Merge branch 'release/1.4.0' into develop

author: Chocobozzz <me@florianbigard.com> 2019-08-22 14:46:47 +0200
committer: Chocobozzz <me@florianbigard.com> 2019-08-22 14:46:47 +0200
commit: d5c8932a601c1854db0a2e399ccaf26e17385f1a (patch)
tree: 8c38f9d7772c6a2d22dbeb84a7c4de6aaf345aeb /server/middlewares/validators
parent: 2a8ae7595c1b7853c47955b4b9ecb4a7f7a68fc0 (diff)
parent: 820546916cad3ae4cc51eab408aef7bbaff3632f (diff)
download: PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.gz
PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.zst
PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.zip
1 files changed, 8 insertions, 3 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 40dd0f0e9..d51bc27e6 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -39,7 +39,9 @@ const usersAddValidator = [
  body('email').isEmail().withMessage('Should have a valid email'),
  body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
-  body('role').custom(isUserRoleValid).withMessage('Should have a valid role'),
+  body('role')
+    .customSanitizer(toIntOrNull)
+    .custom(isUserRoleValid).withMessage('Should have a valid role'),
  body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
@@ -51,7 +53,7 @@ const usersAddValidator = [
    const authUser = res.locals.oauth.token.User
    if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) {
      return res.status(403)
-        .json({ error: 'You can only create users (and not administrators or moderators' })
+        .json({ error: 'You can only create users (and not administrators or moderators)' })
    }
    return next()
@@ -161,7 +163,10 @@ const usersUpdateValidator = [
  body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'),
  body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'),
  body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'),
-  body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'),
+  body('role')
+    .optional()
+    .customSanitizer(toIntOrNull)
+    .custom(isUserRoleValid).withMessage('Should have a valid role'),
  body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'),
  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
author	Chocobozzz <me@florianbigard.com>	2019-08-22 14:46:47 +0200
committer	Chocobozzz <me@florianbigard.com>	2019-08-22 14:46:47 +0200
commit	d5c8932a601c1854db0a2e399ccaf26e17385f1a (patch)
tree	8c38f9d7772c6a2d22dbeb84a7c4de6aaf345aeb /server/middlewares/validators
parent	2a8ae7595c1b7853c47955b4b9ecb4a7f7a68fc0 (diff)
parent	820546916cad3ae4cc51eab408aef7bbaff3632f (diff)
download	PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.gz PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.tar.zst PeerTube-d5c8932a601c1854db0a2e399ccaf26e17385f1a.zip