aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
-rw-r--r--server/controllers/api/v1/users.js4
-rw-r--r--server/middlewares/validators/users.js5
-rw-r--r--server/models/user.js5
-rw-r--r--server/tests/api/checkParams.js8
-rw-r--r--server/tests/api/users.js2
-rw-r--r--server/tests/utils/users.js6
6 files changed, 18 insertions, 12 deletions
diff --git a/server/controllers/api/v1/users.js b/server/controllers/api/v1/users.js
index 057dcaf8d..704df770c 100644
--- a/server/controllers/api/v1/users.js
+++ b/server/controllers/api/v1/users.js
@@ -34,7 +34,7 @@ router.put('/:id',
34 updateUser 34 updateUser
35) 35)
36 36
37router.delete('/:username', 37router.delete('/:id',
38 oAuth.authenticate, 38 oAuth.authenticate,
39 admin.ensureIsAdmin, 39 admin.ensureIsAdmin,
40 validatorsUsers.usersRemove, 40 validatorsUsers.usersRemove,
@@ -83,7 +83,7 @@ function listUsers (req, res, next) {
83function removeUser (req, res, next) { 83function removeUser (req, res, next) {
84 waterfall([ 84 waterfall([
85 function getUser (callback) { 85 function getUser (callback) {
86 User.loadByUsername(req.params.username, callback) 86 User.loadById(req.params.id, callback)
87 }, 87 },
88 88
89 function getVideos (user, callback) { 89 function getVideos (user, callback) {
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
index 175d90bcb..e540ab0d1 100644
--- a/server/middlewares/validators/users.js
+++ b/server/middlewares/validators/users.js
@@ -25,12 +25,12 @@ function usersAdd (req, res, next) {
25} 25}
26 26
27function usersRemove (req, res, next) { 27function usersRemove (req, res, next) {
28 req.checkParams('username', 'Should have a valid username').isUserUsernameValid() 28 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
29 29
30 logger.debug('Checking usersRemove parameters', { parameters: req.params }) 30 logger.debug('Checking usersRemove parameters', { parameters: req.params })
31 31
32 checkErrors(req, res, function () { 32 checkErrors(req, res, function () {
33 User.loadByUsername(req.params.username, function (err, user) { 33 User.loadById(req.params.id, function (err, user) {
34 if (err) { 34 if (err) {
35 logger.error('Error in usersRemove request validator.', { error: err }) 35 logger.error('Error in usersRemove request validator.', { error: err })
36 return res.sendStatus(500) 36 return res.sendStatus(500)
@@ -44,6 +44,7 @@ function usersRemove (req, res, next) {
44} 44}
45 45
46function usersUpdate (req, res, next) { 46function usersUpdate (req, res, next) {
47 req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
47 // Add old password verification 48 // Add old password verification
48 req.checkBody('password', 'Should have a valid password').isUserPasswordValid() 49 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
49 50
diff --git a/server/models/user.js b/server/models/user.js
index 0bbd638d4..351ffef86 100644
--- a/server/models/user.js
+++ b/server/models/user.js
@@ -21,6 +21,7 @@ UserSchema.methods = {
21UserSchema.statics = { 21UserSchema.statics = {
22 getByUsernameAndPassword: getByUsernameAndPassword, 22 getByUsernameAndPassword: getByUsernameAndPassword,
23 list: list, 23 list: list,
24 loadById: loadById,
24 loadByUsername: loadByUsername 25 loadByUsername: loadByUsername
25} 26}
26 27
@@ -36,6 +37,10 @@ function list (callback) {
36 return this.find(callback) 37 return this.find(callback)
37} 38}
38 39
40function loadById (id, callback) {
41 return this.findById(id, callback)
42}
43
39function loadByUsername (username, callback) { 44function loadByUsername (username, callback) {
40 return this.findOne({ username: username }, callback) 45 return this.findOne({ username: username }, callback)
41} 46}
diff --git a/server/tests/api/checkParams.js b/server/tests/api/checkParams.js
index 128b07c4a..882948fac 100644
--- a/server/tests/api/checkParams.js
+++ b/server/tests/api/checkParams.js
@@ -610,23 +610,23 @@ describe('Test parameters validator', function () {
610 }) 610 })
611 611
612 describe('When removing an user', function () { 612 describe('When removing an user', function () {
613 it('Should fail with an incorrect username', function (done) { 613 it('Should fail with an incorrect id', function (done) {
614 request(server.url) 614 request(server.url)
615 .delete(path + 'bla-bla') 615 .delete(path + 'bla-bla')
616 .set('Authorization', 'Bearer ' + server.accessToken) 616 .set('Authorization', 'Bearer ' + server.accessToken)
617 .expect(400, done) 617 .expect(400, done)
618 }) 618 })
619 619
620 it('Should return 404 with a non existing username', function (done) { 620 it('Should return 404 with a non existing id', function (done) {
621 request(server.url) 621 request(server.url)
622 .delete(path + 'qzzerg') 622 .delete(path + '579f982228c99c221d8092b8')
623 .set('Authorization', 'Bearer ' + server.accessToken) 623 .set('Authorization', 'Bearer ' + server.accessToken)
624 .expect(404, done) 624 .expect(404, done)
625 }) 625 })
626 626
627 it('Should success with the correct parameters', function (done) { 627 it('Should success with the correct parameters', function (done) {
628 request(server.url) 628 request(server.url)
629 .delete(path + 'user1') 629 .delete(path + userId)
630 .set('Authorization', 'Bearer ' + server.accessToken) 630 .set('Authorization', 'Bearer ' + server.accessToken)
631 .expect(204, done) 631 .expect(204, done)
632 }) 632 })
diff --git a/server/tests/api/users.js b/server/tests/api/users.js
index 6f9eef181..a2557d2ab 100644
--- a/server/tests/api/users.js
+++ b/server/tests/api/users.js
@@ -235,7 +235,7 @@ describe('Test users', function () {
235 }) 235 })
236 236
237 it('Should be able to remove this user', function (done) { 237 it('Should be able to remove this user', function (done) {
238 usersUtils.removeUser(server.url, accessToken, 'user_1', done) 238 usersUtils.removeUser(server.url, userId, accessToken, done)
239 }) 239 })
240 240
241 it('Should not be able to login with this user', function (done) { 241 it('Should not be able to login with this user', function (done) {
diff --git a/server/tests/utils/users.js b/server/tests/utils/users.js
index ed7a9d672..3b560e409 100644
--- a/server/tests/utils/users.js
+++ b/server/tests/utils/users.js
@@ -52,7 +52,7 @@ function getUsersList (url, end) {
52 .end(end) 52 .end(end)
53} 53}
54 54
55function removeUser (url, token, username, expectedStatus, end) { 55function removeUser (url, userId, accessToken, expectedStatus, end) {
56 if (!end) { 56 if (!end) {
57 end = expectedStatus 57 end = expectedStatus
58 expectedStatus = 204 58 expectedStatus = 204
@@ -61,9 +61,9 @@ function removeUser (url, token, username, expectedStatus, end) {
61 const path = '/api/v1/users' 61 const path = '/api/v1/users'
62 62
63 request(url) 63 request(url)
64 .delete(path + '/' + username) 64 .delete(path + '/' + userId)
65 .set('Accept', 'application/json') 65 .set('Accept', 'application/json')
66 .set('Authorization', 'Bearer ' + token) 66 .set('Authorization', 'Bearer ' + accessToken)
67 .expect(expectedStatus) 67 .expect(expectedStatus)
68 .end(end) 68 .end(end)
69} 69}