diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-10-07 15:32:09 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-10-07 15:32:09 +0200 |
commit | af1068ce1d1ca7ecaea5789ece1566987ce712ef (patch) | |
tree | 1e4babed3ba16f6abd537799636991b068bac2ea /server | |
parent | b9ab2e25fd7fff1ded999153371fb4699c9abaf1 (diff) | |
download | PeerTube-af1068ce1d1ca7ecaea5789ece1566987ce712ef.tar.gz PeerTube-af1068ce1d1ca7ecaea5789ece1566987ce712ef.tar.zst PeerTube-af1068ce1d1ca7ecaea5789ece1566987ce712ef.zip |
Server: forbid to remove the root user
Diffstat (limited to 'server')
-rw-r--r-- | server/middlewares/validators/users.js | 2 | ||||
-rw-r--r-- | server/tests/api/check-params.js | 9 |
2 files changed, 11 insertions, 0 deletions
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js index d541e9124..02e4f34cb 100644 --- a/server/middlewares/validators/users.js +++ b/server/middlewares/validators/users.js | |||
@@ -47,6 +47,8 @@ function usersRemove (req, res, next) { | |||
47 | 47 | ||
48 | if (!user) return res.status(404).send('User not found') | 48 | if (!user) return res.status(404).send('User not found') |
49 | 49 | ||
50 | if (user.username === 'root') return res.status(400).send('Cannot remove the root user') | ||
51 | |||
50 | next() | 52 | next() |
51 | }) | 53 | }) |
52 | }) | 54 | }) |
diff --git a/server/tests/api/check-params.js b/server/tests/api/check-params.js index 57b5ca024..07f41daab 100644 --- a/server/tests/api/check-params.js +++ b/server/tests/api/check-params.js | |||
@@ -497,6 +497,7 @@ describe('Test parameters validator', function () { | |||
497 | describe('Of the users API', function () { | 497 | describe('Of the users API', function () { |
498 | const path = '/api/v1/users/' | 498 | const path = '/api/v1/users/' |
499 | let userId = null | 499 | let userId = null |
500 | let rootId = null | ||
500 | 501 | ||
501 | describe('When listing users', function () { | 502 | describe('When listing users', function () { |
502 | it('Should fail with a bad start pagination', function (done) { | 503 | it('Should fail with a bad start pagination', function (done) { |
@@ -626,6 +627,7 @@ describe('Test parameters validator', function () { | |||
626 | if (err) throw err | 627 | if (err) throw err |
627 | 628 | ||
628 | userId = res.body.data[1].id | 629 | userId = res.body.data[1].id |
630 | rootId = res.body.data[2].id | ||
629 | done() | 631 | done() |
630 | }) | 632 | }) |
631 | }) | 633 | }) |
@@ -691,6 +693,13 @@ describe('Test parameters validator', function () { | |||
691 | .expect(400, done) | 693 | .expect(400, done) |
692 | }) | 694 | }) |
693 | 695 | ||
696 | it('Should fail with the root user', function (done) { | ||
697 | request(server.url) | ||
698 | .delete(path + rootId) | ||
699 | .set('Authorization', 'Bearer ' + server.accessToken) | ||
700 | .expect(400, done) | ||
701 | }) | ||
702 | |||
694 | it('Should return 404 with a non existing id', function (done) { | 703 | it('Should return 404 with a non existing id', function (done) { |
695 | request(server.url) | 704 | request(server.url) |
696 | .delete(path + '579f982228c99c221d8092b8') | 705 | .delete(path + '579f982228c99c221d8092b8') |