From b426edd4854adc6e65844d8c54b8998e792b5778 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 11 Feb 2019 09:30:29 +0100 Subject: Cleanup reset user password by admin And add some tests --- server/controllers/api/users/index.ts | 20 ++++++++++---------- server/controllers/api/users/me.ts | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) (limited to 'server/controllers') diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index beac6d8b1..e3533a7f6 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts @@ -3,7 +3,6 @@ import * as RateLimit from 'express-rate-limit' import { UserCreate, UserRight, UserRole, UserUpdate } from '../../../../shared' import { logger } from '../../../helpers/logger' import { getFormattedObjects } from '../../../helpers/utils' -import { pseudoRandomBytesPromise } from '../../../helpers/core-utils' import { CONFIG, RATES_LIMIT, sequelizeTypescript } from '../../../initializers' import { Emailer } from '../../../lib/emailer' import { Redis } from '../../../lib/redis' @@ -230,7 +229,7 @@ async function unblockUser (req: express.Request, res: express.Response, next: e return res.status(204).end() } -async function blockUser (req: express.Request, res: express.Response, next: express.NextFunction) { +async function blockUser (req: express.Request, res: express.Response) { const user: UserModel = res.locals.user const reason = req.body.reason @@ -239,23 +238,23 @@ async function blockUser (req: express.Request, res: express.Response, next: exp return res.status(204).end() } -function getUser (req: express.Request, res: express.Response, next: express.NextFunction) { +function getUser (req: express.Request, res: express.Response) { return res.json((res.locals.user as UserModel).toFormattedJSON()) } -async function autocompleteUsers (req: express.Request, res: express.Response, next: express.NextFunction) { +async function autocompleteUsers (req: express.Request, res: express.Response) { const resultList = await UserModel.autoComplete(req.query.search as string) return res.json(resultList) } -async function listUsers (req: express.Request, res: express.Response, next: express.NextFunction) { +async function listUsers (req: express.Request, res: express.Response) { const resultList = await UserModel.listForApi(req.query.start, req.query.count, req.query.sort, req.query.search) return res.json(getFormattedObjects(resultList.data, resultList.total)) } -async function removeUser (req: express.Request, res: express.Response, next: express.NextFunction) { +async function removeUser (req: express.Request, res: express.Response) { const user: UserModel = res.locals.user await user.destroy() @@ -265,12 +264,13 @@ async function removeUser (req: express.Request, res: express.Response, next: ex return res.sendStatus(204) } -async function updateUser (req: express.Request, res: express.Response, next: express.NextFunction) { +async function updateUser (req: express.Request, res: express.Response) { const body: UserUpdate = req.body const userToUpdate = res.locals.user as UserModel const oldUserAuditView = new UserAuditView(userToUpdate.toFormattedJSON()) const roleChanged = body.role !== undefined && body.role !== userToUpdate.role + if (body.password !== undefined) userToUpdate.password = body.password if (body.email !== undefined) userToUpdate.email = body.email if (body.emailVerified !== undefined) userToUpdate.emailVerified = body.emailVerified if (body.videoQuota !== undefined) userToUpdate.videoQuota = body.videoQuota @@ -280,11 +280,11 @@ async function updateUser (req: express.Request, res: express.Response, next: ex const user = await userToUpdate.save() // Destroy user token to refresh rights - if (roleChanged) await deleteUserToken(userToUpdate.id) + if (roleChanged || body.password !== undefined) await deleteUserToken(userToUpdate.id) auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView) - // Don't need to send this update to followers, these attributes are not propagated + // Don't need to send this update to followers, these attributes are not federated return res.sendStatus(204) } @@ -294,7 +294,7 @@ async function askResetUserPassword (req: express.Request, res: express.Response const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id) const url = CONFIG.WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString - await Emailer.Instance.addForgetPasswordEmailJob(user.email, url) + await Emailer.Instance.addPasswordResetEmailJob(user.email, url) return res.status(204).end() } diff --git a/server/controllers/api/users/me.ts b/server/controllers/api/users/me.ts index 94a2b8732..d5e154869 100644 --- a/server/controllers/api/users/me.ts +++ b/server/controllers/api/users/me.ts @@ -167,7 +167,7 @@ async function deleteMe (req: express.Request, res: express.Response) { return res.sendStatus(204) } -async function updateMe (req: express.Request, res: express.Response, next: express.NextFunction) { +async function updateMe (req: express.Request, res: express.Response) { const body: UserUpdateMe = req.body const user: UserModel = res.locals.oauth.token.user -- cgit v1.2.3