minor fixes, more tests

.env

@@ -1,5 +1,5 @@
 profile=development
-adminElevatedPrivileges=false
+adminElevatedPrivileges=true
 sessionKey=<session-key>
 mongodbUsername=root
 mongodbPassword=root

package.json

@@ -1,6 +1,6 @@
 {
   "name": "secretsanta",
-  "version": "5.1.1",
+  "version": "5.1.2",
   "description": "SecretSanta source code",
   "author": "Zaista",
   "license": "MIT",

public/profile/santaProfile.html

@@ -12,7 +12,7 @@
       name="viewport"
       content="width=device-width, initial-scale=1, maximum-scale=1, user-scalable=no"
     />
-    <title>Secret Santa</title>
+    <title>Secret Santa Profile</title>
     <link rel="stylesheet" type="text/css" href="/santa.css" />
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
     <script src="/profile/santaProfile.js"></script>
@@ -120,13 +120,7 @@
               <label for="state" class="form-label">State</label>
             </div>
             <div class="form-floating mb-3">
-              <input
-                disabled
-                type="email"
-                class="form-control"
-                id="email"
-                placeholder="Name"
-              />
+              <input disabled type="email" class="form-control" id="email" />
               <label for="email" class="form-label">Email</label>
             </div>
             <button id="profileSaveButton" class="btn btn-primary" {{isHidden}}>
@@ -165,7 +159,7 @@ <h5 class="modal-title" id="cropLabel">Crop your image</h5>
                   Close
                 </button>
                 <button id="submitImage" type="button" class="btn btn-primary">
-                  Save changes
+                  Upload image
                 </button>
               </div>
             </div>

routers/admin-router.js

@@ -33,7 +33,7 @@ const adminRouter = express.Router();
 // define the home page route
 adminRouter.get('/', (req, res) => {
   if (!req.user) return res.status(401).redirect('session/login');
-  else if (req.session.activeGroup.role !== ROLES.admin)
+  else if (req.session.activeGroup?.role !== ROLES.admin)
     return res.status(401).redirect('/');
   res.sendFile('public/admin/santaAdmin.html', { root: '.' });
 });

routers/history-router.js

@@ -55,8 +55,8 @@ historyRouter.get('/year/api/location-image', async (req, res) => {
     res.setHeader('Content-Type', 'image/jpeg');
     res.setHeader('Cache-Control', 'public, max-age=31536000'); // Cache for 1 year
     objectStream.pipe(res);
-  } catch (e) {
-    log.error('ERROR 1: ' + e.message);
+  } catch (err) {
+    log.error('ERROR 1: ' + err);
     res.sendFile('public/resources/images/placeholder.png', { root: '.' });
   }
 });
@@ -72,7 +72,7 @@ historyRouter.post('/year/api/location-image', async (req, res) => {
     await updateLocationImage(req.query.id);
     res.send({ success: 'Location image was uploaded successfully' });
   } catch (e) {
-    log.error('ERROR 2: ' + e.message);
+    log.error('ERROR 2: ' + e);
     res.send({ error: 'Failed to upload the year location image' });
   }
 });
@@ -88,7 +88,7 @@ historyRouter.post('/year/api/gift-image', async (req, res) => {
     await updateGiftImage(req.query.yearId, req.query.giftId);
     res.send({ success: 'Gift image was uploaded successfully' });
   } catch (e) {
-    log.error('ERROR 3: ' + e.message);
+    log.error('ERROR 3: ' + e);
     res.send({ error: 'Failed to upload the gift image' });
   }
 });

routers/profile-router.js

@@ -18,7 +18,11 @@ profileRouter.get('/', async (req, res) => {
   if (req.query.id === undefined || req.user._id.toString() === req.query.id) {
     isCurrentUser = true;
   }
-  res.render('profile/santaProfile.html', { isCurrentUser });
+  const options = {
+    isCurrentUser: isCurrentUser,
+    activeGroup: req.session.activeGroup,
+  };
+  res.render('profile/santaProfile.html', options);
 });
 
 profileRouter.get('/api/list', async (req, res) => {
@@ -57,7 +61,7 @@ profileRouter.get('/api/image', async (req, res) => {
     res.setHeader('Cache-Control', 'public, max-age=31536000'); // Cache for 1 year
     objectStream.pipe(res);
   } catch (e) {
-    log.error('ERROR 1: ' + e.message);
+    log.error('ERROR 1: ' + e);
     res.sendFile('public/resources/images/placeholder.png', { root: '.' });
   }
 });
@@ -77,7 +81,7 @@ profileRouter.post('/api/image', async (req, res) => {
     await updateProfileImage(userId);
     res.send({ success: 'Profile image updated successfully' });
   } catch (e) {
-    log.error('ERROR 2: ' + e.message);
+    log.error('ERROR 2: ' + e);
     res.send({ error: 'Failed to update the profile image' });
   }
 });

routers/santa-router.js

@@ -20,7 +20,7 @@ santaRouter.get('/api/santa', async (req, res) => {
     }
     return res.send(santa[0]);
   } else {
-    return res.send({ warning: 'No active group' });
+    return res.send({ warning: 'No Secret Santa group selected' });
   }
 });
 

routers/session-router.js

@@ -13,7 +13,7 @@ import { sendEmail } from '../utils/environment.js';
 import { checkIfUserExists, createNewUser } from '../utils/adminPipeline.js';
 
 const sessionRouter = express.Router();
-const log = getLogger('seesion');
+const log = getLogger('session');
 
 sessionRouter.get('/login', (req, res) => {
   if (req.user) return res.redirect('/');
@@ -126,12 +126,13 @@ passport.serializeUser(function (user, done) {
   done(null, serializedUser);
 });
 
-passport.deserializeUser(async function (serializedUser, done) {
+passport.deserializeUser(async function (req, serializedUser, done) {
   const deserializedUser = deserialize(Buffer.from(serializedUser));
   const user = await getUserById(deserializedUser._id);
-  if (user.length === 0) {
+  if (user === null || user.length === 0) {
     done(null, null, { error: 'User not found' });
   } else {
+    req.session.activeGroup = user[0].groups[0];
     done(null, user[0]);
   }
 });

tests/admin.spec.js

@@ -7,7 +7,7 @@ import {
   inviteUserToGroup,
   addForbiddenPair,
 } from './helpers/admin.js';
-import { createDraftedGroup } from './helpers/setup.js';
+import { createNewGroup, createDraftedGroup } from './helpers/setup.js';
 
 test.describe('admin tests', () => {
   test.describe('group settings tests', () => {
@@ -137,4 +137,35 @@ test.describe('admin tests', () => {
       );
     });
   });
+
+  test.describe('admin access tests', () => {
+    test('user cannot access admin page', async ({ page }) => {
+      const groupData = await createNewGroup(page.request);
+      await login(
+        page.request,
+        groupData.users.user1.email,
+        groupData.users.user1.password
+      );
+      await page.goto('/admin');
+
+      await expect(page).toHaveTitle('Secret Santa');
+      await expect(page.getByRole('listitem', { name: 'Admin' })).toBeHidden();
+    });
+
+    test('user with no group cannot access admin page', async ({ page }) => {
+      const user = {
+        email: faker.internet.email(),
+        password: faker.internet.password(),
+      };
+      await registerUser(page.request, user);
+
+      await page.goto('/admin');
+
+      await expect(page).toHaveTitle('Secret Santa');
+      await expect(page.getByRole('listitem', { name: 'Admin' })).toBeHidden();
+      await expect(page.locator('#footerAlert')).toHaveText(
+        'No Secret Santa group selected'
+      );
+    });
+  });
 });

tests/chat.spec.js

@@ -1,7 +1,7 @@
 // @ts-check
 import { test, expect } from '@playwright/test';
 import { faker } from '@faker-js/faker';
-import { login } from './helpers/login.js';
+import { login, registerUser } from './helpers/login.js';
 import { sendMessage } from './helpers/chat.js';
 import { createNewGroup } from './helpers/setup.js';
 
@@ -53,7 +53,7 @@
     );
     await page.goto('/chat');
 
     await expect(page.locator('[data-name="chatTo"]')).toContainText(
       groupData.users.user2.name
     );
     await expect(page.locator('[data-name="chatMessage"]')).toHaveText(
@@ -63,4 +63,17 @@
       'From: Anonymous'
     );
   });
+
+  test('user with no group cannot access chat page', async ({ page }) => {
+    const user = {
+      email: faker.internet.email(),
+      password: faker.internet.password(),
+    };
+    await registerUser(page.request, user);
+
+    await page.goto('/chat');
+
+    await expect(page).toHaveTitle('Secret Santa Chat');
+    await expect(page.locator('#footerAlert')).toHaveText('No chat activity');
+  });
 });

tests/history.spec.js

@@ -1,7 +1,8 @@
 // @ts-check
 import { test, expect } from '@playwright/test';
-import { login } from './helpers/login.js';
+import { login, registerUser } from './helpers/login.js';
 import { createRevealedGroup } from './helpers/setup.js';
+import { faker } from '@faker-js/faker';
 
 test.describe('history tests', () => {
   test('user can edit santa history', async ({ page }) => {
@@ -65,4 +66,19 @@ test.describe('history tests', () => {
     );
     await expect(page.getByText('Random location')).toBeVisible();
   });
+
+  test('user with no group cannot access history page', async ({ page }) => {
+    const user = {
+      email: faker.internet.email(),
+      password: faker.internet.password(),
+    };
+    await registerUser(page.request, user);
+
+    await page.goto('/history');
+
+    await expect(page).toHaveTitle('Secret Santa History');
+    await expect(page.locator('#footerAlert')).toHaveText(
+      'No recorded history'
+    );
+  });
 });

tests/home.spec.js

@@ -69,4 +69,19 @@ test.describe('home tests', () => {
     ).toBeVisible();
     await expect(page).toHaveTitle('Secret Santa Admin');
   });
+
+  test('user with no group cannot access home page', async ({ page }) => {
+    const user = {
+      email: faker.internet.email(),
+      password: faker.internet.password(),
+    };
+    await registerUser(page.request, user);
+
+    await page.goto('/');
+
+    await expect(page).toHaveTitle('Secret Santa');
+    await expect(page.locator('#footerAlert')).toHaveText(
+      'No Secret Santa group selected'
+    );
+  });
 });