feat: add api/auth/accept-invite for auth'd users

This allows them to confirm that they've logged in.

apps/backend/config/sync/user-role.authenticated.json

@@ -57,6 +57,9 @@
     {
       "action": "plugin::upload.content-api.upload"
     },
+    {
+      "action": "plugin::users-permissions.auth.acceptInvitation"
+    },
     {
       "action": "plugin::users-permissions.auth.changePassword"
     },

apps/backend/config/sync/user-role.contributor.json

@@ -39,6 +39,9 @@
     {
       "action": "plugin::upload.content-api.upload"
     },
+    {
+      "action": "plugin::users-permissions.auth.acceptInvitation"
+    },
     {
       "action": "plugin::users-permissions.role.find"
     },

apps/backend/src/extensions/users-permissions/strapi-server.js

@@ -75,5 +75,33 @@ module.exports = (plugin) => {
       policies: [],
     },
   });
+
+  plugin.controllers.auth.acceptInvitation = async (ctx) => {
+    if (!ctx.state.user || !ctx.state.user.id) {
+      return (ctx.response.status = 401);
+    }
+
+    await strapi.query("plugin::users-permissions.user").update({
+      where: { id: ctx.state.user.id },
+      data: {
+        status: "active",
+      },
+    });
+
+    ctx.response.status = 200;
+    ctx.response.body = {
+      status: "success",
+    };
+  };
+
+  plugin.routes["content-api"].routes.unshift({
+    method: "PUT",
+    path: "/auth/accept-invitation/",
+    handler: "auth.acceptInvitation",
+    config: {
+      prefix: "",
+      policies: [],
+    },
+  });
   return plugin;
 };

apps/backend/tests/auth/index.js

@@ -6,6 +6,7 @@ const {
   deleteUser,
   getAllRoles,
   getUserByRole,
+  getRoleId,
 } = require("../helpers/helpers");
 
 // user mock data
@@ -18,6 +19,14 @@ const mockUserData = {
   blocked: null,
 };
 
+const invitedUserData = {
+  username: "invited",
+  email: "invited@user.com",
+  provider: "auth0",
+  confirmed: false,
+  status: "invited",
+};
+
 describe("auth", () => {
   describe("invitation", () => {
     let mockUser;
@@ -127,4 +136,34 @@ describe("auth", () => {
       }
     });
   });
+
+  describe("accept-invitation", () => {
+    afterEach(() => {
+      deleteUser(invitedUserData.username);
+    });
+
+    // TODO: loop over all roles after fetching them with getAllRoles
+    const roles = ["Editor", "Contributor"];
+
+    roles.forEach((role) => {
+      it(`should set a ${role} user as active if they are not already`, async () => {
+        const roleId = await getRoleId(role);
+        await strapi.plugins["users-permissions"].services.user.add({
+          ...invitedUserData,
+          role: roleId,
+        });
+
+        const invitedUserToken = await getUserJWT(invitedUserData.username);
+
+        const res = await request(strapi.server.httpServer)
+          .put("/api/auth/accept-invitation/")
+          .auth(invitedUserToken, { type: "bearer" });
+
+        expect(res.status).toEqual(200);
+        expect(res.body).toEqual({ status: "success" });
+        const updatedUser = await getUser(invitedUserData.username);
+        expect(updatedUser.status).toEqual("active");
+      });
+    });
+  });
 });