From a890d1e0d30851741392e6e7f14acffe685d28e0 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 26 Sep 2018 16:28:15 +0200 Subject: Check current password on server side --- server/tests/api/check-params/users.ts | 34 +++++++++++++++++++++++++++++++++- server/tests/api/users/users.ts | 33 +++++++++++++++++++++++++++++---- 2 files changed, 62 insertions(+), 5 deletions(-) (limited to 'server/tests/api') diff --git a/server/tests/api/check-params/users.ts b/server/tests/api/check-params/users.ts index 95903c8a5..cbfa0c137 100644 --- a/server/tests/api/check-params/users.ts +++ b/server/tests/api/check-params/users.ts @@ -254,6 +254,7 @@ describe('Test users API validators', function () { it('Should fail with a too small password', async function () { const fields = { + currentPassword: 'my super password', password: 'bla' } @@ -262,12 +263,31 @@ describe('Test users API validators', function () { it('Should fail with a too long password', async function () { const fields = { + currentPassword: 'my super password', password: 'super'.repeat(61) } await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) + it('Should fail without the current password', async function () { + const fields = { + currentPassword: 'my super password', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) + }) + + it('Should fail with an invalid current password', async function () { + const fields = { + currentPassword: 'my super password fail', + password: 'super'.repeat(61) + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 401 }) + }) + it('Should fail with an invalid NSFW policy attribute', async function () { const fields = { nsfwPolicy: 'hello' @@ -286,6 +306,7 @@ describe('Test users API validators', function () { it('Should fail with an non authenticated user', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password' } @@ -300,8 +321,9 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields }) }) - it('Should succeed with the correct params', async function () { + it('Should succeed to change password with the correct params', async function () { const fields = { + currentPassword: 'my super password', password: 'my super password', nsfwPolicy: 'blur', autoPlayVideo: false, @@ -310,6 +332,16 @@ describe('Test users API validators', function () { await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) }) + + it('Should succeed without password change with the correct params', async function () { + const fields = { + nsfwPolicy: 'blur', + autoPlayVideo: false, + email: 'super_email@example.com' + } + + await makePutBodyRequest({ url: server.url, path: path + 'me', token: userAccessToken, fields, statusCodeExpected: 204 }) + }) }) describe('When updating my avatar', function () { diff --git a/server/tests/api/users/users.ts b/server/tests/api/users/users.ts index c0dd587ee..8b9c6b455 100644 --- a/server/tests/api/users/users.ts +++ b/server/tests/api/users/users.ts @@ -4,10 +4,34 @@ import * as chai from 'chai' import 'mocha' import { User, UserRole } from '../../../../shared/index' import { - createUser, flushTests, getBlacklistedVideosList, getMyUserInformation, getMyUserVideoQuotaUsed, getMyUserVideoRating, - getUserInformation, getUsersList, getUsersListPaginationAndSort, getVideosList, killallServers, login, makePutBodyRequest, rateVideo, - registerUser, removeUser, removeVideo, runServer, ServerInfo, testImage, updateMyAvatar, updateMyUser, updateUser, uploadVideo, userLogin, - deleteMe, blockUser, unblockUser, updateCustomSubConfig + blockUser, + createUser, + deleteMe, + flushTests, + getBlacklistedVideosList, + getMyUserInformation, + getMyUserVideoQuotaUsed, + getMyUserVideoRating, + getUserInformation, + getUsersList, + getUsersListPaginationAndSort, + getVideosList, + killallServers, + login, + makePutBodyRequest, + rateVideo, + registerUser, + removeUser, + removeVideo, + runServer, + ServerInfo, + testImage, + unblockUser, + updateMyAvatar, + updateMyUser, + updateUser, + uploadVideo, + userLogin } from '../../utils/index' import { follow } from '../../utils/server/follows' import { setAccessTokensToServers } from '../../utils/users/login' @@ -302,6 +326,7 @@ describe('Test users', function () { await updateMyUser({ url: server.url, accessToken: accessTokenUser, + currentPassword: 'super password', newPassword: 'new password' }) user.password = 'new password' -- cgit v1.2.3