aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/controllers/api/users/index.ts10
-rw-r--r--server/middlewares/validators/users.ts16
-rw-r--r--server/models/account/user.ts21
-rw-r--r--server/tests/api/users/users.ts34
4 files changed, 71 insertions, 10 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index c8e9eaeaa..839431afb 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -18,6 +18,7 @@ import {
18 setDefaultPagination, 18 setDefaultPagination,
19 setDefaultSort, 19 setDefaultSort,
20 userAutocompleteValidator, 20 userAutocompleteValidator,
21 usersListValidator,
21 usersAddValidator, 22 usersAddValidator,
22 usersGetValidator, 23 usersGetValidator,
23 usersRegisterValidator, 24 usersRegisterValidator,
@@ -85,6 +86,7 @@ usersRouter.get('/',
85 usersSortValidator, 86 usersSortValidator,
86 setDefaultSort, 87 setDefaultSort,
87 setDefaultPagination, 88 setDefaultPagination,
89 asyncMiddleware(usersListValidator),
88 asyncMiddleware(listUsers) 90 asyncMiddleware(listUsers)
89) 91)
90 92
@@ -282,7 +284,13 @@ async function autocompleteUsers (req: express.Request, res: express.Response) {
282} 284}
283 285
284async function listUsers (req: express.Request, res: express.Response) { 286async function listUsers (req: express.Request, res: express.Response) {
285 const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort, req.query.search) 287 const resultList = await UserModel.listForApi({
288 start: req.query.start,
289 count: req.query.count,
290 sort: req.query.sort,
291 search: req.query.search,
292 blocked: req.query.blocked
293 })
286 294
287 return res.json(getFormattedObjects(resultList.data, resultList.total, { withAdminFlags: true })) 295 return res.json(getFormattedObjects(resultList.data, resultList.total, { withAdminFlags: true }))
288} 296}
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index 4a9ed6830..6860a3bed 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -38,6 +38,21 @@ import { UserRole } from '../../../shared/models/users'
38import { MUserDefault } from '@server/types/models' 38import { MUserDefault } from '@server/types/models'
39import { Hooks } from '@server/lib/plugins/hooks' 39import { Hooks } from '@server/lib/plugins/hooks'
40 40
41const usersListValidator = [
42 query('blocked')
43 .optional()
44 .customSanitizer(toBooleanOrNull)
45 .isBoolean().withMessage('Should be a valid boolean banned state'),
46
47 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
48 logger.debug('Checking usersList parameters', { parameters: req.query })
49
50 if (areValidationErrors(req, res)) return
51
52 return next()
53 }
54]
55
41const usersAddValidator = [ 56const usersAddValidator = [
42 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), 57 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
43 body('password').custom(isUserPasswordValidOrEmpty).withMessage('Should have a valid password'), 58 body('password').custom(isUserPasswordValidOrEmpty).withMessage('Should have a valid password'),
@@ -444,6 +459,7 @@ const ensureCanManageUser = [
444// --------------------------------------------------------------------------- 459// ---------------------------------------------------------------------------
445 460
446export { 461export {
462 usersListValidator,
447 usersAddValidator, 463 usersAddValidator,
448 deleteMeValidator, 464 deleteMeValidator,
449 usersRegisterValidator, 465 usersRegisterValidator,
diff --git a/server/models/account/user.ts b/server/models/account/user.ts
index 3bde1e744..de193131a 100644
--- a/server/models/account/user.ts
+++ b/server/models/account/user.ts
@@ -412,11 +412,18 @@ export class UserModel extends Model<UserModel> {
412 return this.count() 412 return this.count()
413 } 413 }
414 414
415 static listForApi (start: number, count: number, sort: string, search?: string) { 415 static listForApi (parameters: {
416 let where: WhereOptions 416 start: number
417 count: number
418 sort: string
419 search?: string
420 blocked?: boolean
421 }) {
422 const { start, count, sort, search, blocked } = parameters
423 const where: WhereOptions = {}
417 424
418 if (search) { 425 if (search) {
419 where = { 426 Object.assign(where, {
420 [Op.or]: [ 427 [Op.or]: [
421 { 428 {
422 email: { 429 email: {
@@ -429,7 +436,13 @@ export class UserModel extends Model<UserModel> {
429 } 436 }
430 } 437 }
431 ] 438 ]
432 } 439 })
440 }
441
442 if (blocked !== undefined) {
443 Object.assign(where, {
444 blocked: blocked
445 })
433 } 446 }
434 447
435 const query: FindOptions = { 448 const query: FindOptions = {
diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts
index cad954fcb..0a66bd1ce 100644
--- a/server/tests/api/users/users.ts
+++ b/server/tests/api/users/users.ts
@@ -819,12 +819,12 @@ describe('Test users', function () {
819 describe('User blocking', function () { 819 describe('User blocking', function () {
820 let user16Id 820 let user16Id
821 let user16AccessToken 821 let user16AccessToken
822 const user16 = {
823 username: 'user_16',
824 password: 'my super password'
825 }
822 826
823 it('Should block and unblock a user', async function () { 827 it('Should block a user', async function () {
824 const user16 = {
825 username: 'user_16',
826 password: 'my super password'
827 }
828 const resUser = await createUser({ 828 const resUser = await createUser({
829 url: server.url, 829 url: server.url,
830 accessToken: server.accessToken, 830 accessToken: server.accessToken,
@@ -840,7 +840,31 @@ describe('Test users', function () {
840 840
841 await getMyUserInformation(server.url, user16AccessToken, 401) 841 await getMyUserInformation(server.url, user16AccessToken, 401)
842 await userLogin(server, user16, 400) 842 await userLogin(server, user16, 400)
843 })
844
845 it('Should search user by banned status', async function () {
846 {
847 const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, true)
848 const users = res.body.data as User[]
849
850 expect(res.body.total).to.equal(1)
851 expect(users.length).to.equal(1)
852
853 expect(users[0].username).to.equal(user16.username)
854 }
855
856 {
857 const res = await getUsersListPaginationAndSort(server.url, server.accessToken, 0, 2, 'createdAt', undefined, false)
858 const users = res.body.data as User[]
859
860 expect(res.body.total).to.equal(1)
861 expect(users.length).to.equal(1)
862
863 expect(users[0].username).to.not.equal(user16.username)
864 }
865 })
843 866
867 it('Should unblock a user', async function () {
844 await unblockUser(server.url, user16Id, server.accessToken) 868 await unblockUser(server.url, user16Id, server.accessToken)
845 user16AccessToken = await userLogin(server, user16) 869 user16AccessToken = await userLogin(server, user16)
846 await getMyUserInformation(server.url, user16AccessToken, 200) 870 await getMyUserInformation(server.url, user16AccessToken, 200)