diff --git a/package-lock.json b/package-lock.json index 698447184..926243c94 100644 --- a/package-lock.json +++ b/package-lock.json @@ -3527,7 +3527,7 @@ "rimraf": { "version": "2.6.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz", - "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==", + "integrity": "sha1-LtgVDSShbqhlHm1u8PR8QVjOejY=", "requires": { "glob": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz" } diff --git a/src/routes/test/user-test.js b/src/routes/test/user-test.js index 01b39f5f0..b0477ee05 100644 --- a/src/routes/test/user-test.js +++ b/src/routes/test/user-test.js @@ -33,6 +33,7 @@ const USERNAME_0 = 'superaDmIn', PASSWORD = 'Foobar?1337', EMAIL_0 = 'silLY@me.c const USERNAME_1 = 'userTheFirst', EMAIL_1 = 'taO@zen.mac'; const USERNAME_2 = 'userTheSecond', EMAIL_2 = 'USER@foo.bar', EMAIL_2_NEW = 'happy@ME.com'; const USERNAME_3 = 'ut', EMAIL_3 = 'user3@FOO.bar'; +const USERNAME_4 = 'importedUser', EMAIL_4 = 'import@external.com'; var groupObject; @@ -80,7 +81,7 @@ function checkMails(number, done) { describe('User API', function () { this.timeout(5000); - var user_0, user_1, user_2; + var user_0, user_1, user_2, user_4; var token = null; var token_1 = tokendb.generateToken(); @@ -259,6 +260,19 @@ describe('User API', function () { }); }); + it('cannot create user without email', function (done) { + mailer._clearMailQueue(); + + superagent.post(SERVER_URL + '/api/v1/users') + .query({ access_token: token }) + .send({ username: USERNAME_1, invite: true }) + .end(function (error, result) { + expect(error).to.be.ok(); + expect(result.statusCode).to.equal(400); + done(); + }); + }); + it('create second user succeeds', function (done) { mailer._clearMailQueue(); @@ -656,4 +670,47 @@ describe('User API', function () { }); }); }); + + it('cannot create user with bad password', function (done) { + mailer._clearMailQueue(); + + superagent.post(SERVER_URL + '/api/v1/users') + .query({ access_token: token }) + .send({ username: USERNAME_4, email: EMAIL_4, invite: false, password: 'tooweak' }) + .end(function (error, result) { + expect(error).to.be.ok(); + expect(result.statusCode).to.equal(400); + done(); + }); + }); + + it('can create user with a password', function (done) { + superagent.post(SERVER_URL + '/api/v1/users') + .query({ access_token: token }) + .send({ username: USERNAME_4, email: EMAIL_4, invite: false, password: 'Secret1#' }) + .end(function (error, result) { + expect(error).to.not.be.ok(); + expect(result.statusCode).to.equal(201); + + user_4 = result.body; + + token = tokendb.generateToken(); + var expires = Date.now() + 2000; // 1 sec + + tokendb.add(token, user_4.id, null, expires, '*', done); + }); + }); + + it('can get profile of user with pre-set password', function (done) { + superagent.get(SERVER_URL + '/api/v1/profile') + .query({ access_token: token }) + .end(function (err, res) { + expect(res.statusCode).to.equal(200); + + expect(res.body.email).to.be(EMAIL_4); + + done(); + }); + }); }); + diff --git a/src/routes/user.js b/src/routes/user.js index a8e98b37a..581d0b7fa 100644 --- a/src/routes/user.js +++ b/src/routes/user.js @@ -34,8 +34,9 @@ function create(req, res, next) { if (typeof req.body.invite !== 'boolean') return next(new HttpError(400, 'invite must be boolean')); if ('username' in req.body && typeof req.body.username !== 'string') return next(new HttpError(400, 'username must be string')); if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string')); + if ('password' in req.body && typeof req.body.password !== 'string') return next(new HttpError(400, 'password must be string')); - var password = generatePassword(); + var password = req.body.password || generatePassword(); var email = req.body.email; var sendInvite = req.body.invite; var username = 'username' in req.body ? req.body.username : null;