IntenseWebs/PeerTube
3
0
Fork 0
mirror of https://github.com/Chocobozzz/PeerTube.git synced 2024-11-29 20:14:02 -06:00
Code Issues Packages Projects Releases Wiki Activity

Server: forbid to remove the root user

Browse Source
This commit is contained in:
Chocobozzz 2016-10-07 15:32:09 +02:00
parent b9ab2e25fd
commit af1068ce1d
2 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
server/middlewares/validators/users.js
View File

@ -47,6 +47,8 @@ function usersRemove (req, res, next) {
if (!user) return res.status(404).send('User not found')
if (user.username === 'root') return res.status(400).send('Cannot remove the root user')
next()
})
})

9
server/tests/api/check-params.js
View File

@ -497,6 +497,7 @@ describe('Test parameters validator', function () {
describe('Of the users API', function () {
const path = '/api/v1/users/'
let userId = null
let rootId = null
describe('When listing users', function () {
it('Should fail with a bad start pagination', function (done) {
@ -626,6 +627,7 @@ describe('Test parameters validator', function () {
if (err) throw err
userId = res.body.data[1].id
rootId = res.body.data[2].id
done()
})
})
@ -691,6 +693,13 @@ describe('Test parameters validator', function () {
.expect(400, done)
})
it('Should fail with the root user', function (done) {
request(server.url)
.delete(path + rootId)
.set('Authorization', 'Bearer ' + server.accessToken)
.expect(400, done)
})
it('Should return 404 with a non existing id', function (done) {
request(server.url)
.delete(path + '579f982228c99c221d8092b8')