diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/middlewares/validators/users.js | 15 | ||||
-rw-r--r-- | server/tests/api/check-params.js | 11 |
2 files changed, 23 insertions, 3 deletions
diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js index e540ab0d1..5defdf4e3 100644 --- a/server/middlewares/validators/users.js +++ b/server/middlewares/validators/users.js | |||
@@ -17,11 +17,20 @@ function usersAdd (req, res, next) { | |||
17 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() | 17 | req.checkBody('username', 'Should have a valid username').isUserUsernameValid() |
18 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() | 18 | req.checkBody('password', 'Should have a valid password').isUserPasswordValid() |
19 | 19 | ||
20 | // TODO: check we don't have already the same username | ||
21 | |||
22 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) | 20 | logger.debug('Checking usersAdd parameters', { parameters: req.body }) |
23 | 21 | ||
24 | checkErrors(req, res, next) | 22 | checkErrors(req, res, function () { |
23 | User.loadByUsername(req.body.username, function (err, user) { | ||
24 | if (err) { | ||
25 | logger.error('Error in usersAdd request validator.', { error: err }) | ||
26 | return res.sendStatus(500) | ||
27 | } | ||
28 | |||
29 | if (user) return res.status(409).send('User already exists.') | ||
30 | |||
31 | next() | ||
32 | }) | ||
33 | }) | ||
25 | } | 34 | } |
26 | 35 | ||
27 | function usersRemove (req, res, next) { | 36 | function usersRemove (req, res, next) { |
diff --git a/server/tests/api/check-params.js b/server/tests/api/check-params.js index 4f7b26561..e361147bb 100644 --- a/server/tests/api/check-params.js +++ b/server/tests/api/check-params.js | |||
@@ -590,6 +590,17 @@ describe('Test parameters validator', function () { | |||
590 | requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204) | 590 | requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 204) |
591 | }) | 591 | }) |
592 | 592 | ||
593 | it('Should fail if we add a user with the same username', function (done) { | ||
594 | it('Should succeed with the correct params', function (done) { | ||
595 | const data = { | ||
596 | username: 'user1', | ||
597 | password: 'my super password' | ||
598 | } | ||
599 | |||
600 | requestsUtils.makePostBodyRequest(server.url, path, server.accessToken, data, done, 409) | ||
601 | }) | ||
602 | }) | ||
603 | |||
593 | it('Should fail with a non admin user', function (done) { | 604 | it('Should fail with a non admin user', function (done) { |
594 | server.user = { | 605 | server.user = { |
595 | username: 'user1', | 606 | username: 'user1', |