aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/middlewares/validators/users.js15
-rw-r--r--server/tests/api/check-params.js11
2 files changed, 23 insertions, 3 deletions
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js
index e540ab0d1..5defdf4e3 100644
--- a/server/middlewares/validators/users.js
+++ b/server/middlewares/validators/users.js
@@ -17,11 +17,20 @@ function usersAdd (req, res, next) {
17 req.checkBody('username', 'Should have a valid username').isUserUsernameValid() 17 req.checkBody('username', 'Should have a valid username').isUserUsernameValid()
18 req.checkBody('password', 'Should have a valid password').isUserPasswordValid() 18 req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
19 19
20 // TODO: check we don't have already the same username
21
22 logger.debug('Checking usersAdd parameters', { parameters: req.body }) 20 logger.debug('Checking usersAdd parameters', { parameters: req.body })
23 21
24 checkErrors(req, res, next) 22 checkErrors(req, res, function () {
23 User.loadByUsername(req.body.username, function (err, user) {
24 if (err) {
25 logger.error('Error in usersAdd request validator.', { error: err })
26 return res.sendStatus(500)
27 }
28
29 if (user) return res.status(409).send('User already exists.')
30
31 next()
32 })
33 })
25} 34}
26 35
27function usersRemove (req, res, next) { 36function usersRemove (req, res, next) {
diff --git a/server/tests/api/check-params.js b/server/tests/api/check-params.js
index 4f7b26561..e361147bb 100644
--- a/server/tests/api/check-params.js
+++ b/server/tests/api/check-params.js
@@ -590,6 +590,17 @@ describe('Test parameters validator', function () {
590 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204) 590 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204)
591 }) 591 })
592 592
593 it('Should fail if we add a user with the same username', function (done) {
594 it('Should succeed with the correct params', function (done) {
595 const data = {
596 username: 'user1',
597 password: 'my super password'
598 }
599
600 requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409)
601 })
602 })
603
593 it('Should fail with a non admin user', function (done) { 604 it('Should fail with a non admin user', function (done) {
594 server.user = { 605 server.user = {
595 username: 'user1', 606 username: 'user1',