diff options
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r-- | server/middlewares/validators/users.ts | 55 |
1 files changed, 30 insertions, 25 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index c91c378b3..c93895f2f 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -37,6 +37,7 @@ import { doesVideoExist } from '../../helpers/middlewares' | |||
37 | import { UserRole } from '../../../shared/models/users' | 37 | import { UserRole } from '../../../shared/models/users' |
38 | import { MUserDefault } from '@server/types/models' | 38 | import { MUserDefault } from '@server/types/models' |
39 | import { Hooks } from '@server/lib/plugins/hooks' | 39 | import { Hooks } from '@server/lib/plugins/hooks' |
40 | import { HttpStatusCode } from '../../../shared/core-utils/miscs/http-error-codes' | ||
40 | 41 | ||
41 | const usersListValidator = [ | 42 | const usersListValidator = [ |
42 | query('blocked') | 43 | query('blocked') |
@@ -73,19 +74,22 @@ const usersAddValidator = [ | |||
73 | 74 | ||
74 | const authUser = res.locals.oauth.token.User | 75 | const authUser = res.locals.oauth.token.User |
75 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { | 76 | if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { |
76 | return res.status(403) | 77 | return res |
78 | .status(HttpStatusCode.FORBIDDEN_403) | ||
77 | .json({ error: 'You can only create users (and not administrators or moderators)' }) | 79 | .json({ error: 'You can only create users (and not administrators or moderators)' }) |
78 | } | 80 | } |
79 | 81 | ||
80 | if (req.body.channelName) { | 82 | if (req.body.channelName) { |
81 | if (req.body.channelName === req.body.username) { | 83 | if (req.body.channelName === req.body.username) { |
82 | return res.status(400) | 84 | return res |
85 | .status(HttpStatusCode.BAD_REQUEST_400) | ||
83 | .json({ error: 'Channel name cannot be the same as user username.' }) | 86 | .json({ error: 'Channel name cannot be the same as user username.' }) |
84 | } | 87 | } |
85 | 88 | ||
86 | const existing = await ActorModel.loadLocalByName(req.body.channelName) | 89 | const existing = await ActorModel.loadLocalByName(req.body.channelName) |
87 | if (existing) { | 90 | if (existing) { |
88 | return res.status(409) | 91 | return res |
92 | .status(HttpStatusCode.CONFLICT_409) | ||
89 | .json({ error: `Channel with name ${req.body.channelName} already exists.` }) | 93 | .json({ error: `Channel with name ${req.body.channelName} already exists.` }) |
90 | } | 94 | } |
91 | } | 95 | } |
@@ -118,18 +122,19 @@ const usersRegisterValidator = [ | |||
118 | const body: UserRegister = req.body | 122 | const body: UserRegister = req.body |
119 | if (body.channel) { | 123 | if (body.channel) { |
120 | if (!body.channel.name || !body.channel.displayName) { | 124 | if (!body.channel.name || !body.channel.displayName) { |
121 | return res.status(400) | 125 | return res |
126 | .status(HttpStatusCode.BAD_REQUEST_400) | ||
122 | .json({ error: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' }) | 127 | .json({ error: 'Channel is optional but if you specify it, channel.name and channel.displayName are required.' }) |
123 | } | 128 | } |
124 | 129 | ||
125 | if (body.channel.name === body.username) { | 130 | if (body.channel.name === body.username) { |
126 | return res.status(400) | 131 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
127 | .json({ error: 'Channel name cannot be the same as user username.' }) | 132 | .json({ error: 'Channel name cannot be the same as user username.' }) |
128 | } | 133 | } |
129 | 134 | ||
130 | const existing = await ActorModel.loadLocalByName(body.channel.name) | 135 | const existing = await ActorModel.loadLocalByName(body.channel.name) |
131 | if (existing) { | 136 | if (existing) { |
132 | return res.status(409) | 137 | return res.status(HttpStatusCode.CONFLICT_409) |
133 | .json({ error: `Channel with name ${body.channel.name} already exists.` }) | 138 | .json({ error: `Channel with name ${body.channel.name} already exists.` }) |
134 | } | 139 | } |
135 | } | 140 | } |
@@ -149,7 +154,7 @@ const usersRemoveValidator = [ | |||
149 | 154 | ||
150 | const user = res.locals.user | 155 | const user = res.locals.user |
151 | if (user.username === 'root') { | 156 | if (user.username === 'root') { |
152 | return res.status(400) | 157 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
153 | .json({ error: 'Cannot remove the root user' }) | 158 | .json({ error: 'Cannot remove the root user' }) |
154 | } | 159 | } |
155 | 160 | ||
@@ -169,7 +174,7 @@ const usersBlockingValidator = [ | |||
169 | 174 | ||
170 | const user = res.locals.user | 175 | const user = res.locals.user |
171 | if (user.username === 'root') { | 176 | if (user.username === 'root') { |
172 | return res.status(400) | 177 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
173 | .json({ error: 'Cannot block the root user' }) | 178 | .json({ error: 'Cannot block the root user' }) |
174 | } | 179 | } |
175 | 180 | ||
@@ -181,7 +186,7 @@ const deleteMeValidator = [ | |||
181 | (req: express.Request, res: express.Response, next: express.NextFunction) => { | 186 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
182 | const user = res.locals.oauth.token.User | 187 | const user = res.locals.oauth.token.User |
183 | if (user.username === 'root') { | 188 | if (user.username === 'root') { |
184 | return res.status(400) | 189 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
185 | .json({ error: 'You cannot delete your root account.' }) | 190 | .json({ error: 'You cannot delete your root account.' }) |
186 | .end() | 191 | .end() |
187 | } | 192 | } |
@@ -211,8 +216,8 @@ const usersUpdateValidator = [ | |||
211 | 216 | ||
212 | const user = res.locals.user | 217 | const user = res.locals.user |
213 | if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) { | 218 | if (user.username === 'root' && req.body.role !== undefined && user.role !== req.body.role) { |
214 | return res.status(400) | 219 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
215 | .json({ error: 'Cannot change root role.' }) | 220 | .json({ error: 'Cannot change root role.' }) |
216 | } | 221 | } |
217 | 222 | ||
218 | return next() | 223 | return next() |
@@ -267,17 +272,17 @@ const usersUpdateMeValidator = [ | |||
267 | 272 | ||
268 | if (req.body.password || req.body.email) { | 273 | if (req.body.password || req.body.email) { |
269 | if (user.pluginAuth !== null) { | 274 | if (user.pluginAuth !== null) { |
270 | return res.status(400) | 275 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
271 | .json({ error: 'You cannot update your email or password that is associated with an external auth system.' }) | 276 | .json({ error: 'You cannot update your email or password that is associated with an external auth system.' }) |
272 | } | 277 | } |
273 | 278 | ||
274 | if (!req.body.currentPassword) { | 279 | if (!req.body.currentPassword) { |
275 | return res.status(400) | 280 | return res.status(HttpStatusCode.BAD_REQUEST_400) |
276 | .json({ error: 'currentPassword parameter is missing.' }) | 281 | .json({ error: 'currentPassword parameter is missing.' }) |
277 | } | 282 | } |
278 | 283 | ||
279 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { | 284 | if (await user.isPasswordMatch(req.body.currentPassword) !== true) { |
280 | return res.status(401) | 285 | return res.status(HttpStatusCode.UNAUTHORIZED_401) |
281 | .json({ error: 'currentPassword is invalid.' }) | 286 | .json({ error: 'currentPassword is invalid.' }) |
282 | } | 287 | } |
283 | } | 288 | } |
@@ -329,7 +334,7 @@ const ensureUserRegistrationAllowed = [ | |||
329 | ) | 334 | ) |
330 | 335 | ||
331 | if (allowedResult.allowed === false) { | 336 | if (allowedResult.allowed === false) { |
332 | return res.status(403) | 337 | return res.status(HttpStatusCode.FORBIDDEN_403) |
333 | .json({ error: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.' }) | 338 | .json({ error: allowedResult.errorMessage || 'User registration is not enabled or user limit is reached.' }) |
334 | } | 339 | } |
335 | 340 | ||
@@ -342,7 +347,7 @@ const ensureUserRegistrationAllowedForIP = [ | |||
342 | const allowed = isSignupAllowedForCurrentIP(req.ip) | 347 | const allowed = isSignupAllowedForCurrentIP(req.ip) |
343 | 348 | ||
344 | if (allowed === false) { | 349 | if (allowed === false) { |
345 | return res.status(403) | 350 | return res.status(HttpStatusCode.FORBIDDEN_403) |
346 | .json({ error: 'You are not on a network authorized for registration.' }) | 351 | .json({ error: 'You are not on a network authorized for registration.' }) |
347 | } | 352 | } |
348 | 353 | ||
@@ -362,7 +367,7 @@ const usersAskResetPasswordValidator = [ | |||
362 | if (!exists) { | 367 | if (!exists) { |
363 | logger.debug('User with email %s does not exist (asking reset password).', req.body.email) | 368 | logger.debug('User with email %s does not exist (asking reset password).', req.body.email) |
364 | // Do not leak our emails | 369 | // Do not leak our emails |
365 | return res.status(204).end() | 370 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
366 | } | 371 | } |
367 | 372 | ||
368 | return next() | 373 | return next() |
@@ -385,7 +390,7 @@ const usersResetPasswordValidator = [ | |||
385 | 390 | ||
386 | if (redisVerificationString !== req.body.verificationString) { | 391 | if (redisVerificationString !== req.body.verificationString) { |
387 | return res | 392 | return res |
388 | .status(403) | 393 | .status(HttpStatusCode.FORBIDDEN_403) |
389 | .json({ error: 'Invalid verification string.' }) | 394 | .json({ error: 'Invalid verification string.' }) |
390 | } | 395 | } |
391 | 396 | ||
@@ -404,7 +409,7 @@ const usersAskSendVerifyEmailValidator = [ | |||
404 | if (!exists) { | 409 | if (!exists) { |
405 | logger.debug('User with email %s does not exist (asking verify email).', req.body.email) | 410 | logger.debug('User with email %s does not exist (asking verify email).', req.body.email) |
406 | // Do not leak our emails | 411 | // Do not leak our emails |
407 | return res.status(204).end() | 412 | return res.status(HttpStatusCode.NO_CONTENT_204).end() |
408 | } | 413 | } |
409 | 414 | ||
410 | return next() | 415 | return next() |
@@ -432,7 +437,7 @@ const usersVerifyEmailValidator = [ | |||
432 | 437 | ||
433 | if (redisVerificationString !== req.body.verificationString) { | 438 | if (redisVerificationString !== req.body.verificationString) { |
434 | return res | 439 | return res |
435 | .status(403) | 440 | .status(HttpStatusCode.FORBIDDEN_403) |
436 | .json({ error: 'Invalid verification string.' }) | 441 | .json({ error: 'Invalid verification string.' }) |
437 | } | 442 | } |
438 | 443 | ||
@@ -449,7 +454,7 @@ const ensureAuthUserOwnsAccountValidator = [ | |||
449 | const user = res.locals.oauth.token.User | 454 | const user = res.locals.oauth.token.User |
450 | 455 | ||
451 | if (res.locals.account.id !== user.Account.id) { | 456 | if (res.locals.account.id !== user.Account.id) { |
452 | return res.status(403) | 457 | return res.status(HttpStatusCode.FORBIDDEN_403) |
453 | .json({ error: 'Only owner can access ratings list.' }) | 458 | .json({ error: 'Only owner can access ratings list.' }) |
454 | } | 459 | } |
455 | 460 | ||
@@ -465,7 +470,7 @@ const ensureCanManageUser = [ | |||
465 | if (authUser.role === UserRole.ADMINISTRATOR) return next() | 470 | if (authUser.role === UserRole.ADMINISTRATOR) return next() |
466 | if (authUser.role === UserRole.MODERATOR && onUser.role === UserRole.USER) return next() | 471 | if (authUser.role === UserRole.MODERATOR && onUser.role === UserRole.USER) return next() |
467 | 472 | ||
468 | return res.status(403) | 473 | return res.status(HttpStatusCode.FORBIDDEN_403) |
469 | .json({ error: 'A moderator can only manager users.' }) | 474 | .json({ error: 'A moderator can only manager users.' }) |
470 | } | 475 | } |
471 | ] | 476 | ] |
@@ -509,14 +514,14 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: | |||
509 | const user = await UserModel.loadByUsernameOrEmail(username, email) | 514 | const user = await UserModel.loadByUsernameOrEmail(username, email) |
510 | 515 | ||
511 | if (user) { | 516 | if (user) { |
512 | res.status(409) | 517 | res.status(HttpStatusCode.CONFLICT_409) |
513 | .json({ error: 'User with this username or email already exists.' }) | 518 | .json({ error: 'User with this username or email already exists.' }) |
514 | return false | 519 | return false |
515 | } | 520 | } |
516 | 521 | ||
517 | const actor = await ActorModel.loadLocalByName(username) | 522 | const actor = await ActorModel.loadLocalByName(username) |
518 | if (actor) { | 523 | if (actor) { |
519 | res.status(409) | 524 | res.status(HttpStatusCode.CONFLICT_409) |
520 | .json({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' }) | 525 | .json({ error: 'Another actor (account/channel) with this name on this instance already exists or has already existed.' }) |
521 | return false | 526 | return false |
522 | } | 527 | } |
@@ -529,7 +534,7 @@ async function checkUserExist (finder: () => Bluebird<MUserDefault>, res: expres | |||
529 | 534 | ||
530 | if (!user) { | 535 | if (!user) { |
531 | if (abortResponse === true) { | 536 | if (abortResponse === true) { |
532 | res.status(404) | 537 | res.status(HttpStatusCode.NOT_FOUND_404) |
533 | .json({ error: 'User not found' }) | 538 | .json({ error: 'User not found' }) |
534 | } | 539 | } |
535 | 540 | ||