diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2017-11-29 13:18:05 +0100 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2017-11-29 13:18:05 +0100 |
commit | 86d13ec2aa94ec10810ddf9c8b33314bd4968791 (patch) | |
tree | 5c4175325362df2a92e367dc4077e53a700bfbad | |
parent | 165cdc75bf1942ed687f78094c2bd366839a7c99 (diff) | |
download | PeerTube-86d13ec2aa94ec10810ddf9c8b33314bd4968791.tar.gz PeerTube-86d13ec2aa94ec10810ddf9c8b33314bd4968791.tar.zst PeerTube-86d13ec2aa94ec10810ddf9c8b33314bd4968791.zip |
Users list only available when use is authenticated
And has a special right
-rw-r--r-- | server.ts | 2 | ||||
-rw-r--r-- | server/controllers/api/users.ts | 2 | ||||
-rw-r--r-- | server/tests/api/check-params/users.ts | 20 | ||||
-rw-r--r-- | server/tests/api/users.ts | 14 | ||||
-rw-r--r-- | server/tests/utils/users.ts | 6 |
5 files changed, 35 insertions, 9 deletions
@@ -77,7 +77,7 @@ app.use(morgan('combined', { | |||
77 | })) | 77 | })) |
78 | // For body requests | 78 | // For body requests |
79 | app.use(bodyParser.json({ | 79 | app.use(bodyParser.json({ |
80 | type: 'application/*+json', | 80 | type: [ 'application/json', 'application/*+json' ], |
81 | limit: '500kb' | 81 | limit: '500kb' |
82 | })) | 82 | })) |
83 | app.use(bodyParser.urlencoded({ extended: false })) | 83 | app.use(bodyParser.urlencoded({ extended: false })) |
diff --git a/server/controllers/api/users.ts b/server/controllers/api/users.ts index 721b23301..f9b871724 100644 --- a/server/controllers/api/users.ts +++ b/server/controllers/api/users.ts | |||
@@ -48,6 +48,8 @@ usersRouter.get('/me/videos/:videoId/rating', | |||
48 | ) | 48 | ) |
49 | 49 | ||
50 | usersRouter.get('/', | 50 | usersRouter.get('/', |
51 | authenticate, | ||
52 | ensureUserHasRight(UserRight.MANAGE_USERS), | ||
51 | paginationValidator, | 53 | paginationValidator, |
52 | usersSortValidator, | 54 | usersSortValidator, |
53 | setUsersSort, | 55 | setUsersSort, |
diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 578fece49..1e3533bf3 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts | |||
@@ -67,6 +67,7 @@ describe('Test users API validators', function () { | |||
67 | .get(path) | 67 | .get(path) |
68 | .query({ start: 'hello' }) | 68 | .query({ start: 'hello' }) |
69 | .set('Accept', 'application/json') | 69 | .set('Accept', 'application/json') |
70 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
70 | .expect(400) | 71 | .expect(400) |
71 | }) | 72 | }) |
72 | 73 | ||
@@ -75,6 +76,7 @@ describe('Test users API validators', function () { | |||
75 | .get(path) | 76 | .get(path) |
76 | .query({ count: 'hello' }) | 77 | .query({ count: 'hello' }) |
77 | .set('Accept', 'application/json') | 78 | .set('Accept', 'application/json') |
79 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
78 | .expect(400) | 80 | .expect(400) |
79 | }) | 81 | }) |
80 | 82 | ||
@@ -83,8 +85,24 @@ describe('Test users API validators', function () { | |||
83 | .get(path) | 85 | .get(path) |
84 | .query({ sort: 'hello' }) | 86 | .query({ sort: 'hello' }) |
85 | .set('Accept', 'application/json') | 87 | .set('Accept', 'application/json') |
88 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
86 | .expect(400) | 89 | .expect(400) |
87 | }) | 90 | }) |
91 | |||
92 | it('Should fail with a non authenticated user', async function () { | ||
93 | await request(server.url) | ||
94 | .get(path) | ||
95 | .set('Accept', 'application/json') | ||
96 | .expect(401) | ||
97 | }) | ||
98 | |||
99 | it('Should fail with a non admin user', async function () { | ||
100 | await request(server.url) | ||
101 | .get(path) | ||
102 | .set('Accept', 'application/json') | ||
103 | .set('Authorization', 'Bearer ' + userAccessToken) | ||
104 | .expect(403) | ||
105 | }) | ||
88 | }) | 106 | }) |
89 | 107 | ||
90 | describe('When adding a new user', function () { | 108 | describe('When adding a new user', function () { |
@@ -354,7 +372,7 @@ describe('Test users API validators', function () { | |||
354 | describe('When updating a user', function () { | 372 | describe('When updating a user', function () { |
355 | 373 | ||
356 | before(async function () { | 374 | before(async function () { |
357 | const res = await getUsersList(server.url) | 375 | const res = await getUsersList(server.url, server.accessToken) |
358 | 376 | ||
359 | userId = res.body.data[1].id | 377 | userId = res.body.data[1].id |
360 | rootId = res.body.data[2].id | 378 | rootId = res.body.data[2].id |
diff --git a/server/tests/api/users.ts b/server/tests/api/users.ts index 5c0531571..33646e84f 100644 --- a/server/tests/api/users.ts +++ b/server/tests/api/users.ts | |||
@@ -1,4 +1,5 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | 1 | /* tslint:disable:no-unused-expression */ |
2 | |||
2 | import * as chai from 'chai' | 3 | import * as chai from 'chai' |
3 | import 'mocha' | 4 | import 'mocha' |
4 | import { UserRole } from '../../../shared' | 5 | import { UserRole } from '../../../shared' |
@@ -28,6 +29,7 @@ import { | |||
28 | } from '../utils' | 29 | } from '../utils' |
29 | import { follow } from '../utils/follows' | 30 | import { follow } from '../utils/follows' |
30 | import { getMyVideos } from '../utils/videos' | 31 | import { getMyVideos } from '../utils/videos' |
32 | import { setAccessTokensToServers } from '../utils/login' | ||
31 | 33 | ||
32 | const expect = chai.expect | 34 | const expect = chai.expect |
33 | 35 | ||
@@ -43,6 +45,8 @@ describe('Test users', function () { | |||
43 | 45 | ||
44 | await flushTests() | 46 | await flushTests() |
45 | server = await runServer(1) | 47 | server = await runServer(1) |
48 | |||
49 | await setAccessTokensToServers([ server ]) | ||
46 | }) | 50 | }) |
47 | 51 | ||
48 | it('Should create a new client') | 52 | it('Should create a new client') |
@@ -242,7 +246,7 @@ describe('Test users', function () { | |||
242 | }) | 246 | }) |
243 | 247 | ||
244 | it('Should list all the users', async function () { | 248 | it('Should list all the users', async function () { |
245 | const res = await getUsersList(server.url) | 249 | const res = await getUsersList(server.url, server.accessToken) |
246 | const result = res.body | 250 | const result = res.body |
247 | const total = result.total | 251 | const total = result.total |
248 | const users = result.data | 252 | const users = result.data |
@@ -280,7 +284,7 @@ describe('Test users', function () { | |||
280 | }) | 284 | }) |
281 | 285 | ||
282 | it('Should list only the first user by username asc', async function () { | 286 | it('Should list only the first user by username asc', async function () { |
283 | const res = await getUsersListPaginationAndSort(server.url, 0, 1, 'username') | 287 | const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, 'username') |
284 | 288 | ||
285 | const result = res.body | 289 | const result = res.body |
286 | const total = result.total | 290 | const total = result.total |
@@ -307,7 +311,7 @@ describe('Test users', function () { | |||
307 | }) | 311 | }) |
308 | 312 | ||
309 | it('Should list only the first user by username desc', async function () { | 313 | it('Should list only the first user by username desc', async function () { |
310 | const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-username') | 314 | const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-username') |
311 | const result = res.body | 315 | const result = res.body |
312 | const total = result.total | 316 | const total = result.total |
313 | const users = result.data | 317 | const users = result.data |
@@ -330,7 +334,7 @@ describe('Test users', function () { | |||
330 | }) | 334 | }) |
331 | 335 | ||
332 | it('Should list only the second user by createdAt desc', async function () { | 336 | it('Should list only the second user by createdAt desc', async function () { |
333 | const res = await getUsersListPaginationAndSort(server.url, 0, 1, '-createdAt') | 337 | const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 1, '-createdAt') |
334 | const result = res.body | 338 | const result = res.body |
335 | const total = result.total | 339 | const total = result.total |
336 | const users = result.data | 340 | const users = result.data |
@@ -353,7 +357,7 @@ describe('Test users', function () { | |||
353 | }) | 357 | }) |
354 | 358 | ||
355 | it('Should list all the users by createdAt asc', async function () { | 359 | it('Should list all the users by createdAt asc', async function () { |
356 | const res = await getUsersListPaginationAndSort(server.url, 0, 2, 'createdAt') | 360 | const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt') |
357 | const result = res.body | 361 | const result = res.body |
358 | const total = result.total | 362 | const total = result.total |
359 | const users = result.data | 363 | const users = result.data |
diff --git a/server/tests/utils/users.ts b/server/tests/utils/users.ts index 12569dd42..ce04b9d96 100644 --- a/server/tests/utils/users.ts +++ b/server/tests/utils/users.ts | |||
@@ -76,17 +76,18 @@ function getUserVideoRating (url: string, accessToken: string, videoId: number) | |||
76 | .expect('Content-Type', /json/) | 76 | .expect('Content-Type', /json/) |
77 | } | 77 | } |
78 | 78 | ||
79 | function getUsersList (url: string) { | 79 | function getUsersList (url: string, accessToken: string) { |
80 | const path = '/api/v1/users' | 80 | const path = '/api/v1/users' |
81 | 81 | ||
82 | return request(url) | 82 | return request(url) |
83 | .get(path) | 83 | .get(path) |
84 | .set('Accept', 'application/json') | 84 | .set('Accept', 'application/json') |
85 | .set('Authorization', 'Bearer ' + accessToken) | ||
85 | .expect(200) | 86 | .expect(200) |
86 | .expect('Content-Type', /json/) | 87 | .expect('Content-Type', /json/) |
87 | } | 88 | } |
88 | 89 | ||
89 | function getUsersListPaginationAndSort (url: string, start: number, count: number, sort: string) { | 90 | function getUsersListPaginationAndSort (url: string, accessToken: string, start: number, count: number, sort: string) { |
90 | const path = '/api/v1/users' | 91 | const path = '/api/v1/users' |
91 | 92 | ||
92 | return request(url) | 93 | return request(url) |
@@ -95,6 +96,7 @@ function getUsersListPaginationAndSort (url: string, start: number, count: numbe | |||
95 | .query({ count }) | 96 | .query({ count }) |
96 | .query({ sort }) | 97 | .query({ sort }) |
97 | .set('Accept', 'application/json') | 98 | .set('Accept', 'application/json') |
99 | .set('Authorization', 'Bearer ' + accessToken) | ||
98 | .expect(200) | 100 | .expect(200) |
99 | .expect('Content-Type', /json/) | 101 | .expect('Content-Type', /json/) |
100 | } | 102 | } |