diff options
author | Chocobozzz <florian.bigard@gmail.com> | 2016-08-09 21:44:45 +0200 |
---|---|---|
committer | Chocobozzz <florian.bigard@gmail.com> | 2016-08-09 21:44:45 +0200 |
commit | 68a3b9f2aacb0225ae8b883b561b144bac339cbd (patch) | |
tree | e3d75b7952073ba4b2ef4b62ed57ded9f3cf0f1e /server | |
parent | 45b81debd6d6647980da7ad5a984bafa37cb79ea (diff) | |
download | PeerTube-68a3b9f2aacb0225ae8b883b561b144bac339cbd.tar.gz PeerTube-68a3b9f2aacb0225ae8b883b561b144bac339cbd.tar.zst PeerTube-68a3b9f2aacb0225ae8b883b561b144bac339cbd.zip |
Server: delete user with the id and not the username
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/api/v1/users.js | 4 | ||||
-rw-r--r-- | server/middlewares/validators/users.js | 5 | ||||
-rw-r--r-- | server/models/user.js | 5 | ||||
-rw-r--r-- | server/tests/api/checkParams.js | 8 | ||||
-rw-r--r-- | server/tests/api/users.js | 2 | ||||
-rw-r--r-- | server/tests/utils/users.js | 6 |
6 files changed, 18 insertions, 12 deletions
diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js index 057dcaf8d..704df770c 100644 --- a/server/controllers/api/v1/users.js +++ b/server/controllers/api/v1/users.js | |||
@@ -34,7 +34,7 @@ router.put('/:id', | |||
34 | updateUser | 34 | updateUser |
35 | ) | 35 | ) |
36 | 36 | ||
37 | router.delete('/:username', | 37 | router.delete('/:id', |
38 | oAuth.authenticate, | 38 | oAuth.authenticate, |
39 | admin.ensureIsAdmin, | 39 | admin.ensureIsAdmin, |
40 | validatorsUsers.usersRemove, | 40 | validatorsUsers.usersRemove, |
@@ -83,7 +83,7 @@ function listUsers (req, res, next) { | |||
83 | function removeUser (req, res, next) { | 83 | function removeUser (req, res, next) { |
84 | waterfall([ | 84 | waterfall([ |
85 | function getUser (callback) { | 85 | function getUser (callback) { |
86 | User.loadByUsername(req.params.username, callback) | 86 | User.loadById(req.params.id, callback) |
87 | }, | 87 | }, |
88 | 88 | ||
89 | function getVideos (user, callback) { | 89 | function getVideos (user, callback) { |
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js index 175d90bcb..e540ab0d1 100644 --- a/server/middlewares/validators/users.js +++ b/server/middlewares/validators/users.js | |||
@@ -25,12 +25,12 @@ function usersAdd (req, res, next) { | |||
25 | } | 25 | } |
26 | 26 | ||
27 | function usersRemove (req, res, next) { | 27 | function usersRemove (req, res, next) { |
28 | req.checkParams('username', 'Should have a valid username').isUserUsernameValid() | 28 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() |
29 | 29 | ||
30 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) | 30 | logger.debug('Checking usersRemove parameters', { parameters: req.params }) |
31 | 31 | ||
32 | checkErrors(req, res, function () { | 32 | checkErrors(req, res, function () { |
33 | User.loadByUsername(req.params.username, function (err, user) { | 33 | User.loadById(req.params.id, function (err, user) { |
34 | if (err) { | 34 | if (err) { |
35 | logger.error('Error in usersRemove request validator.', { error: err }) | 35 | logger.error('Error in usersRemove request validator.', { error: err }) |
36 | return res.sendStatus(500) | 36 | return res.sendStatus(500) |
@@ -44,6 +44,7 @@ function usersRemove (req, res, next) { | |||
44 | } | 44 | } |
45 | 45 | ||
46 | function usersUpdate (req, res, next) { | 46 | function usersUpdate (req, res, next) { |
47 | req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId() | ||
47 | // Add old password verification | 48 | // Add old password verification |
48 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() | 49 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() |
49 | 50 | ||
diff --git a/server/models/user.js b/server/models/user.js index 0bbd638d4..351ffef86 100644 --- a/server/models/user.js +++ b/server/models/user.js | |||
@@ -21,6 +21,7 @@ UserSchema.methods = { | |||
21 | UserSchema.statics = { | 21 | UserSchema.statics = { |
22 | getByUsernameAndPassword: getByUsernameAndPassword, | 22 | getByUsernameAndPassword: getByUsernameAndPassword, |
23 | list: list, | 23 | list: list, |
24 | loadById: loadById, | ||
24 | loadByUsername: loadByUsername | 25 | loadByUsername: loadByUsername |
25 | } | 26 | } |
26 | 27 | ||
@@ -36,6 +37,10 @@ function list (callback) { | |||
36 | return this.find(callback) | 37 | return this.find(callback) |
37 | } | 38 | } |
38 | 39 | ||
40 | function loadById (id, callback) { | ||
41 | return this.findById(id, callback) | ||
42 | } | ||
43 | |||
39 | function loadByUsername (username, callback) { | 44 | function loadByUsername (username, callback) { |
40 | return this.findOne({ username: username }, callback) | 45 | return this.findOne({ username: username }, callback) |
41 | } | 46 | } |
diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js index 128b07c4a..882948fac 100644 --- a/server/tests/api/checkParams.js +++ b/server/tests/api/checkParams.js | |||
@@ -610,23 +610,23 @@ describe('Test parameters validator', function () { | |||
610 | }) | 610 | }) |
611 | 611 | ||
612 | describe('When removing an user', function () { | 612 | describe('When removing an user', function () { |
613 | it('Should fail with an incorrect username', function (done) { | 613 | it('Should fail with an incorrect id', function (done) { |
614 | request(server.url) | 614 | request(server.url) |
615 | .delete(path + 'bla-bla') | 615 | .delete(path + 'bla-bla') |
616 | .set('Authorization', 'Bearer ' + server.accessToken) | 616 | .set('Authorization', 'Bearer ' + server.accessToken) |
617 | .expect(400, done) | 617 | .expect(400, done) |
618 | }) | 618 | }) |
619 | 619 | ||
620 | it('Should return 404 with a non existing username', function (done) { | 620 | it('Should return 404 with a non existing id', function (done) { |
621 | request(server.url) | 621 | request(server.url) |
622 | .delete(path + 'qzzerg') | 622 | .delete(path + '579f982228c99c221d8092b8') |
623 | .set('Authorization', 'Bearer ' + server.accessToken) | 623 | .set('Authorization', 'Bearer ' + server.accessToken) |
624 | .expect(404, done) | 624 | .expect(404, done) |
625 | }) | 625 | }) |
626 | 626 | ||
627 | it('Should success with the correct parameters', function (done) { | 627 | it('Should success with the correct parameters', function (done) { |
628 | request(server.url) | 628 | request(server.url) |
629 | .delete(path + 'user1') | 629 | .delete(path + userId) |
630 | .set('Authorization', 'Bearer ' + server.accessToken) | 630 | .set('Authorization', 'Bearer ' + server.accessToken) |
631 | .expect(204, done) | 631 | .expect(204, done) |
632 | }) | 632 | }) |
diff --git a/server/tests/api/users.js b/server/tests/api/users.js index 6f9eef181..a2557d2ab 100644 --- a/server/tests/api/users.js +++ b/server/tests/api/users.js | |||
@@ -235,7 +235,7 @@ describe('Test users', function () { | |||
235 | }) | 235 | }) |
236 | 236 | ||
237 | it('Should be able to remove this user', function (done) { | 237 | it('Should be able to remove this user', function (done) { |
238 | usersUtils.removeUser(server.url, accessToken, 'user_1', done) | 238 | usersUtils.removeUser(server.url, userId, accessToken, done) |
239 | }) | 239 | }) |
240 | 240 | ||
241 | it('Should not be able to login with this user', function (done) { | 241 | it('Should not be able to login with this user', function (done) { |
diff --git a/server/tests/utils/users.js b/server/tests/utils/users.js index ed7a9d672..3b560e409 100644 --- a/server/tests/utils/users.js +++ b/server/tests/utils/users.js | |||
@@ -52,7 +52,7 @@ function getUsersList (url, end) { | |||
52 | .end(end) | 52 | .end(end) |
53 | } | 53 | } |
54 | 54 | ||
55 | function removeUser (url, token, username, expectedStatus, end) { | 55 | function removeUser (url, userId, accessToken, expectedStatus, end) { |
56 | if (!end) { | 56 | if (!end) { |
57 | end = expectedStatus | 57 | end = expectedStatus |
58 | expectedStatus = 204 | 58 | expectedStatus = 204 |
@@ -61,9 +61,9 @@ function removeUser (url, token, username, expectedStatus, end) { | |||
61 | const path = '/api/v1/users' | 61 | const path = '/api/v1/users' |
62 | 62 | ||
63 | request(url) | 63 | request(url) |
64 | .delete(path + '/' + username) | 64 | .delete(path + '/' + userId) |
65 | .set('Accept', 'application/json') | 65 | .set('Accept', 'application/json') |
66 | .set('Authorization', 'Bearer ' + token) | 66 | .set('Authorization', 'Bearer ' + accessToken) |
67 | .expect(expectedStatus) | 67 | .expect(expectedStatus) |
68 | .end(end) | 68 | .end(end) |
69 | } | 69 | } |