diff options
author | Chocobozzz <me@florianbigard.com> | 2019-02-11 09:30:29 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2019-02-11 10:37:27 +0100 |
commit | b426edd4854adc6e65844d8c54b8998e792b5778 (patch) | |
tree | b9ef4da0cdb2ab14c0aa1d67a883303f3ed0de14 /server/controllers/api | |
parent | 67b1d3fed765278bdc876cce393ef56d56942df0 (diff) | |
download | PeerTube-b426edd4854adc6e65844d8c54b8998e792b5778.tar.gz PeerTube-b426edd4854adc6e65844d8c54b8998e792b5778.tar.zst PeerTube-b426edd4854adc6e65844d8c54b8998e792b5778.zip |
Cleanup reset user password by admin
And add some tests
Diffstat (limited to 'server/controllers/api')
-rw-r--r-- | server/controllers/api/users/index.ts | 20 | ||||
-rw-r--r-- | server/controllers/api/users/me.ts | 2 |
2 files changed, 11 insertions, 11 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index beac6d8b1..e3533a7f6 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts | |||
@@ -3,7 +3,6 @@ import * as RateLimit from 'express-rate-limit' | |||
3 | import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' | 3 | import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' |
4 | import { logger } from '../../../helpers/logger' | 4 | import { logger } from '../../../helpers/logger' |
5 | import { getFormattedObjects } from '../../../helpers/utils' | 5 | import { getFormattedObjects } from '../../../helpers/utils' |
6 | import { pseudoRandomBytesPromise } from '../../../helpers/core-utils' | ||
7 | import { CONFIG, RATES_LIMIT, sequelizeTypescript } from '../../../initializers' | 6 | import { CONFIG, RATES_LIMIT, sequelizeTypescript } from '../../../initializers' |
8 | import { Emailer } from '../../../lib/emailer' | 7 | import { Emailer } from '../../../lib/emailer' |
9 | import { Redis } from '../../../lib/redis' | 8 | import { Redis } from '../../../lib/redis' |
@@ -230,7 +229,7 @@ async function unblockUser (req: express.Request, res: express.Response, next: e | |||
230 | return res.status(204).end() | 229 | return res.status(204).end() |
231 | } | 230 | } |
232 | 231 | ||
233 | async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 232 | async function blockUser (req: express.Request, res: express.Response) { |
234 | const user: UserModel = res.locals.user | 233 | const user: UserModel = res.locals.user |
235 | const reason = req.body.reason | 234 | const reason = req.body.reason |
236 | 235 | ||
@@ -239,23 +238,23 @@ async function blockUser (req: express.Request, res: express.Response, next: exp | |||
239 | return res.status(204).end() | 238 | return res.status(204).end() |
240 | } | 239 | } |
241 | 240 | ||
242 | function getUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 241 | function getUser (req: express.Request, res: express.Response) { |
243 | return res.json((res.locals.user as UserModel).toFormattedJSON()) | 242 | return res.json((res.locals.user as UserModel).toFormattedJSON()) |
244 | } | 243 | } |
245 | 244 | ||
246 | async function autocompleteUsers (req: express.Request, res: express.Response, next: express.NextFunction) { | 245 | async function autocompleteUsers (req: express.Request, res: express.Response) { |
247 | const resultList = await UserModel.autoComplete(req.query.search as string) | 246 | const resultList = await UserModel.autoComplete(req.query.search as string) |
248 | 247 | ||
249 | return res.json(resultList) | 248 | return res.json(resultList) |
250 | } | 249 | } |
251 | 250 | ||
252 | async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) { | 251 | async function listUsers (req: express.Request, res: express.Response) { |
253 | const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort, req.query.search) | 252 | const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort, req.query.search) |
254 | 253 | ||
255 | return res.json(getFormattedObjects(resultList.data, resultList.total)) | 254 | return res.json(getFormattedObjects(resultList.data, resultList.total)) |
256 | } | 255 | } |
257 | 256 | ||
258 | async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 257 | async function removeUser (req: express.Request, res: express.Response) { |
259 | const user: UserModel = res.locals.user | 258 | const user: UserModel = res.locals.user |
260 | 259 | ||
261 | await user.destroy() | 260 | await user.destroy() |
@@ -265,12 +264,13 @@ async function removeUser (req: express.Request, res: express.Response, next: ex | |||
265 | return res.sendStatus(204) | 264 | return res.sendStatus(204) |
266 | } | 265 | } |
267 | 266 | ||
268 | async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { | 267 | async function updateUser (req: express.Request, res: express.Response) { |
269 | const body: UserUpdate = req.body | 268 | const body: UserUpdate = req.body |
270 | const userToUpdate = res.locals.user as UserModel | 269 | const userToUpdate = res.locals.user as UserModel |
271 | const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON()) | 270 | const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON()) |
272 | const roleChanged = body.role !== undefined && body.role !== userToUpdate.role | 271 | const roleChanged = body.role !== undefined && body.role !== userToUpdate.role |
273 | 272 | ||
273 | if (body.password !== undefined) userToUpdate.password = body.password | ||
274 | if (body.email !== undefined) userToUpdate.email = body.email | 274 | if (body.email !== undefined) userToUpdate.email = body.email |
275 | if (body.emailVerified !== undefined) userToUpdate.emailVerified = body.emailVerified | 275 | if (body.emailVerified !== undefined) userToUpdate.emailVerified = body.emailVerified |
276 | if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota | 276 | if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota |
@@ -280,11 +280,11 @@ async function updateUser (req: express.Request, res: express.Response, next: ex | |||
280 | const user = await userToUpdate.save() | 280 | const user = await userToUpdate.save() |
281 | 281 | ||
282 | // Destroy user token to refresh rights | 282 | // Destroy user token to refresh rights |
283 | if (roleChanged) await deleteUserToken(userToUpdate.id) | 283 | if (roleChanged || body.password !== undefined) await deleteUserToken(userToUpdate.id) |
284 | 284 | ||
285 | auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView) | 285 | auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView) |
286 | 286 | ||
287 | // Don't need to send this update to followers, these attributes are not propagated | 287 | // Don't need to send this update to followers, these attributes are not federated |
288 | 288 | ||
289 | return res.sendStatus(204) | 289 | return res.sendStatus(204) |
290 | } | 290 | } |
@@ -294,7 +294,7 @@ async function askResetUserPassword (req: express.Request, res: express.Response | |||
294 | 294 | ||
295 | const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id) | 295 | const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id) |
296 | const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString | 296 | const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString |
297 | await Emailer.Instance.addForgetPasswordEmailJob(user.email, url) | 297 | await Emailer.Instance.addPasswordResetEmailJob(user.email, url) |
298 | 298 | ||
299 | return res.status(204).end() | 299 | return res.status(204).end() |
300 | } | 300 | } |
diff --git a/server/controllers/api/users/me.ts b/server/controllers/api/users/me.ts index 94a2b8732..d5e154869 100644 --- a/server/controllers/api/users/me.ts +++ b/server/controllers/api/users/me.ts | |||
@@ -167,7 +167,7 @@ async function deleteMe (req: express.Request, res: express.Response) { | |||
167 | return res.sendStatus(204) | 167 | return res.sendStatus(204) |
168 | } | 168 | } |
169 | 169 | ||
170 | async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) { | 170 | async function updateMe (req: express.Request, res: express.Response) { |
171 | const body: UserUpdateMe = req.body | 171 | const body: UserUpdateMe = req.body |
172 | 172 | ||
173 | const user: UserModel = res.locals.oauth.token.user | 173 | const user: UserModel = res.locals.oauth.token.user |