tests: deactivate supervisors

+ i18n

backend/test/swlkup/resolver/supervisors_deactivate_test.clj

@@ -0,0 +1,47 @@
+(ns swlkup.resolver.supervisors-deactivate-test
+  (:require [clojure.test :refer [use-fixtures deftest is]]
+            [mount.core :as mount]
+            [swlkup.resolver.core :refer [->graphql]]))
+
+(def mail "[email protected]")
+(def password "i!A;z\\\"'^G3Q)w])%83)")
+
+(use-fixtures :once (fn [testcases] (mount/stop) (mount/start) (testcases) (mount/stop)))
+
+
+(deftest deactivate-wrong-login
+  (let [graphql (->graphql)]
+
+       (is (= (graphql {:query "mutation x($auth: Auth) {
+                                  supervisor_deactivate(auth: $auth, deactivated: true)}"
+                        :variables {:auth {:mail mail :password "wrong"}}})
+              {:data {:supervisor_deactivate false}}))
+
+       (is (= (graphql {:query "{lookup(token: \"R4nd0m\") {supervisors{name_full}}}"})
+              {:data {:lookup {:supervisors [{:name_full "Max Müller"}]}}}))))
+
+
+(deftest deactivate-correct-login
+  (let [graphql (->graphql)]
+
+       (is (= (graphql {:query "{lookup(token: \"R4nd0m\") {supervisors{name_full}}}"})
+              {:data {:lookup {:supervisors [{:name_full "Max Müller"}]}}}))
+
+       (is (= (graphql {:query "mutation x($auth: Auth) {
+                                  supervisor_deactivate(auth: $auth, deactivated: true)}"
+                        :variables {:auth {:mail mail :password password}}})
+              {:data {:supervisor_deactivate true}}))
+
+       (is (= (graphql {:query "{lookup(token: \"R4nd0m\") {supervisors{name_full}}}"})
+              {:data {:lookup {:supervisors []}}}))
+
+       ;; There exist 2 mutations that can reactivate a profile (supervisor_update and supervisor_deactivate).
+       ;; Neither is security critical.
+
+       (is (= (graphql {:query "mutation x($auth: Auth) {
+                                  supervisor_deactivate(auth: $auth, deactivated: false)}"
+                        :variables {:auth {:mail mail :password password}}})
+              {:data {:supervisor_deactivate true}}))
+
+       (is (= (graphql {:query "{lookup(token: \"R4nd0m\") {supervisors{name_full}}}"})
+              {:data {:lookup {:supervisors [{:name_full "Max Müller"}]}}}))))

backend/test/swlkup/resolver/supervisors_delete_test.clj

@@ -1,19 +1,10 @@
 (ns swlkup.resolver.supervisors-delete-test
   (:require [clojure.test :refer [use-fixtures deftest is]]
             [mount.core :as mount]
-            [swlkup.resolver.core :refer [->graphql graphql]]))
+            [swlkup.resolver.core :refer [->graphql]]))
 
 (def mail "[email protected]")
 (def password "i!A;z\\\"'^G3Q)w])%83)")
-(def supervisor_updated {:deactivated false
-                         :name_full "Max M. Müller"
-                         :languages ["de"]
-                         :ngos "any" #_["lifeline", "seawatch"]
-                         :offers ["counseling", "moderation"]
-                         :contacts {:phone "0123456789"
-                                    :email "[email protected]"
-                                    :website "https://praxis.mueller.de"}
-                         :location {:zip "01099"}})
 
 (use-fixtures :once (fn [testcases] (mount/stop) (mount/start) (testcases) (mount/stop)))
 
@@ -22,7 +13,7 @@
   (let [graphql (->graphql)]
 
        (is (= (graphql {:query "mutation x($auth: Auth) {
-                                  supervisor_delete(auth: $auth, supervisor_input: $supervisor)}"
+                                  supervisor_delete(auth: $auth)}"
                         :variables {:auth {:mail mail :password "wrong"}}})
               {:data {:supervisor_delete false}}))
 
@@ -37,15 +28,9 @@
               {:data {:lookup {:supervisors [{:name_full "Max Müller"}]}}}))
 
        (is (= (graphql {:query "mutation x($auth: Auth) {
-                                  supervisor_delete(auth: $auth, supervisor_input: $supervisor)}"
+                                  supervisor_delete(auth: $auth)}"
                         :variables {:auth {:mail mail :password password}}})
               {:data {:supervisor_delete true}}))
 
        (is (= (graphql {:query "{lookup(token: \"R4nd0m\") {supervisors{name_full}}}"})
-              {:data {:lookup {:supervisors []}}}))
-
-       (is (= (graphql {:query "mutation x($auth: Auth, $supervisor: SupervisorInput) {
-                                  supervisor_update(auth: $auth, supervisor_input: $supervisor)}"
-                        :variables {:supervisor supervisor_updated
-                                    :auth {:mail mail :password password}}})
-              {:data {:supervisor_update false}}))))
+              {:data {:lookup {:supervisors []}}}))))

frontend/components/supervisor/DeactivateProfile.tsx

@@ -19,7 +19,8 @@ export function DeactivateProfile() {
     <>
       <br/>
       <input type="button" value={ t('Deactivate Profile') as string }
-             onClick={async () => await mutate_deactivate(auth) && refetch()} />
+             onClick={async () => await mutate_deactivate(auth) && refetch()}
+	     name="deactivate" />
     </>
   )
 }

frontend/components/supervisor/ProfileStatus.tsx

@@ -17,8 +17,8 @@ export function ProfileStatus({supervisor}: {supervisor: Supervisors|undefined})
   const status_message = ({deleted: 'Your Account has been deleted.',
 			   logged_out: 'Please login to edit your profile.',
 			   new: 'Please create your profile by submitting the form below.',
-                           deactivated: "Your Profile is inactive. To activate it, please submit the form below.",
-			   activated: 'Your Profile is online and can be found by users with an valid token.'})[status]
+                           deactivated: "Your profile is inactive. To activate it, please submit the form below.",
+			   activated: 'Your profile is online and can be found by users with an valid token.'})[status]
 
   return (
     <>

frontend/cypress/integration/full/01-walkthrough.spec.js

@@ -1,6 +1,30 @@
 let token_url = ""  // will be set once a new token was generated
 let supervisor_password = "" // will be set once a new supervisor was invited
 
+function login_supervisor() {
+  cy.visit('/supervisor/edit')
+  cy.get('form').within($form => {
+    cy.get('input[name=mail]')
+      .type("[email protected]")
+    cy.get('input[name=password]')
+      .type(supervisor_password)
+    cy.get($form).submit()
+  })
+}
+
+function assert_visible() {
+  cy.log(token_url)
+  cy.visit(token_url)
+  cy.get('main').contains('F. Nord')
+}
+
+function assert_invisible() {
+  cy.log(token_url)
+  cy.visit(token_url)
+  cy.get('main').contains('1 Supervisor matches these filters')
+  cy.get('main').not(':contains("F. Nord")')
+}
+
 /** High level checking the lifecycle of a supervisor. **/
 describe('Walk through', () => {
 
@@ -37,14 +61,7 @@ describe('Walk through', () => {
   })
 
   it('Edit new supervisor', () => {
-    cy.visit('/supervisor/edit')
-    cy.get('form').within($form => {
-      cy.get('input[name=mail]')
-        .type("[email protected]")
-      cy.get('input[name=password]')
-        .type(supervisor_password)
-      cy.get($form).submit()
-    })
+    login_supervisor()
     cy.get('form[id="supervisor_form"]').within($form => {
       cy.get('#it').check({force: true})
       cy.get('#moderation').check()
@@ -59,30 +76,32 @@ describe('Walk through', () => {
   })
 
   it('Token: New supervisor visible by new token?', () => {
-    cy.log(token_url)
-    cy.visit(token_url)
-    cy.get('main').contains('F. Nord')
+    assert_visible()
   })
 
-  it('Delete profile of the new supervisor', () => {
-    cy.visit('/supervisor/edit')
-    cy.get('form').within($form => {
-      cy.get('input[name=mail]')
-        .type("[email protected]")
-      cy.get('input[name=password]')
-        .type(supervisor_password)
+  it('Deactivate the supervisor', () => {
+    login_supervisor()
+    cy.get('input[type=button][name=deactivate]').click()
+    cy.get('main').contains('Your profile is inactive.')
+    assert_invisible()
+  })
+
+  it('Reactivate the supervisor', () => {
+    login_supervisor()
+    cy.get('form[id="supervisor_form"]').within($form => {
+      cy.get('input[name=confirm_privacy_policy]').check()
       cy.get($form).submit()
     })
+    cy.get('main').contains('Your profile is online')
+    assert_visible()
+  })
+
+  it('Delete profile of supervisor', () => {
+    login_supervisor()
     cy.get('input[type=button][name=delete]').click()
     cy.get('input[id=confirm_delete]').check()
     cy.get('input[type=button][name=delete]').click()
     cy.get('main').contains('Your account has been deleted.')
-  })
-
-  it('New supervisor should not be longer visible', () => {
-    cy.log(token_url)
-    cy.visit(token_url)
-    cy.get('main').contains('1 Supervisor matches these filters')
-    cy.get('main').not(':contains("F. Nord")')
+    assert_invisible()
   })
 })

frontend/i18n/de.json

@@ -63,14 +63,14 @@
 "New Password": "New Password",
 "OK": "OK",
 
+"Deactivate Profile": "Profil deaktivieren",
 "Delete Profile": "Profil löschen",
 "I'm sure I want delete my account. All data stored about me will be deleted. I will not be able to login any longer.": "Ich bin mir sicher, dass ich meinen Account löschen möchte. Alle über mich gespeicherten Daten werden gelöscht. Ich werde mich nicht mehr anmelden können.",
 "Your Account has been deleted.": "Deine Daten wurden gelöscht.",
-
 "Please login to edit your profile.": "Bitte logge dich ein um dein Profil zu bearbeiten.",
 "Please create your profile by submitting the form below.": "Bitte erstelle dein Profil indem du das folgende Formular ausfüllst.",
-"Your Profile is inactive. To activate it, please submit the form below.": "Dein Profil ist inaktiv. Um es zu online zu stellen, fülle bitte das folgende Formular aus.",
-"Your Profile is online and can be found by users with an valid token.": "Dein Profil ist online. Es kann von Nutzern mit einem gültigen Zugangscode gefunden werden.",
+"Your profile is inactive. To activate it, please submit the form below.": "Dein Profil ist inaktiv. Um es zu online zu stellen, fülle bitte das folgende Formular aus.",
+"Your profile is online and can be found by users with an valid token.": "Dein Profil ist online. Es kann von Nutzern mit einem gültigen Zugangscode gefunden werden.",
 
 "introduction_supervisor": "<p>Hallo Supervisor:in,<br/> wir freuen uns, dass du Aktivist:innen und Geflüchtete unterstützen möchtest.</p><p>Im Folgenden erfragen wir die notwendigen Informationen, damit du gefunden und kontaktiert werden kannst.<br/>Du bestimmst selbst, ob deine Unterstützungsangebot allen Gruppen aus dem Netzwerk oder einer Auswahl gilt. Deine Daten werden nur den Nutzern angezeigt, die von einer berechtigten NGO einen Zugangscode erhalten haben.</p><p>Damit Nutzer:innen ihrem Bedarf entsprechend die richtigen Supervisor:innen anschreiben können, werden Sprachkenntnisse und eine Liste von Angeboten abgefragt.<br/>Solltest du Unterstützung in Präsenz anbieten, bitten wir zusätzlich um Eingabe der Postleitzahl. Dies ermöglichst eine Umkreissuche.<br/>Neben den in der Suche ausgewerteten Daten, gibt es Freitextfelder zu Spezialisierung und Motivation, sowie die optionale Möglichkeit ein Profilfoto hochzuladen.<p>Natürlich kannst du all diese Daten jederzeit ändern oder löschen.<br/>Die Anwendung wurde mit dem Anspruch entwickelt, so Datensparsam wie möglich zu sein. Von Supervisor:innen werden ausschließlich die auf dieser Seite abgefragten Daten gespeichert. Über die Anwendung nutzende Aktivist:innen und Geflüchteten werden von uns überhaupt keine Daten erhoben. Weitere Infos zum Datenschutz findest du <1>hier</1>.</p><p>Bei Fragen kannst du dich gerne an {{contact}} wenden.<br/> Vielen Dank, wir freuen uns, dass du dabei bist!",
 "For which ngos are you offering your services?": "Für welche NGOs bietest du Unterstützung an?",

frontend/i18n/en.json

@@ -63,14 +63,14 @@
 "New Password": "New Password",
 "OK": "OK",
 
+"Deactivate Profile": "Deactivate Profile",
 "Delete Profile": "Delete Profile",
 "I'm sure I want delete my account. All data stored about me will be deleted. I will not be able to login any longer.": "I'm sure I want delete my account. All data stored about me will be deleted. I will no longer be able to login.",
 "Your Account has been deleted.": "Your account has been deleted.",
-
 "Please login to edit your profile.": "Please login to edit your profile.",
 "Please create your profile by submitting the form below.": "Please create your profile by submitting the form below.",
-"Your Profile is inactive. To activate it, please submit the form below.": "Your Profile is inactive. To activate it, please submit the form below.",
-"Your Profile is online and can be found by users with an valid token.": "Your Profile is online and can be found by users with an valid token.",
+"Your profile is inactive. To activate it, please submit the form below.": "Your profile is inactive. To activate it, please submit the form below.",
+"Your profile is online and can be found by users with an valid token.": "Your profile is online and can be found by users with an valid token.",
 
 "introduction_supervisor": "<p>Hello Supervisor,<br/> we are happy that you want to support activists and refugees.</p><p>In the following, we ask you for the necessary information required for you to be found and contacted.<br/>You decide yourself whether you want to support all the NGOs in our network or a subset. Your data will only be displayed to users who received an access token from one of the authorized NGOs.</p><p>For allowing users to choose a suitable supervisor, we ask for language skills and a list of offers you might be willing to provide.<br/>When you provide support in person, we additionally ask for your country and zip code. This allows users to sort results by distance.<br/>Next to the data evaluated during the search, there are text inputs for describing your specialization and motivation. Optionally you can also upload a profile picture.<p>Of course you can change or delete all this data at any point.<br/>The application was developed with the approach of privacy by design. For supervisors we only store the data queried explicitly at this page. About the activists and refugees using the database, no information at all is recorded. Further information can be found at our <1>privacy policy statement</1>.</p><p>If you have questions, please feel free to contact {{contact}}.<br/>Thanks a lot, and we are happy that you are part of our network!",
 "For which ngos are you offering your services?": "For which NGOs are you offering your services?",

frontend/i18n/es.json

@@ -63,14 +63,14 @@
 "New Password": "Nueva contraseña",
 "OK": "OK",
 
+"Deactivate Profile": "Deactivate Profile",
 "Delete Profile": "Eliminar perfil",
 "I'm sure I want delete my account. All data stored about me will be deleted. I will not be able to login any longer.": "Estoy seguro que quiero eliminar mi cuenta. Toda mi información guardada será eliminada y no podré accesar de nuevo al portal.",
 "Your Account has been deleted.": "Tu cuenta ha sido eliminada.",
-
 "Please login to edit your profile.": "Please login to edit your profile.",
 "Please create your profile by submitting the form below.": "Please create your profile by submitting the form below.",
-"Your Profile is inactive. To activate it, please submit the form below.": "Your Profile is inactive. To activate it, please submit the form below.",
-"Your Profile is online and can be found by users with an valid token.": "Your Profile is online and can be found by users with an valid token.",
+"Your profile is inactive. To activate it, please submit the form below.": "Your profile is inactive. To activate it, please submit the form below.",
+"Your profile is online and can be found by users with an valid token.": "Your profile is online and can be found by users with an valid token.",
 
 "introduction_supervisor": "<p>Hola supervisor,<br/> nos alegra que quieras apoyar activistas y refugiados.</p><p> A continación te solicitamos un poco de información con el fin que puedas ser encontrado y te contacten.<br/>Es tu decisión si deseas apoyar a todas las ONGs de nuestra red o sólamente un subconjunto. Tu información sólamente será mostrada a usuarios que recibieron un token de acceso por parte de alguna de las ONGs autorizadas.</p><p> Con el propósito de permitir a los usuarios el encontrar un supervisor adecuado, te pedimos nos proporciones tu conocimiento de idiomas y una lista de servicios que estarías dispuesto a brindar.<br/>Si ofreces soporte en persona, te pedimos que adicionalmente nos proporciones tu país de residencia y tu código postal. Esto permite a los usuarios ordenar los resultados de la búsqueda por distancias.<br/>Además de la información de búsqueda, hay campos de texto donde puedes detallar tu especialización y motivación. Opcionalmente puedes subir una foto de perfíl.<p>Es posible cambiar esta información en cualquier momento.<br/>Esta aplicación fue desarrollada con un enfoque a la privacidad por diseño. De los supervisores sólamente guardamos la información explícitamente requirida en esta página. De los activistas y refugiados utilizando esta base de datos, ningún tipo de información es almacenada. Más información al respecto puede encontrarse dentro de nuestra <1>política de privacidad</1>.</p><p>Si tuvieras alguna duda o pregunta, por favor no dudes en contactarnos {{contact}}.<br/>Muchas gracias y nos alegramos que seas parte de nuestra red!",
 "For which ngos are you offering your services?": "¿Para cuáles ONGs quisieras ofrecer tus servicios?",

frontend/i18n/fr.json

@@ -63,14 +63,14 @@
 "New Password": "Nouveau mot de passe",
 "OK": "OK",
 
+"Deactivate Profile": "Deactivate Profile",
 "Delete Profile": "Supprimer le profil",
 "I'm sure I want delete my account. All data stored about me will be deleted. I will not be able to login any longer.": "Je suis sûr de vouloir supprimer mon compte. Toutes les données stockées à mon sujet seront supprimées. Je ne pourrai plus me connecter.",
 "Your Account has been deleted.": "Ton compte a été supprimé.",
-
 "Please login to edit your profile.": "Please login to edit your profile.",
 "Please create your profile by submitting the form below.": "Please create your profile by submitting the form below.",
-"Your Profile is inactive. To activate it, please submit the form below.": "Your Profile is inactive. To activate it, please submit the form below.",
-"Your Profile is online and can be found by users with an valid token.": "Your Profile is online and can be found by users with an valid token.",
+"Your profile is inactive. To activate it, please submit the form below.": "Your profile is inactive. To activate it, please submit the form below.",
+"Your profile is online and can be found by users with an valid token.": "Your profile is online and can be found by users with an valid token.",
 
 "introduction_supervisor": "<p>Bonjour le superviseur,<br/> Nous sommes heureux que tu veuilles soutenir les activistes et les fugitifs.</p><p>Ci-dessous, nous te demandons les informations nécessaires pour que tu puisses être trouvé et contacté.<br/>Tu décides toi-même si ton offre de soutien s'applique à tous les groupes du réseau ou à une sélection. Tes données ne seront affichées qu'aux utilisateurs qui ont reçu un code d'accès par une ONG autorisée.</p><p>Pour que les utilisateurs puissent écrire aux bons superviseurs en fonction de leurs besoins, les connaissances linguistiques et une liste d'offres sont demandées.<br/>Si tu proposes du soutien en présence, nous te prions d'indiquer le code postal. Cela permet une recherche de proximité.<br/>En plus des données évaluées dans la recherche, il y a des champs de texte libre sur la spécialisation et la motivation, ainsi que la possibilité optionnelle de télécharger une photo de profil.<p>Bien sûr, tu peux modifier ou supprimer toutes ces données à tout moment.<br/>L'application a été développée avec l'ambition d'être aussi économe que possible en données. Seules les données demandées sur cette page sont enregistrées par les superviseurs. Nous ne collectons aucune donnée sur les activistes et les réfugiés qui utilisent l'application. Tu trouveras plus d'informations sur la protection des données <1>ici</1>.</p><p>Si tu as des questions, n'hésite pas à contacter {{contact}}.<br/> Merci beaucoup, nous sommes ravis de t'avoir parmi nous!",
 "For which ngos are you offering your services?": "Pour quelles ONG offres-tu ton soutien ?",