diff --git a/src/groups.js b/src/groups.js index 7f9999d99..4c44ec72b 100644 --- a/src/groups.js +++ b/src/groups.js @@ -46,8 +46,17 @@ function validateGroupname(name) { return null; } -function create(name, callback) { +function validateGroupSource(source) { + assert.strictEqual(typeof source, 'string'); + + if (source !== '' && source !== 'ldap') return new BoxError(BoxError.BAD_FIELD, 'source must be "" or "ldap"', { field: source }); + + return null; +} + +function create(name, source, callback) { assert.strictEqual(typeof name, 'string'); + assert.strictEqual(typeof source, 'string'); assert.strictEqual(typeof callback, 'function'); // we store names in lowercase @@ -56,8 +65,10 @@ function create(name, callback) { var error = validateGroupname(name); if (error) return callback(error); + error = validateGroupSource(source); + if (error) return callback(error); + var id = 'gid-' + uuid.v4(); - var source = ''; // empty means local groupdb.add(id, name, source, function (error) { if (error) return callback(error); diff --git a/src/routes/groups.js b/src/routes/groups.js index 650b6a131..68f3692f0 100644 --- a/src/routes/groups.js +++ b/src/routes/groups.js @@ -20,7 +20,9 @@ function create(req, res, next) { if (typeof req.body.name !== 'string') return next(new HttpError(400, 'name must be string')); - groups.create(req.body.name, function (error, group) { + var source = ''; // means local + + groups.create(req.body.name, source, function (error, group) { if (error) return next(BoxError.toHttpError(error)); var groupInfo = { diff --git a/src/routes/test/users-test.js b/src/routes/test/users-test.js index 8322c3db9..a97c8281f 100644 --- a/src/routes/test/users-test.js +++ b/src/routes/test/users-test.js @@ -13,7 +13,6 @@ var async = require('async'), expect = require('expect.js'), hat = require('../../hat.js'), groups = require('../../groups.js'), - mail = require('../../mail.js'), mailer = require('../../mailer.js'), superagent = require('superagent'), server = require('../../server.js'), @@ -50,7 +49,7 @@ function setup(done) { ], function (error) { expect(error).to.not.be.ok(); - groups.create('somegroupname', function (error, result) { + groups.create('somegroupname', '', function (error, result) { expect(error).to.not.be.ok(); groupObject = result; diff --git a/src/test/groups-test.js b/src/test/groups-test.js index 03846cbe7..101159651 100644 --- a/src/test/groups-test.js +++ b/src/test/groups-test.js @@ -79,42 +79,49 @@ describe('Groups', function () { after(cleanup); it('cannot create group - too small', function (done) { - groups.create('', function (error) { + groups.create('', '', function (error) { expect(error.reason).to.be(BoxError.BAD_FIELD); done(); }); }); it('cannot create group - too big', function (done) { - groups.create(new Array(256).join('a'), function (error) { + groups.create(new Array(256).join('a'), '', function (error) { expect(error.reason).to.be(BoxError.BAD_FIELD); done(); }); }); it('cannot create group - bad name', function (done) { - groups.create('bad:name', function (error) { + groups.create('bad:name', '', function (error) { expect(error.reason).to.be(BoxError.BAD_FIELD); done(); }); }); it('cannot create group - reserved', function (done) { - groups.create('users', function (error) { + groups.create('users', '', function (error) { expect(error.reason).to.be(BoxError.BAD_FIELD); done(); }); }); it('cannot create group - invalid', function (done) { - groups.create('cloudron+admin', function (error) { + groups.create('cloudron+admin', '', function (error) { + expect(error.reason).to.be(BoxError.BAD_FIELD); + done(); + }); + }); + + it('cannot create group - invalid source', function (done) { + groups.create('cloudron+admin', 'unknownsource', function (error) { expect(error.reason).to.be(BoxError.BAD_FIELD); done(); }); }); it('can create valid group', function (done) { - groups.create(GROUP0_NAME, function (error, result) { + groups.create(GROUP0_NAME, '', function (error, result) { expect(error).to.be(null); group0Object = result; done(); @@ -123,14 +130,14 @@ describe('Groups', function () { it('cannot create existing group with mixed case', function (done) { var name = GROUP0_NAME[0].toUpperCase() + GROUP0_NAME.substr(1); - groups.create(name, function (error) { + groups.create(name, '', function (error) { expect(error.reason).to.be(BoxError.ALREADY_EXISTS); done(); }); }); it('cannot add existing group', function (done) { - groups.create(GROUP0_NAME, function (error) { + groups.create(GROUP0_NAME, 'ldap', function (error) { expect(error.reason).to.be(BoxError.ALREADY_EXISTS); done(); }); @@ -178,7 +185,7 @@ describe('Group membership', function () { async.series([ setup, function (next) { - groups.create(GROUP0_NAME, function (error, result) { + groups.create(GROUP0_NAME, '', function (error, result) { if (error) return next(error); group0Object = result; next(); @@ -295,7 +302,7 @@ describe('Group membership', function () { }); it('can remove group with member', function (done) { - groups.create(GROUP0_NAME, function (error, result) { + groups.create(GROUP0_NAME, '', function (error, result) { expect(error).to.eql(null); group0Object = result; @@ -316,14 +323,14 @@ describe('Set user groups', function () { async.series([ setup, function (next) { - groups.create(GROUP0_NAME, function (error, result) { + groups.create(GROUP0_NAME, '', function (error, result) { if (error) return next(error); group0Object = result; next(); }); }, function (next) { - groups.create(GROUP1_NAME, function (error, result) { + groups.create(GROUP1_NAME, '', function (error, result) { if (error) return next(error); group1Object = result; next(); diff --git a/src/test/ldap-test.js b/src/test/ldap-test.js index d43c4e9ba..f13075e39 100644 --- a/src/test/ldap-test.js +++ b/src/test/ldap-test.js @@ -133,7 +133,7 @@ function setup(done) { }); }, function (callback) { - groups.create(GROUP_NAME, function (error, result) { + groups.create(GROUP_NAME, '', function (error, result) { if (error) return callback(error); GROUP_ID = result.id; diff --git a/src/test/users-test.js b/src/test/users-test.js index 081a3c847..4722a5baa 100644 --- a/src/test/users-test.js +++ b/src/test/users-test.js @@ -8,13 +8,11 @@ var async = require('async'), BoxError = require('../boxerror.js'), database = require('../database.js'), - constants = require('../constants.js'), expect = require('expect.js'), fs = require('fs'), groupdb = require('../groupdb.js'), groups = require('../groups.js'), domains = require('../domains.js'), - mail = require('../mail.js'), mailboxdb = require('../mailboxdb.js'), maildb = require('../maildb.js'), mailer = require('../mailer.js'), @@ -738,7 +736,7 @@ describe('User', function () { auditSource = _.extend({}, AUDIT_SOURCE, { userId: owner.id }); - groups.create(NON_ADMIN_GROUP, done); + groups.create(NON_ADMIN_GROUP, '', done); }); });