tenseleyflow/shithub / b507608

+	h.renderSettingsProfileWithForm(w, r, org, settingsProfileFormFromOrg(org), errMsg, success)

+func TestOrgSettingsProfileUpdate(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	q := orgsdb.New()

+	viewerID := insertOrgAvatarUser(t, pool, "mfwolffe")

+	orgID := insertOrgAvatarOrg(t, pool, viewerID, "tenseleyFlow")

+

+	tmplFS := fstest.MapFS{

+		"_layout.html":               {Data: []byte(`{{ define "layout" }}<html><body>{{ template "page" . }}</body></html>{{ end }}`)},

+		"orgs/settings_profile.html": {Data: []byte(`{{ define "page" }}{{ with .Error }}ERROR={{ . }}{{ end }}{{ with .Success }}SUCCESS={{ . }}{{ end }}DISPLAY={{ .Form.DisplayName }}{{ end }}`)},

+		"errors/403.html":            {Data: []byte(`{{ define "page" }}403{{ end }}`)},

+		"errors/404.html":            {Data: []byte(`{{ define "page" }}404{{ end }}`)},

+		"errors/500.html":            {Data: []byte(`{{ define "page" }}500{{ end }}`)},

+	}

+	rr, err := render.New(tmplFS, render.Options{})

+	if err != nil {

+		t.Fatalf("render.New: %v", err)

+	}

+	h, err := orgsh.New(orgsh.Deps{

+		Logger: slog.New(slog.NewTextHandler(io.Discard, nil)),

+		Render: rr,

+		Pool:   pool,

+	})

+	if err != nil {

+		t.Fatalf("orgsh.New: %v", err)

+	}

+	r := chi.NewRouter()

+	r.Use(func(next http.Handler) http.Handler {

+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

+			viewer := middleware.CurrentUser{ID: viewerID, Username: "mfwolffe"}

+			next.ServeHTTP(w, r.WithContext(middleware.WithCurrentUserForTest(r.Context(), viewer)))

+		})

+	})

+	h.MountCreate(r)

+	srv := httptest.NewServer(r)

+	t.Cleanup(srv.Close)

+

+	resp, err := http.PostForm(srv.URL+"/organizations/tenseleyFlow/settings/profile", url.Values{

+		"display_name":             {"Tenseley Flow"},

+		"description":              {"Workflow repositories"},

+		"website":                  {"example.com"},

+		"location":                 {"United States of America"},

+		"billing_email":            {"billing@example.com"},

+		"allow_member_repo_create": {"on"},

+	})

+	if err != nil {

+		t.Fatalf("POST settings: %v", err)

+	}

+	body, _ := io.ReadAll(resp.Body)

+	_ = resp.Body.Close()

+	if resp.StatusCode != http.StatusOK {

+		t.Fatalf("POST status=%d body=%s", resp.StatusCode, body)

+	}

+	if !strings.Contains(string(body), "SUCCESS=Organization profile updated.") {

+		t.Fatalf("expected success render, got %s", body)

+	}

+	org, err := q.GetOrgByID(ctx, pool, orgID)

+	if err != nil {

+		t.Fatalf("GetOrgByID: %v", err)

+	}

+	if org.DisplayName != "Tenseley Flow" ||

+		org.Description != "Workflow repositories" ||

+		org.Website != "https://example.com" ||

+		org.Location != "United States of America" ||

+		org.BillingEmail != "billing@example.com" ||

+		!org.AllowMemberRepoCreate {

+		t.Fatalf("unexpected org after update: %#v", org)

+	}

+

+	resp, err = http.PostForm(srv.URL+"/organizations/tenseleyFlow/settings/profile", url.Values{

+		"display_name":  {"Tenseley Flow"},

+		"billing_email": {"billing@example.com"},

+	})

+	if err != nil {

+		t.Fatalf("POST settings clear checkbox: %v", err)

+	}

+	_ = resp.Body.Close()

+	org, err = q.GetOrgByID(ctx, pool, orgID)

+	if err != nil {

+		t.Fatalf("GetOrgByID after checkbox clear: %v", err)

+	}

+	if org.AllowMemberRepoCreate {

+		t.Fatalf("expected unchecked allow_member_repo_create to persist false")

+	}

+}

+

+func TestOrgSettingsDeleteRequiresSlugConfirmation(t *testing.T) {

+	t.Parallel()

+	ctx := context.Background()

+	pool := dbtest.NewTestDB(t)

+	q := orgsdb.New()

+	viewerID := insertOrgAvatarUser(t, pool, "mfwolffe")

+	insertOrgAvatarOrg(t, pool, viewerID, "tenseleyFlow")

+

+	tmplFS := fstest.MapFS{

+		"_layout.html":               {Data: []byte(`{{ define "layout" }}<html><body>{{ template "page" . }}</body></html>{{ end }}`)},

+		"orgs/settings_profile.html": {Data: []byte(`{{ define "page" }}{{ with .Error }}ERROR={{ . }}{{ end }}{{ end }}`)},

+		"errors/403.html":            {Data: []byte(`{{ define "page" }}403{{ end }}`)},

+		"errors/404.html":            {Data: []byte(`{{ define "page" }}404{{ end }}`)},

+		"errors/500.html":            {Data: []byte(`{{ define "page" }}500{{ end }}`)},

+	}

+	rr, err := render.New(tmplFS, render.Options{})

+	if err != nil {

+		t.Fatalf("render.New: %v", err)

+	}

+	h, err := orgsh.New(orgsh.Deps{

+		Logger: slog.New(slog.NewTextHandler(io.Discard, nil)),

+		Render: rr,

+		Pool:   pool,

+	})

+	if err != nil {

+		t.Fatalf("orgsh.New: %v", err)

+	}

+	r := chi.NewRouter()

+	r.Use(func(next http.Handler) http.Handler {

+		return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

+			viewer := middleware.CurrentUser{ID: viewerID, Username: "mfwolffe"}

+			next.ServeHTTP(w, r.WithContext(middleware.WithCurrentUserForTest(r.Context(), viewer)))

+		})

+	})

+	h.MountCreate(r)

+	srv := httptest.NewServer(r)

+	t.Cleanup(srv.Close)

+	cli := &http.Client{CheckRedirect: func(*http.Request, []*http.Request) error {

+		return http.ErrUseLastResponse

+	}}

+

+	resp, err := cli.PostForm(srv.URL+"/organizations/tenseleyFlow/settings/delete", url.Values{

+		"confirm_slug": {"wrong"},

+	})

+	if err != nil {

+		t.Fatalf("POST delete wrong confirmation: %v", err)

+	}

+	body, _ := io.ReadAll(resp.Body)

+	_ = resp.Body.Close()

+	if resp.StatusCode != http.StatusOK {

+		t.Fatalf("wrong confirmation status=%d body=%s", resp.StatusCode, body)

+	}

+	if !strings.Contains(string(body), "ERROR=Enter this organization's name to confirm deletion.") {

+		t.Fatalf("expected confirmation error, got %s", body)

+	}

+	org, err := q.GetOrgBySlugIncludingDeleted(ctx, pool, "tenseleyFlow")

+	if err != nil {

+		t.Fatalf("GetOrgBySlugIncludingDeleted: %v", err)

+	}

+	if org.DeletedAt.Valid {

+		t.Fatalf("org should not be deleted after wrong confirmation")

+	}

+

+	resp, err = cli.PostForm(srv.URL+"/organizations/tenseleyFlow/settings/delete", url.Values{

+		"confirm_slug": {"TENSELEYFLOW"},

+	})

+	if err != nil {

+		t.Fatalf("POST delete: %v", err)

+	}

+	_ = resp.Body.Close()

+	if resp.StatusCode != http.StatusSeeOther {

+		t.Fatalf("delete status=%d", resp.StatusCode)

+	}

+	if got := resp.Header.Get("Location"); got != "/settings/organizations" {

+		t.Fatalf("delete Location=%q", got)

+	}

+	org, err = q.GetOrgBySlugIncludingDeleted(ctx, pool, "tenseleyFlow")

+	if err != nil {

+		t.Fatalf("GetOrgBySlugIncludingDeleted after delete: %v", err)

+	}

+	if !org.DeletedAt.Valid {

+		t.Fatalf("expected org to be soft-deleted")

+	}

+}

+

+	r.Post("/organizations/{org}/settings/profile", h.settingsProfileSubmit)

+	r.Post("/organizations/{org}/settings/delete", h.settingsDelete)

+// SPDX-License-Identifier: AGPL-3.0-or-later

+

+package orgs

+

+import (

+	"net/http"

+	"net/mail"

+	"net/url"

+	"strings"

+	"unicode/utf8"

+

+	orgdomain "github.com/tenseleyFlow/shithub/internal/orgs"

+	orgsdb "github.com/tenseleyFlow/shithub/internal/orgs/sqlc"

+	"github.com/tenseleyFlow/shithub/internal/web/middleware"

+)

+

+const (

+	orgProfileMaxDisplayName = 100

+	orgProfileMaxLocation    = 80

+	orgProfileMaxWebsite     = 200

+)

+

+type settingsProfileForm struct {

+	DisplayName           string

+	Description           string

+	Website               string

+	Location              string

+	BillingEmail          string

+	AllowMemberRepoCreate bool

+}

+

+func settingsProfileFormFromOrg(org orgsdb.Org) settingsProfileForm {

+	return settingsProfileForm{

+		DisplayName:           org.DisplayName,

+		Description:           org.Description,

+		Website:               org.Website,

+		Location:              org.Location,

+		BillingEmail:          org.BillingEmail,

+		AllowMemberRepoCreate: org.AllowMemberRepoCreate,

+	}

+}

+

+func (h *Handlers) settingsProfileSubmit(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.orgFromSlug(w, r)

+	if !ok {

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if !h.requireOrgOwner(w, r, org.ID, viewer) {

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+

+	form := settingsProfileForm{

+		DisplayName:           strings.TrimSpace(r.PostFormValue("display_name")),

+		Description:           strings.TrimRight(r.PostFormValue("description"), " \t\r\n"),

+		Website:               strings.TrimSpace(r.PostFormValue("website")),

+		Location:              strings.TrimSpace(r.PostFormValue("location")),

+		BillingEmail:          strings.TrimSpace(r.PostFormValue("billing_email")),

+		AllowMemberRepoCreate: r.PostFormValue("allow_member_repo_create") == "on",

+	}

+	if form.DisplayName == "" {

+		form.DisplayName = org.Slug

+	}

+	if msg := validateOrgProfile(&form); msg != "" {

+		h.renderSettingsProfileWithForm(w, r, org, form, msg, "")

+		return

+	}

+

+	q := orgsdb.New()

+	tx, err := h.d.Pool.Begin(r.Context())

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org settings: begin update", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	committed := false

+	defer func() {

+		if !committed {

+			_ = tx.Rollback(r.Context())

+		}

+	}()

+	if err := q.UpdateOrgProfile(r.Context(), tx, orgsdb.UpdateOrgProfileParams{

+		ID:           org.ID,

+		DisplayName:  form.DisplayName,

+		Description:  form.Description,

+		Location:     form.Location,

+		Website:      form.Website,

+		BillingEmail: form.BillingEmail,

+	}); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org settings: update profile", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	if err := q.SetOrgAllowMemberRepoCreate(r.Context(), tx, orgsdb.SetOrgAllowMemberRepoCreateParams{

+		ID:                    org.ID,

+		AllowMemberRepoCreate: form.AllowMemberRepoCreate,

+	}); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org settings: update member repo create", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	if err := tx.Commit(r.Context()); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org settings: commit update", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	committed = true

+	updated, err := q.GetOrgByID(r.Context(), h.d.Pool, org.ID)

+	if err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org settings: reload profile", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	h.renderSettingsProfile(w, r, updated, "", "Organization profile updated.")

+}

+

+func (h *Handlers) settingsDelete(w http.ResponseWriter, r *http.Request) {

+	org, ok := h.orgFromSlug(w, r)

+	if !ok {

+		return

+	}

+	viewer := middleware.CurrentUserFromContext(r.Context())

+	if !h.requireOrgOwner(w, r, org.ID, viewer) {

+		return

+	}

+	if err := r.ParseForm(); err != nil {

+		h.d.Render.HTTPError(w, r, http.StatusBadRequest, "form parse")

+		return

+	}

+	if !strings.EqualFold(strings.TrimSpace(r.PostFormValue("confirm_slug")), org.Slug) {

+		h.renderSettingsProfile(w, r, org, "Enter this organization's name to confirm deletion.", "")

+		return

+	}

+	if err := orgdomain.SoftDelete(r.Context(), h.deps(), org.ID, viewer.ID); err != nil {

+		h.d.Logger.ErrorContext(r.Context(), "org settings: soft delete", "error", err)

+		h.d.Render.HTTPError(w, r, http.StatusInternalServerError, "")

+		return

+	}

+	http.Redirect(w, r, "/settings/organizations", http.StatusSeeOther)

+}

+

+func (h *Handlers) renderSettingsProfileWithForm(

+	w http.ResponseWriter,

+	r *http.Request,

+	org orgsdb.Org,

+	form settingsProfileForm,

+	errMsg string,

+	success string,

+) {

+	_ = h.d.Render.RenderPage(w, r, "orgs/settings_profile", map[string]any{

+		"Title":               org.Slug + " - profile settings",

+		"CSRFToken":           middleware.CSRFTokenForRequest(r),

+		"Org":                 org,

+		"Form":                form,

+		"AvatarURL":           "/avatars/" + url.PathEscape(org.Slug),

+		"ActiveOrgNav":        "settings",

+		"AvatarUploadEnabled": h.d.ObjectStore != nil,

+		"HasAvatar":           org.AvatarObjectKey.Valid && org.AvatarObjectKey.String != "",

+		"Error":               errMsg,

+		"Success":             success,

+	})

+}

+

+func validateOrgProfile(f *settingsProfileForm) string {

+	if utf8.RuneCountInString(f.DisplayName) > orgProfileMaxDisplayName {

+		return "Organization display name is too long."

+	}

+	if utf8.RuneCountInString(f.Description) > 350 {

+		return "Description is too long (max 350 characters)."

+	}

+	if utf8.RuneCountInString(f.Location) > orgProfileMaxLocation {

+		return "Location is too long."

+	}

+	if utf8.RuneCountInString(f.Website) > orgProfileMaxWebsite {

+		return "Website URL is too long."

+	}

+	if strings.ContainsAny(f.DisplayName, "\r\n") || strings.ContainsAny(f.Location, "\r\n") {

+		return "Single-line fields cannot contain newlines."

+	}

+	if f.Website != "" {

+		if !strings.Contains(f.Website, "://") {

+			f.Website = "https://" + f.Website

+		}

+		u, err := url.Parse(f.Website)

+		if err != nil || (u.Scheme != "http" && u.Scheme != "https") || u.Host == "" {

+			return "Website must be an http(s) URL."

+		}

+	}

+	if f.BillingEmail != "" {

+		addr, err := mail.ParseAddress(f.BillingEmail)

+		if err != nil || addr.Address != f.BillingEmail {

+			return "Billing email must be a single valid email address."

+		}

+	}

+	return ""

+}