Merge branch 'release/1.4.0' into develop

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 40dd0f0e96b85413aab764cd11019925c6b68807..544db76d73c805b124246d42c01910baca9ba80d 100644 (file)
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -2,8 +2,9 @@ import * as Bluebird from 'bluebird'
 import * as express from 'express'
 import { body, param } from 'express-validator'
 import { omit } from 'lodash'
-import { isIdOrUUIDValid, toBooleanOrNull } from '../../helpers/custom-validators/misc'
+import { isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
 import {
+  isNoInstanceConfigWarningModal, isNoWelcomeModal,
   isUserAdminFlagsValid,
   isUserAutoPlayVideoValid,
   isUserBlockedReasonValid,
@@ -39,7 +40,9 @@ const usersAddValidator = [
   body('email').isEmail().withMessage('Should have a valid email'),
   body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
   body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
-  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
+  body('role')
+    .customSanitizer(toIntOrNull)
+    .custom(isUserRoleValid).withMessage('Should have a valid role'),
   body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -51,7 +54,7 @@ const usersAddValidator = [
     const authUser = res.locals.oauth.token.User
     if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) {
       return res.status(403)
-        .json({ error: 'You can only create users (and not administrators or moderators' })
+        .json({ error: 'You can only create users (and not administrators or moderators)' })
     }
 
     return next()
@@ -161,7 +164,10 @@ const usersUpdateValidator = [
   body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'),
   body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
   body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
-  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
+  body('role')
+    .optional()
+    .customSanitizer(toIntOrNull)
+    .custom(isUserRoleValid).withMessage('Should have a valid role'),
   body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -211,6 +217,12 @@ const usersUpdateMeValidator = [
   body('theme')
     .optional()
     .custom(v => isThemeNameValid(v) && isThemeRegistered(v)).withMessage('Should have a valid theme'),
+  body('noInstanceConfigWarningModal')
+    .optional()
+    .custom(v => isNoInstanceConfigWarningModal(v)).withMessage('Should have a valid noInstanceConfigWarningModal boolean'),
+  body('noWelcomeModal')
+    .optional()
+    .custom(v => isNoWelcomeModal(v)).withMessage('Should have a valid noWelcomeModal boolean'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })