minds:
- *                 value:
- *                   realm_id: 76ef4cc3-1603-4278-95d7-99c59f481d2e
- *                   realm_slug: twisted-minds
- *                   invite_status: pending
- *       404:
- *         description: The invite with the given code was not found.
- *         content:
- *           application/json:
- *             schema:
- *               $ref: "#/components/schemas/genericResponse"
- */
-
-router.get("/:realm_id/invites/:nonce", async (req, res) => {
-  const nonce = req.params.nonce;
-  const invite = await getInviteDetails({ nonce });
-  if (!invite) {
-    throw new NotFound404Error("The invite was not found");
-  }
-  const inviteRealm = await getRealmByExternalId({
-    realmExternalId: invite.realmExternalId,
-  });
-  if (!inviteRealm) {
-    throw new Internal500Error("failed to get realm ids");
-  }
-  res.status(200).json({
-    realm_id: inviteRealm.string_id,
-    realm_slug: inviteRealm.slug,
-    invite_status: invite.expired
-      ? "expired"
-      : invite.used
-      ? "used"
-      : "pending",
-  });
-});
-
 /**
  * @openapi
  * /realms/{realm_id}/invites/{nonce}:

server/realms/tests/invites.test.ts

@@ -329,7 +329,7 @@ describe("Tests get invites endpoint", () => {
 describe("Tests get invite by nonce endpoint", () => {
   const server = startTestServer(router);
 
-  test("correctly sends 404 if no invites exist", async () => {
+  test("correctly sends 404 if no invite exists", async () => {
     setLoggedInUser(BOBATAN_USER_ID);
     const res = await request(server.app).get(
       `/${TWISTED_MINDS_REALM_EXTERNAL_ID}/invites/${TWISTED_MINDS_INVITES[0].nonce}`
@@ -356,7 +356,7 @@ describe("Tests get invite by nonce endpoint", () => {
     });
   });
 
-  test("Correctly gets invite realm and status for pending invite", async () => {
+  test("Correctly gets invite realm and status for pending invite locked to email", async () => {
     await wrapWithTransaction(async () => {
       insertInvites(
         TWISTED_MINDS_INVITES,
@@ -371,6 +371,22 @@ describe("Tests get invite by nonce endpoint", () => {
       expect(res.body.realm_id).toBe(TWISTED_MINDS_REALM_EXTERNAL_ID);
       expect(res.body.realm_slug).toBe(TWISTED_MINDS_REALM_SLUG);
       expect(res.body.invite_status).toBe("pending");
+      expect(res.body.requires_email).toBe(true);
+    });
+  });
+
+  test("Correctly gets invite realm and status for pending invite not locked to email", async () => {
+    await wrapWithTransaction(async () => {
+      insertInvites(UWU_INVITES, ZODIAC_KILLER_USER_ID, UWU_REALM_EXTERNAL_ID);
+      const res = await request(server.app).get(
+        `/${UWU_REALM_EXTERNAL_ID}/invites/${UWU_INVITES[2].nonce}`
+      );
+
+      expect(res.status).toBe(200);
+      expect(res.body.realm_id).toBe(UWU_REALM_EXTERNAL_ID);
+      expect(res.body.realm_slug).toBe(UWU_REALM_SLUG);
+      expect(res.body.invite_status).toBe("pending");
+      expect(res.body.requires_email).toBe(false);
     });
   });