X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fmiddlewares%2Fvalidators%2Fusers.ts;h=452c7fb930d2af67ccb8bd549e8836794957277a;hb=fb7194043d0486ce0a6a40b2ffbdf32878c33a6f;hp=8ee2ec1f59390be2a481bf6653751cd2ae3e6e15;hpb=dea16773dfcc4e38e48c2980731af6e2a17a7aa6;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 8ee2ec1f5..452c7fb93 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,16 +1,20 @@
 import * as Bluebird from 'bluebird'
 import * as express from 'express'
-import { body, param } from 'express-validator'
+import { body, param, query } from 'express-validator'
 import { omit } from 'lodash'
 import { isIdOrUUIDValid, toBooleanOrNull, toIntOrNull } from '../../helpers/custom-validators/misc'
 import {
+  isNoInstanceConfigWarningModal,
+  isNoWelcomeModal,
   isUserAdminFlagsValid,
+  isUserAutoPlayNextVideoValid,
   isUserAutoPlayVideoValid,
   isUserBlockedReasonValid,
   isUserDescriptionValid,
   isUserDisplayNameValid,
   isUserNSFWPolicyValid,
   isUserPasswordValid,
+  isUserPasswordValidOrEmpty,
   isUserRoleValid,
   isUserUsernameValid,
   isUserVideoLanguages,
@@ -31,11 +35,28 @@ import { isThemeNameValid } from '../../helpers/custom-validators/plugins'
 import { isThemeRegistered } from '../../lib/plugins/theme-utils'
 import { doesVideoExist } from '../../helpers/middlewares'
 import { UserRole } from '../../../shared/models/users'
+import { MUserDefault } from '@server/types/models'
+import { Hooks } from '@server/lib/plugins/hooks'
+
+const usersListValidator = [
+  query('blocked')
+    .optional()
+    .isBoolean().withMessage('Should be a valid boolean banned state'),
+
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersList parameters', { parameters: req.query })
+
+    if (areValidationErrors(req, res)) return
+
+    return next()
+  }
+]
 
 const usersAddValidator = [
   body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
-  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
+  body('password').custom(isUserPasswordValidOrEmpty).withMessage('Should have a valid password'),
   body('email').isEmail().withMessage('Should have a valid email'),
+  body('channelName').optional().custom(isActorPreferredUsernameValid).withMessage('Should have a valid channel name'),
   body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
   body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
   body('role')
@@ -55,6 +76,19 @@ const usersAddValidator = [
         .json({ error: 'You can only create users (and not administrators or moderators)' })
     }
 
+    if (req.body.channelName) {
+      if (req.body.channelName === req.body.username) {
+        return res.status(400)
+          .json({ error: 'Channel name cannot be the same as user username.' })
+      }
+
+      const existing = await ActorModel.loadLocalByName(req.body.channelName)
+      if (existing) {
+        return res.status(409)
+          .json({ error: `Channel with name ${req.body.channelName} already exists.` })
+      }
+    }
+
     return next()
   }
 ]
@@ -89,7 +123,7 @@ const usersRegisterValidator = [
 
       if (body.channel.name === body.username) {
         return res.status(400)
-                  .json({ error: 'Channel name cannot be the same than user username.' })
+                  .json({ error: 'Channel name cannot be the same as user username.' })
       }
 
       const existing = await ActorModel.loadLocalByName(body.channel.name)
@@ -143,7 +177,7 @@ const usersBlockingValidator = [
 ]
 
 const deleteMeValidator = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user = res.locals.oauth.token.User
     if (user.username === 'root') {
       return res.status(400)
@@ -215,18 +249,32 @@ const usersUpdateMeValidator = [
   body('theme')
     .optional()
     .custom(v => isThemeNameValid(v) && isThemeRegistered(v)).withMessage('Should have a valid theme'),
+  body('noInstanceConfigWarningModal')
+    .optional()
+    .custom(v => isNoInstanceConfigWarningModal(v)).withMessage('Should have a valid noInstanceConfigWarningModal boolean'),
+  body('noWelcomeModal')
+    .optional()
+    .custom(v => isNoWelcomeModal(v)).withMessage('Should have a valid noWelcomeModal boolean'),
+  body('autoPlayNextVideo')
+    .optional()
+    .custom(v => isUserAutoPlayNextVideoValid(v)).withMessage('Should have a valid autoPlayNextVideo boolean'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
 
+    const user = res.locals.oauth.token.User
+
     if (req.body.password || req.body.email) {
+      if (user.pluginAuth !== null) {
+        return res.status(400)
+                  .json({ error: 'You cannot update your email or password that is associated with an external auth system.' })
+      }
+
       if (!req.body.currentPassword) {
         return res.status(400)
                   .json({ error: 'currentPassword parameter is missing.' })
-                  .end()
       }
 
-      const user = res.locals.oauth.token.User
       if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
         return res.status(401)
                   .json({ error: 'currentPassword is invalid.' })
@@ -241,12 +289,13 @@ const usersUpdateMeValidator = [
 
 const usersGetValidator = [
   param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+  query('withStats').optional().isBoolean().withMessage('Should have a valid stats flag'),
 
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
     logger.debug('Checking usersGet parameters', { parameters: req.params })
 
     if (areValidationErrors(req, res)) return
-    if (!await checkUserIdExist(req.params.id, res)) return
+    if (!await checkUserIdExist(req.params.id, res, req.query.withStats)) return
 
     return next()
   }
@@ -267,10 +316,20 @@ const usersVideoRatingValidator = [
 
 const ensureUserRegistrationAllowed = [
   async (req: express.Request, res: express.Response, next: express.NextFunction) => {
-    const allowed = await isSignupAllowed()
-    if (allowed === false) {
+    const allowedParams = {
+      body: req.body,
+      ip: req.ip
+    }
+
+    const allowedResult = await Hooks.wrapPromiseFun(
+      isSignupAllowed,
+      allowedParams,
+      'filter:api.user.signup.allowed.result'
+    )
+
+    if (allowedResult.allowed === false) {
       return res.status(403)
-                .json({ error: 'User registration is not enabled or user limit is reached.' })
+                .json({ error: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.' })
     }
 
     return next()
@@ -278,7 +337,7 @@ const ensureUserRegistrationAllowed = [
 ]
 
 const ensureUserRegistrationAllowedForIP = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const allowed = isSignupAllowedForCurrentIP(req.ip)
 
     if (allowed === false) {
@@ -385,7 +444,7 @@ const userAutocompleteValidator = [
 ]
 
 const ensureAuthUserOwnsAccountValidator = [
-  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+  (req: express.Request, res: express.Response, next: express.NextFunction) => {
     const user = res.locals.oauth.token.User
 
     if (res.locals.account.id !== user.Account.id) {
@@ -413,6 +472,7 @@ const ensureCanManageUser = [
 // ---------------------------------------------------------------------------
 
 export {
+  usersListValidator,
   usersAddValidator,
   deleteMeValidator,
   usersRegisterValidator,
@@ -435,8 +495,9 @@ export {
 
 // ---------------------------------------------------------------------------
 
-function checkUserIdExist (id: number, res: express.Response) {
-  return checkUserExist(() => UserModel.loadById(id), res)
+function checkUserIdExist (idArg: number | string, res: express.Response, withStats = false) {
+  const id = parseInt(idArg + '', 10)
+  return checkUserExist(() => UserModel.loadByIdWithChannels(id, withStats), res)
 }
 
 function checkUserEmailExist (email: string, res: express.Response, abortResponse = true) {
@@ -462,7 +523,7 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email:
   return true
 }
 
-async function checkUserExist (finder: () => Bluebird<UserModel>, res: express.Response, abortResponse = true) {
+async function checkUserExist (finder: () => Bluebird<MUserDefault>, res: express.Response, abortResponse = true) {
   const user = await finder()
 
   if (!user) {