From dea16773dfcc4e38e48c2980731af6e2a17a7aa6 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Thu, 22 Aug 2019 10:59:14 +0200 Subject: Fix user creation by moderators --- server/middlewares/validators/users.ts | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'server') diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 16d297047..8ee2ec1f5 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts @@ -38,7 +38,9 @@ const usersAddValidator = [ body('email').isEmail().withMessage('Should have a valid email'), body('videoQuota').custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), body('videoQuotaDaily').custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), - body('role').custom(isUserRoleValid).withMessage('Should have a valid role'), + body('role') + .customSanitizer(toIntOrNull) + .custom(isUserRoleValid).withMessage('Should have a valid role'), body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { @@ -50,7 +52,7 @@ const usersAddValidator = [ const authUser = res.locals.oauth.token.User if (authUser.role !== UserRole.ADMINISTRATOR && req.body.role !== UserRole.USER) { return res.status(403) - .json({ error: 'You can only create users (and not administrators or moderators' }) + .json({ error: 'You can only create users (and not administrators or moderators)' }) } return next() @@ -160,7 +162,10 @@ const usersUpdateValidator = [ body('emailVerified').optional().isBoolean().withMessage('Should have a valid email verified attribute'), body('videoQuota').optional().custom(isUserVideoQuotaValid).withMessage('Should have a valid user quota'), body('videoQuotaDaily').optional().custom(isUserVideoQuotaDailyValid).withMessage('Should have a valid daily user quota'), - body('role').optional().custom(isUserRoleValid).withMessage('Should have a valid role'), + body('role') + .optional() + .customSanitizer(toIntOrNull) + .custom(isUserRoleValid).withMessage('Should have a valid role'), body('adminFlags').optional().custom(isUserAdminFlagsValid).withMessage('Should have a valid admin flags'), async (req: express.Request, res: express.Response, next: express.NextFunction) => { -- cgit v1.2.3