aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
authorChocobozzz <florian.bigard@gmail.com>2016-10-07 15:32:09 +0200
committerChocobozzz <florian.bigard@gmail.com>2016-10-07 15:32:09 +0200
commitaf1068ce1d1ca7ecaea5789ece1566987ce712ef (patch)
tree1e4babed3ba16f6abd537799636991b068bac2ea /server
parentb9ab2e25fd7fff1ded999153371fb4699c9abaf1 (diff)
downloadPeerTube-af1068ce1d1ca7ecaea5789ece1566987ce712ef.tar.gz
PeerTube-af1068ce1d1ca7ecaea5789ece1566987ce712ef.tar.zst
PeerTube-af1068ce1d1ca7ecaea5789ece1566987ce712ef.zip
Server: forbid to remove the root user
Diffstat (limited to 'server')
-rw-r--r--server/middlewares/validators/users.js2
-rw-r--r--server/tests/api/check-params.js9
2 files changed, 11 insertions, 0 deletions
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
index d541e9124..02e4f34cb 100644
--- a/server/middlewares/validators/users.js
+++ b/server/middlewares/validators/users.js
@@ -47,6 +47,8 @@ function usersRemove (req, res, next) {
47 47
48 if (!user) return res.status(404).send('User not found') 48 if (!user) return res.status(404).send('User not found')
49 49
50 if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
51
50 next() 52 next()
51 }) 53 })
52 }) 54 })
diff --git a/server/tests/api/check-params.js b/server/tests/api/check-params.js
index 57b5ca024..07f41daab 100644
--- a/server/tests/api/check-params.js
+++ b/server/tests/api/check-params.js
@@ -497,6 +497,7 @@ describe('Test parameters validator', function () {
497 describe('Of the users API', function () { 497 describe('Of the users API', function () {
498 const path = '/api/v1/users/' 498 const path = '/api/v1/users/'
499 let userId = null 499 let userId = null
500 let rootId = null
500 501
501 describe('When listing users', function () { 502 describe('When listing users', function () {
502 it('Should fail with a bad start pagination', function (done) { 503 it('Should fail with a bad start pagination', function (done) {
@@ -626,6 +627,7 @@ describe('Test parameters validator', function () {
626 if (err) throw err 627 if (err) throw err
627 628
628 userId = res.body.data[1].id 629 userId = res.body.data[1].id
630 rootId = res.body.data[2].id
629 done() 631 done()
630 }) 632 })
631 }) 633 })
@@ -691,6 +693,13 @@ describe('Test parameters validator', function () {
691 .expect(400, done) 693 .expect(400, done)
692 }) 694 })
693 695
696 it('Should fail with the root user', function (done) {
697 request(server.url)
698 .delete(path + rootId)
699 .set('Authorization', 'Bearer ' + server.accessToken)
700 .expect(400, done)
701 })
702
694 it('Should return 404 with a non existing id', function (done) { 703 it('Should return 404 with a non existing id', function (done) {
695 request(server.url) 704 request(server.url)
696 .delete(path + '579f982228c99c221d8092b8') 705 .delete(path + '579f982228c99c221d8092b8')