From 9ccff23877ec8d740fcd5a9254fcd2424b62d2c8 Mon Sep 17 00:00:00 2001 From: Lucas Declercq Date: Wed, 10 Oct 2018 08:57:00 +0200 Subject: Add explicit error message that changing video ownership only works with local accounts (#1214) * Add explicit error message that changing video ownership only works with local accounts * Remove superfluous logger * Remove unneeded end() to error responses * Add a message on client side to prevent transfering ownership to a remote account --- .../video-change-ownership-validators.service.ts | 15 ++++++++++++--- server/middlewares/validators/videos/videos.ts | 13 ++++--------- 2 files changed, 16 insertions(+), 12 deletions(-) diff --git a/client/src/app/shared/forms/form-validators/video-change-ownership-validators.service.ts b/client/src/app/shared/forms/form-validators/video-change-ownership-validators.service.ts index 087b80b44..c6fbb7538 100644 --- a/client/src/app/shared/forms/form-validators/video-change-ownership-validators.service.ts +++ b/client/src/app/shared/forms/form-validators/video-change-ownership-validators.service.ts @@ -1,5 +1,5 @@ import { I18n } from '@ngx-translate/i18n-polyfill' -import { Validators } from '@angular/forms' +import { AbstractControl, ValidationErrors, Validators } from '@angular/forms' import { Injectable } from '@angular/core' import { BuildFormValidator } from '@app/shared' @@ -9,10 +9,19 @@ export class VideoChangeOwnershipValidatorsService { constructor (private i18n: I18n) { this.USERNAME = { - VALIDATORS: [ Validators.required ], + VALIDATORS: [ Validators.required, this.localAccountValidator ], MESSAGES: { - 'required': this.i18n('The username is required.') + 'required': this.i18n('The username is required.'), + 'localAccountOnly': this.i18n('You can only transfer ownership to a local account') } } } + + localAccountValidator (control: AbstractControl): ValidationErrors { + if (control.value.includes('@')) { + return { 'localAccountOnly': true } + } + + return null + } } diff --git a/server/middlewares/validators/videos/videos.ts b/server/middlewares/validators/videos/videos.ts index d6b8aa725..1d0a64bb1 100644 --- a/server/middlewares/validators/videos/videos.ts +++ b/server/middlewares/validators/videos/videos.ts @@ -69,7 +69,6 @@ const videosAddValidator = getCommonVideoAttributes().concat([ if (isAble === false) { res.status(403) .json({ error: 'The user video quota is exceeded with this video.' }) - .end() return cleanUpReqFiles(req) } @@ -82,7 +81,6 @@ const videosAddValidator = getCommonVideoAttributes().concat([ logger.error('Invalid input file in videosAddValidator.', { err }) res.status(400) .json({ error: 'Invalid input file.' }) - .end() return cleanUpReqFiles(req) } @@ -120,7 +118,6 @@ const videosUpdateValidator = getCommonVideoAttributes().concat([ cleanUpReqFiles(req) return res.status(409) .json({ error: 'Cannot set "private" a video that was not private.' }) - .end() } if (req.body.channelId && !await isVideoChannelOfAccountExist(req.body.channelId, user, res)) return cleanUpReqFiles(req) @@ -150,7 +147,6 @@ const videosCustomGetValidator = (fetchType: VideoFetchType) => { if (video.VideoChannel.Account.userId !== user.id && !user.hasRight(UserRight.MANAGE_VIDEO_BLACKLIST)) { return res.status(403) .json({ error: 'Cannot get this private or blacklisted video.' }) - .end() } return next() @@ -239,8 +235,8 @@ const videosChangeOwnershipValidator = [ const nextOwner = await AccountModel.loadLocalByName(req.body.username) if (!nextOwner) { res.status(400) - .type('json') - .end() + .json({ error: 'Changing video ownership to a remote account is not supported yet' }) + return } res.locals.nextOwner = nextOwner @@ -271,7 +267,7 @@ const videosTerminateChangeOwnershipValidator = [ } else { res.status(403) .json({ error: 'Ownership already accepted or refused' }) - .end() + return } } @@ -288,7 +284,7 @@ const videosAcceptChangeOwnershipValidator = [ if (isAble === false) { res.status(403) .json({ error: 'The user video quota is exceeded with this video.' }) - .end() + return } @@ -389,7 +385,6 @@ function areErrorsInScheduleUpdate (req: express.Request, res: express.Response) if (!req.body.scheduleUpdate.updateAt) { res.status(400) .json({ error: 'Schedule update at is mandatory.' }) - .end() return true } -- cgit v1.2.3