shapehq · simonbs · Nov 6, 2023 · Nov 6, 2023 · Nov 6, 2023 · Nov 6, 2023
@@ -27,7 +27,10 @@ test("It forwards a GraphQL request", async () => {
     async getPullRequestComments() {
       return []
     },
-    async addCommentToPullRequest() {}
+    async addCommentToPullRequest() {},
+    async getOrganizationMembershipStatus() {
+      return { state: "active" }
+    }
   })
   const request: GraphQLQueryRequest = {
     query: "foo",
@@ -58,7 +61,10 @@ test("It forwards a request to get the repository content", async () => {
     async getPullRequestComments() {
       return []
     },
-    async addCommentToPullRequest() {}
+    async addCommentToPullRequest() {},
+    async getOrganizationMembershipStatus() {
+      return { state: "active" }
+    }
   })
   const request: GetRepositoryContentRequest = {
     repositoryOwner: "foo",
@@ -91,7 +97,10 @@ test("It forwards a request to get comments to a pull request", async () => {
       forwardedRequest = request
       return []
     },
-    async addCommentToPullRequest() {}
+    async addCommentToPullRequest() {},
+    async getOrganizationMembershipStatus() {
+      return { state: "active" }
+    }
   })
   const request: GetPullRequestCommentsRequest = {
     appInstallationId: 1234,
@@ -125,6 +134,9 @@ test("It forwards a request to add a comment to a pull request", async () => {
     },
     async addCommentToPullRequest(request: AddCommentToPullRequestRequest) {
       forwardedRequest = request
+    },
+    async getOrganizationMembershipStatus() {
+      return { state: "active" }
     }
   })
   const request: AddCommentToPullRequestRequest = {
@@ -164,7 +176,10 @@ test("It retries with a refreshed access token when receiving HTTP 401", async (
     async getPullRequestComments() {
       return []
     },
-    async addCommentToPullRequest() {}
+    async addCommentToPullRequest() {},
+    async getOrganizationMembershipStatus() {
+      return { state: "active" }
+    }
   })
   const request: GraphQLQueryRequest = {
     query: "foo",
@@ -195,7 +210,10 @@ test("It only retries a request once when receiving HTTP 401", async () => {
     async getPullRequestComments() {
       return []
     },
-    async addCommentToPullRequest() {}
+    async addCommentToPullRequest() {},
+    async getOrganizationMembershipStatus() {
+      return { state: "active" }
+    }
   })
   const request: GraphQLQueryRequest = {
     query: "foo",
@@ -229,7 +247,10 @@ test("It does not refresh an access token when the initial request was successfu
     async getPullRequestComments() {
       return []
     },
-    async addCommentToPullRequest() {}
+    async addCommentToPullRequest() {},
+    async getOrganizationMembershipStatus() {
+      return { state: "active" }
+    }
   })
   const request: GraphQLQueryRequest = {
     query: "foo",

@@ -0,0 +1,143 @@
+import {
+  GetOrganizationMembershipStatusRequest
+} from "../../../src/common/github/IGitHubClient"
+import GitHubOrganizationSessionValidator from "../../../src/common/session/GitHubOrganizationSessionValidator"
+
+test("It requests organization membership status for the specified organization", async () => {
+  let queriedOrganizationName: string | undefined
+  const sut = new GitHubOrganizationSessionValidator(
+    {
+      async graphql() {
+        return {}
+      },
+      async getRepositoryContent() {
+        return { downloadURL: "https://example.com" }
+      },
+      async getPullRequestComments() {
+        return []
+      },
+      async addCommentToPullRequest() {},
+      async getOrganizationMembershipStatus(request: GetOrganizationMembershipStatusRequest) {
+        queriedOrganizationName = request.organizationName
+        return { state: "active" }
+      }
+    },
+    "foo"
+  )
+  await sut.validateSession()
+  expect(queriedOrganizationName).toBe("foo")
+})
+
+test("It considers session valid when membership state is \"active\"", async () => {
+  const sut = new GitHubOrganizationSessionValidator(
+    {
+      async graphql() {
+        return {}
+      },
+      async getRepositoryContent() {
+        return { downloadURL: "https://example.com" }
+      },
+      async getPullRequestComments() {
+        return []
+      },
+      async addCommentToPullRequest() {},
+      async getOrganizationMembershipStatus() {
+        return { state: "active" }
+      }
+    },
+    "foo"
+  )
+  const isSessionValid = await sut.validateSession()
+  expect(isSessionValid).toBeTruthy()
+})
+
+test("It considers session invalid when membership state is \"pending\"", async () => {
+  const sut = new GitHubOrganizationSessionValidator(
+    {
+      async graphql() {
+        return {}
+      },
+      async getRepositoryContent() {
+        return { downloadURL: "https://example.com" }
+      },
+      async getPullRequestComments() {
+        return []
+      },
+      async addCommentToPullRequest() {},
+      async getOrganizationMembershipStatus() {
+        return { state: "pending" }
+      }
+    },
+    "foo"
+  )
+  const isSessionValid = await sut.validateSession()
+  expect(isSessionValid).toBeFalsy()
+})
+
+test("It considers session invalid when receiving HTTP 404, indicating user is not member of the organization", async () => {
+  const sut = new GitHubOrganizationSessionValidator(
+    {
+      async graphql() {
+        return {}
+      },
+      async getRepositoryContent() {
+        return { downloadURL: "https://example.com" }
+      },
+      async getPullRequestComments() {
+        return []
+      },
+      async addCommentToPullRequest() {},
+      async getOrganizationMembershipStatus() {
+        throw { status: 404, message: "User is not member of organization"}
+      }
+    },
+    "foo"
+  )
+  const isSessionValid = await sut.validateSession()
+  expect(isSessionValid).toBeFalsy()
+})
+
+test("It considers session invalid when receiving HTTP 404, indicating that the organization has blocked the GitHub app", async () => {
+  const sut = new GitHubOrganizationSessionValidator(
+    {
+      async graphql() {
+        return {}
+      },
+      async getRepositoryContent() {
+        return { downloadURL: "https://example.com" }
+      },
+      async getPullRequestComments() {
+        return []
+      },
+      async addCommentToPullRequest() {},
+      async getOrganizationMembershipStatus() {
+        throw { status: 403, message: "Organization has blocked GitHub app"}
+      }
+    },
+    "foo"
+  )
+  const isSessionValid = await sut.validateSession()
+  expect(isSessionValid).toBeFalsy()
+})
+
+test("It forwards error when getting membership status throws unknown error", async () => {
+  const sut = new GitHubOrganizationSessionValidator(
+    {
+      async graphql() {
+        return {}
+      },
+      async getRepositoryContent() {
+        return { downloadURL: "https://example.com" }
+      },
+      async getPullRequestComments() {
+        return []
+      },
+      async addCommentToPullRequest() {},
+      async getOrganizationMembershipStatus() {
+        throw { status: 500 }
+      }
+    },
+    "foo"
+  )
+  await expect(sut.validateSession()).rejects.toEqual({ status: 500 })
+})
@@ -0,0 +1,46 @@
+import SessionValidatingProjectDataSource from "../../src/features/projects/domain/SessionValidatingProjectDataSource"
+
+test("It validates the session", async () => {
+  let didValidateSession = false
+  const sut = new SessionValidatingProjectDataSource({
+    async validateSession() {
+      didValidateSession = true
+      return true
+    },
+  }, {
+    async getProjects() {
+      return []
+    }
+  })
+  await sut.getProjects()
+  expect(didValidateSession).toBeTruthy()
+})
+
+test("It fetches projects when session is valid", async () => {
+  let didFetchProjects = false
+  const sut = new SessionValidatingProjectDataSource({
+    async validateSession() {
+      return true
+    },
+  }, {
+    async getProjects() {
+      didFetchProjects = true
+      return []
+    }
+  })
+  await sut.getProjects()
+  expect(didFetchProjects).toBeTruthy()
+})
+
+test("It throws error when session is invalid", async () => {
+  const sut = new SessionValidatingProjectDataSource({
+    async validateSession() {
+      return false
+    },
+  }, {
+    async getProjects() {
+      return []
+    }
+  })
+  expect(sut.getProjects()).rejects.toThrowError()
+})
@@ -1,27 +1,24 @@
 import { NextResponse } from "next/server"
 import { projectDataSource } from "@/composition"
-import { UnauthorizedError } from "@/features/auth/domain/AuthError"
+import { UnauthorizedError, InvalidSessionError } from "@/common/errors"
 
 export async function GET() {
   try {
     const projects = await projectDataSource.getProjects()
     return NextResponse.json({projects})
   } catch (error) {
     if (error instanceof UnauthorizedError) {
-      return NextResponse.json({
-        status: 401,
-        message: error.message
-      }, { status: 401 })
+      return errorResponse(401, error.message)
+    } else if (error instanceof InvalidSessionError) {
+      return errorResponse(403, error.message)
     } else if (error instanceof Error) {
-      return NextResponse.json({
-        status: 500,
-        message: error.message
-      }, { status: 500 })
+      return errorResponse(500, error.message)
     } else {
-      return NextResponse.json({
-        status: 500,
-        message: "Unknown error"
-      }, { status: 500 })
+      return errorResponse(500, "Unknown error")
     }
   }
 }
+
+function errorResponse(status: number, message: string): NextResponse {
+  return NextResponse.json({ status, message }, { status })
+}
@@ -0,0 +1,5 @@
+import InvalidSessionPage from "@/features/auth/view/InvalidSessionPage"
+
+export default async function Page() {
+  return <InvalidSessionPage/>
+}
@@ -4,7 +4,7 @@ import { UserProvider } from "@auth0/nextjs-auth0/client"
 import { config as fontAwesomeConfig } from "@fortawesome/fontawesome-svg-core"
 import { CssBaseline } from "@mui/material"
 import ThemeRegistry from "@/common/theme/ThemeRegistry"
-import ErrorHandler from "@/common/errorHandling/client/ErrorHandler"
+import ErrorHandler from "@/common/errors/client/ErrorHandler"
 import "@fortawesome/fontawesome-svg-core/styles.css"
 
 fontAwesomeConfig.autoAddCss = false

@@ -9,10 +9,13 @@ export default function ErrorHandler({
   children: React.ReactNode
 }) {
   const onSWRError = (error: FetcherError) => {
+    if (typeof window === "undefined") {
+      return
+    }
     if (error.status == 401) {
-      if (typeof window !== "undefined") {
-        window.location.href = "/api/auth/logout"
-      }
+      window.location.href = "/api/auth/logout"
+    } else if (error.status == 403) {
+      window.location.href = "/invalid-session"
     }
   }
   return (

@@ -0,0 +1,2 @@
+export class UnauthorizedError extends Error {}
+export class InvalidSessionError extends Error {}
@@ -4,6 +4,8 @@ import IGitHubClient, {
   GraphQlQueryResponse,
   GetRepositoryContentRequest,
   GetPullRequestCommentsRequest,
+  GetOrganizationMembershipStatusRequest,
+  GetOrganizationMembershipStatusRequestResponse,
   AddCommentToPullRequestRequest,
   RepositoryContent,
   PullRequestComment
@@ -60,6 +62,14 @@ export default class AccessTokenRefreshingGitHubClient implements IGitHubClient
     })
   }
 
+  async getOrganizationMembershipStatus(
+    request: GetOrganizationMembershipStatusRequest
+  ): Promise<GetOrganizationMembershipStatusRequestResponse> {
+    return await this.send(async () => {
+      return await this.gitHubClient.getOrganizationMembershipStatus(request)
+    })
+  }
+
   private async send<T>(fn: () => Promise<T>): Promise<T> {
     const accessToken = await this.accessTokenReader.getAccessToken()
     try {

@@ -6,6 +6,8 @@ import IGitHubClient, {
   GetRepositoryContentRequest,
   GetPullRequestCommentsRequest,
   AddCommentToPullRequestRequest,
+  GetOrganizationMembershipStatusRequest,
+  GetOrganizationMembershipStatusRequestResponse,
   RepositoryContent,
   PullRequestComment
 } from "./IGitHubClient"
@@ -90,4 +92,15 @@ export default class GitHubClient implements IGitHubClient {
       body: request.body
     })
   }
+
+  async getOrganizationMembershipStatus(
+    request: GetOrganizationMembershipStatusRequest
+  ): Promise<GetOrganizationMembershipStatusRequestResponse> {
+    const accessToken = await this.accessTokenReader.getAccessToken()
+    const octokit = new Octokit({ auth: accessToken })
+    const response = await octokit.rest.orgs.getMembershipForAuthenticatedUser({
+      org: request.organizationName
+    })
+    return { state: response.data.state }
+  }
 }