diff --git a/server/onboardingAPI.js b/server/onboardingAPI.jsindex 7bcdc95..1

1. diff --git a/server/onboardingAPI.js b/server/onboardingAPI.js
2. index 7bcdc95..11988c8 100644
3. --- a/server/onboardingAPI.js
4. +++ b/server/onboardingAPI.js
5. @@ -352,12 +352,6 @@ function OnboardingAPI(aLogLevel, aModules) {
6. function postAddUsers(aReq, aRes) {
7. var authToken = aReq.params.authToken;
8. getAuthenticatedUser(aReq.path, authToken, aReq.tbConfig.sessionTimeout).then(userInfo => {
9. - if (!userInfo || userInfo.role !== 'full') {
10. - logger.log(aReq.path, ': Unauthorized');
11. - aRes.status(401).send(new ErrorInfo(401, 'Unauthorized'));
12. - return null;
13. - }
14. -
15. var id = aReq.params.idOrg;
16. var listOfUsers = aReq.body;
17. if (!Utils.isA(PARAMS_TEMPLATE.listOfUsers, listOfUsers)) {
18. @@ -378,6 +372,10 @@ function OnboardingAPI(aLogLevel, aModules) {
19.  
20. return anvilAPI.getAccount(idOrgs[0]).
21. then(orgAnvil => {
22. + if (!orgAnvil) {
23. + aRes.status(400).send(new ErrorInfo(400, 'Account not found'));
24. + return null;
25. + }
26. var owner = {
27. email: orgAnvil.email,
28. firstName: '',
29. @@ -394,8 +392,8 @@ function OnboardingAPI(aLogLevel, aModules) {
30. });
31. });
32. }).catch(e => {
33. - logger.log('Returning error:', e);
34. - aRes.status(500).send(e);
35. + logger.log(aReq.path, ': Unauthorized', e);
36. + aRes.status(401).send(new ErrorInfo(401, 'Unauthorized'));
37. });
38. }
39.  
40. diff --git a/test/api/server_spec.js b/test/api/server_spec.js
41. index b8551a0..93185c8 100644
42. --- a/test/api/server_spec.js
43. +++ b/test/api/server_spec.js
44. @@ -104,6 +104,7 @@ describe('Onboarding Support server', function() {
45. account: {
46. id: 0,
47. name: '',
48. + email: '',
49. role: '',
50. scopes: ['']
51. },
52. @@ -202,6 +203,7 @@ describe('Onboarding Support server', function() {
53. };
54. var accountReply = {
55. id: 2525,
56. + email: testOwner.email,
57. name: testInput.accountName,
58. role: "administrator", scopes: ['somescope']
59. };
60. @@ -282,4 +284,106 @@ describe('Onboarding Support server', function() {
61. });
62. });
63.  
64. + it('POST /onboard/{authToken}/account/{idOrg}', function(done) {
65. + validToken.then(aToken => {
66. + var id = 25;
67. + var testUsers = [
68. + {
69. + email: 'auser@users.com',
70. + firstName: 'User1 name',
71. + lastName: 'User 1 surname',
72. + role: 1
73. + },
74. + {
75. + email: 'auser2@users.com',
76. + firstName: 'User2 name',
77. + lastName: 'User 2 surname',
78. + role: 0
79. + }
80. + ];
81. + var createdUsers = testUsers.map(aUser => extendCopy(aUser, { id: id++ }));
82. + var testInput = testUsers;
83. + var accountReply = {
84. + id: 2525,
85. + email: 'somemail@someserver.com',
86. + name: 'Existing account name',
87. + role: "administrator", scopes: ['somescope']
88. + };
89. + var resultInfo = Utils.extendCopy(OperationResultInfo, {});
90. + delete resultInfo.owner.ctPassword;
91. + resultInfo.anvilUsers[0] = {
92. + email: '',
93. + firstName: '',
94. + lastName: '',
95. + role: 0,
96. + id: 0,
97. + ctPassword: ''
98. + };
99. +
100. + function checkValidAnswer(aRes) {
101. + if (!Utils.isA(resultInfo, aRes.body)) {
102. + throw new Error('Got incorrect data:' + JSON.stringify(aRes.body));
103. + };
104. + return undefined;
105. + }
106. +
107. + // Setup the expected anvil answers...
108. + anvilAPIInterceptor.getAccount(123, 200, accountReply);
109. + createdUsers.forEach(aUser => {
110. + anvilAPIInterceptor.createUser(200, aUser);
111. + anvilAPIInterceptor.setUserRole(accountReply.id, aUser.email, 200,
112. + extendCopy(aUser, {role: 'role'}));
113. + });
114. +
115. + request(app).
116. + post('/onboard/' + aToken + '/account/123_123').
117. + send(testInput).
118. + expect(checkValidAnswer).
119. + expect(200, done);
120. + });
121. + });
122. +
123. + it('POST /onboard/{authToken}/account/{idOrg} incorrect id', function(done) {
124. + validToken.then(aToken => {
125. + var id = 25;
126. + var testUsers = [
127. + {
128. + email: 'auser@users.com',
129. + firstName: 'User1 name',
130. + lastName: 'User 1 surname',
131. + role: 1
132. + },
133. + {
134. + email: 'auser2@users.com',
135. + firstName: 'User2 name',
136. + lastName: 'User 2 surname',
137. + role: 0
138. + }
139. + ];
140. +
141. + request(app).
142. + post('/onboard/' + aToken + '/account/125_125').
143. + send(testUsers).
144. + expect(400, done);
145. + });
146. + });
147. +
148. + it('POST /onboard/{authToken}/account/{idOrg} incorrect input', function(done) {
149. + validToken.then(aToken => {
150. + var id = 25;
151. + var testUsers = [
152. + {
153. + email: 'auser@users.com',
154. + firstName: 'User1 name',
155. + lastName: 'User 1 surname'
156. + }
157. + ];
158. +
159. + request(app).
160. + post('/onboard/' + aToken + '/account/125_125').
161. + send(testUsers).
162. + expect(400, done);
163. + });
164. + });
165. +
166. });