fix: Correctly guard against last admin deleting their account (#2069)

* fix: Correctly guard against last admin deleting their account * test
2021-04-24 20:52:46 -07:00
parent 3fbb3a2403
commit 2d22399bbc
5 changed files with 163 additions and 34 deletions
--- a/server/commands/userDestroyer.test.js
+++ b/server/commands/userDestroyer.test.js
@ -0,0 +1,83 @@
+// @flow
+import { buildUser, buildAdmin } from "../test/factories";
+import { flushdb } from "../test/support";
+import userDestroyer from "./userDestroyer";
+
+beforeEach(() => flushdb());
+
+describe("userDestroyer", () => {
+  const ip = "127.0.0.1";
+
+  it("should prevent last user from deleting account", async () => {
+    const user = await buildUser();
+
+    let error;
+
+    try {
+      await userDestroyer({
+        user,
+        actor: user,
+        ip,
+      });
+    } catch (err) {
+      error = err;
+    }
+    expect(error && error.message).toContain("Cannot delete last user");
+  });
+
+  it("should prevent last admin from deleting account", async () => {
+    const user = await buildAdmin();
+    await buildUser({ teamId: user.teamId });
+
+    let error;
+
+    try {
+      await userDestroyer({
+        user,
+        actor: user,
+        ip,
+      });
+    } catch (err) {
+      error = err;
+    }
+    expect(error && error.message).toContain("Cannot delete account");
+  });
+
+  it("should not prevent multiple admin from deleting account", async () => {
+    const actor = await buildAdmin();
+    const user = await buildAdmin({ teamId: actor.teamId });
+
+    let error;
+
+    try {
+      await userDestroyer({
+        user,
+        actor,
+        ip,
+      });
+    } catch (err) {
+      error = err;
+    }
+    expect(error).toBeFalsy();
+    expect(user.deletedAt).toBeTruthy();
+  });
+
+  it("should not prevent last non-admin from deleting account", async () => {
+    const user = await buildUser();
+    await buildUser({ teamId: user.teamId });
+
+    let error;
+
+    try {
+      await userDestroyer({
+        user,
+        actor: user,
+        ip,
+      });
+    } catch (err) {
+      error = err;
+    }
+    expect(error).toBeFalsy();
+    expect(user.deletedAt).toBeTruthy();
+  });
+});