diff --git a/src/routes/test/clients-test.js b/src/routes/test/clients-test.js index 5e2c9acf7..81053ddce 100644 --- a/src/routes/test/clients-test.js +++ b/src/routes/test/clients-test.js @@ -372,7 +372,7 @@ describe('Clients', function () { setup, function (callback) { - superagent.get(SERVER_URL + '/api/v1/user/profile') + superagent.get(SERVER_URL + '/api/v1/profile') .query({ access_token: token }) .end(function (error, result) { expect(result).to.be.ok(); @@ -536,7 +536,7 @@ describe('Clients', function () { expect(result.statusCode).to.equal(204); // further calls with this token should not work - superagent.get(SERVER_URL + '/api/v1/user/profile') + superagent.get(SERVER_URL + '/api/v1/profile') .query({ access_token: token }) .end(function (error, result) { expect(result.statusCode).to.equal(401); diff --git a/src/routes/test/developer-test.js b/src/routes/test/developer-test.js index 1061fb8b8..744bf8b30 100644 --- a/src/routes/test/developer-test.js +++ b/src/routes/test/developer-test.js @@ -192,7 +192,7 @@ describe('Developer API', function () { }); }, function (callback) { - superagent.post(`${SERVER_URL}/api/v1/user/profile/twofactorauthentication`).query({ access_token: accessToken }).end(function (error, result) { + superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication`).query({ access_token: accessToken }).end(function (error, result) { secret = result.body.secret; callback(error); }); @@ -203,7 +203,7 @@ describe('Developer API', function () { encoding: 'base32' }); - superagent.post(`${SERVER_URL}/api/v1/user/profile/twofactorauthentication/enable`).query({ access_token: accessToken }).send({ totpToken: totpToken }).end(function (error, result) { + superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication/enable`).query({ access_token: accessToken }).send({ totpToken: totpToken }).end(function (error, result) { callback(error); }); } @@ -213,7 +213,7 @@ describe('Developer API', function () { after(function (done) { async.series([ function (callback) { - superagent.post(`${SERVER_URL}/api/v1/user/profile/twofactorauthentication/disable`).query({ access_token: accessToken }).send({ password: PASSWORD }).end(function (error, result) { + superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication/disable`).query({ access_token: accessToken }).send({ password: PASSWORD }).end(function (error, result) { callback(error); }); }, @@ -285,14 +285,14 @@ describe('Developer API', function () { after(cleanup); it('fails with non sdk token', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile/password').query({ access_token: token_normal }).send({ newPassword: 'Some?$123' }).end(function (error, result) { + superagent.post(SERVER_URL + '/api/v1/profile/password').query({ access_token: token_normal }).send({ newPassword: 'Some?$123' }).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); }); }); it('succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile/password').query({ access_token: token_sdk }).send({ newPassword: 'Some?$123' }).end(function (error, result) { + superagent.post(SERVER_URL + '/api/v1/profile/password').query({ access_token: token_sdk }).send({ newPassword: 'Some?$123' }).end(function (error, result) { expect(result.statusCode).to.equal(204); done(); }); diff --git a/src/routes/test/groups-test.js b/src/routes/test/groups-test.js index 9c7e6ce3a..515cf428a 100644 --- a/src/routes/test/groups-test.js +++ b/src/routes/test/groups-test.js @@ -46,7 +46,7 @@ function setup(done) { // stash token for further use token = result.body.token; - superagent.get(SERVER_URL + '/api/v1/user/profile') + superagent.get(SERVER_URL + '/api/v1/profile') .query({ access_token: token }) .end(function (error, result) { expect(result).to.be.ok(); diff --git a/src/routes/test/oauth2-test.js b/src/routes/test/oauth2-test.js index 430c38522..201a6aabd 100644 --- a/src/routes/test/oauth2-test.js +++ b/src/routes/test/oauth2-test.js @@ -601,7 +601,7 @@ describe('OAuth2', function () { }); }, function (callback) { - superagent.post(`${SERVER_URL}/api/v1/user/profile/twofactorauthentication`).query({ access_token: accessToken }).end(function (error, result) { + superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication`).query({ access_token: accessToken }).end(function (error, result) { secret = result.body.secret; callback(error); }); @@ -612,7 +612,7 @@ describe('OAuth2', function () { encoding: 'base32' }); - superagent.post(`${SERVER_URL}/api/v1/user/profile/twofactorauthentication/enable`).query({ access_token: accessToken }).send({ totpToken: totpToken }).end(function (error, result) { + superagent.post(`${SERVER_URL}/api/v1/profile/twofactorauthentication/enable`).query({ access_token: accessToken }).send({ totpToken: totpToken }).end(function (error, result) { callback(error); }); } @@ -865,7 +865,7 @@ describe('OAuth2', function () { expect(foo.token_type).to.eql('Bearer'); // Ensure the token is also usable - superagent.get(SERVER_URL + '/api/v1/user/profile?access_token=' + foo.access_token, function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile?access_token=' + foo.access_token, function (error, result) { expect(error).to.not.be.ok(); expect(result.status).to.eql(200); expect(result.body.username).to.equal(USER_0.username.toLowerCase()); @@ -1252,7 +1252,7 @@ describe('OAuth2', function () { expect(body.token_type).to.eql('Bearer'); // Ensure the token is also usable - superagent.get(SERVER_URL + '/api/v1/user/profile?access_token=' + body.access_token, function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile?access_token=' + body.access_token, function (error, result) { expect(error).to.not.be.ok(); expect(result.status).to.eql(200); expect(result.body.username).to.equal(USER_0.username.toLowerCase()); diff --git a/src/routes/test/profile-test.js b/src/routes/test/profile-test.js index b3fbc18eb..480e66794 100644 --- a/src/routes/test/profile-test.js +++ b/src/routes/test/profile-test.js @@ -73,7 +73,7 @@ describe('Profile API', function () { after(cleanup); it('fails without token', function (done) { - superagent.get(SERVER_URL + '/api/v1/user/profile/').end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile/').end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -81,7 +81,7 @@ describe('Profile API', function () { }); it('fails with empty token', function (done) { - superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: '' }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: '' }).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -89,7 +89,7 @@ describe('Profile API', function () { }); it('fails with invalid token', function (done) { - superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: 'some token' }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: 'some token' }).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -97,7 +97,7 @@ describe('Profile API', function () { }); it('succeeds', function (done) { - superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: token_0 }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: token_0 }).end(function (error, result) { expect(result.statusCode).to.equal(200); expect(result.body.username).to.equal(USERNAME_0.toLowerCase()); expect(result.body.email).to.equal(EMAIL_0.toLowerCase()); @@ -120,7 +120,7 @@ describe('Profile API', function () { tokendb.add(token, user_0.id, null, expires, accesscontrol.SCOPE_ANY, function (error) { expect(error).to.not.be.ok(); - superagent.get(SERVER_URL + '/api/v1/user/profile').query({ access_token: token }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile').query({ access_token: token }).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -129,14 +129,14 @@ describe('Profile API', function () { }); it('fails with invalid token in auth header', function (done) { - superagent.get(SERVER_URL + '/api/v1/user/profile').set('Authorization', 'Bearer ' + 'x' + token_0).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile').set('Authorization', 'Bearer ' + 'x' + token_0).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); }); }); it('succeeds with token in auth header', function (done) { - superagent.get(SERVER_URL + '/api/v1/user/profile').set('Authorization', 'Bearer ' + token_0).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile').set('Authorization', 'Bearer ' + token_0).end(function (error, result) { expect(result.statusCode).to.equal(200); expect(result.body.username).to.equal(USERNAME_0.toLowerCase()); expect(result.body.email).to.equal(EMAIL_0.toLowerCase()); @@ -154,7 +154,7 @@ describe('Profile API', function () { after(cleanup); it('change email fails due to missing token', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .send({ email: EMAIL_0_NEW }) .end(function (error, result) { expect(result.statusCode).to.equal(401); @@ -163,7 +163,7 @@ describe('Profile API', function () { }); it('change email fails due to invalid email', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({ email: 'foo@bar' }) .end(function (error, result) { @@ -173,7 +173,7 @@ describe('Profile API', function () { }); it('change user succeeds without email nor displayName', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({}) .end(function (error, result) { @@ -183,13 +183,13 @@ describe('Profile API', function () { }); it('change email succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({ email: EMAIL_0_NEW, fallbackEmail: EMAIL_0_NEW_FALLBACK }) .end(function (error, result) { expect(result.statusCode).to.equal(204); - superagent.get(SERVER_URL + '/api/v1/user/profile') + superagent.get(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .end(function (err, res) { expect(res.statusCode).to.equal(200); @@ -205,13 +205,13 @@ describe('Profile API', function () { }); it('change displayName succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile') + superagent.post(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .send({ displayName: DISPLAY_NAME_0_NEW }) .end(function (error, result) { expect(result.statusCode).to.equal(204); - superagent.get(SERVER_URL + '/api/v1/user/profile') + superagent.get(SERVER_URL + '/api/v1/profile') .query({ access_token: token_0 }) .end(function (err, res) { expect(res.statusCode).to.equal(200); @@ -231,7 +231,7 @@ describe('Profile API', function () { after(cleanup); it('fails due to missing current password', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ newPassword: 'some wrong password' }) .end(function (err, res) { @@ -241,7 +241,7 @@ describe('Profile API', function () { }); it('fails due to missing new password', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD }) .end(function (err, res) { @@ -251,7 +251,7 @@ describe('Profile API', function () { }); it('fails due to wrong password', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: 'some wrong password', newPassword: 'MOre#$%34' }) .end(function (err, res) { @@ -261,7 +261,7 @@ describe('Profile API', function () { }); it('fails due to invalid password', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD, newPassword: 'five' }) .end(function (err, res) { @@ -271,7 +271,7 @@ describe('Profile API', function () { }); it('succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/user/profile/password') + superagent.post(SERVER_URL + '/api/v1/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD, newPassword: 'MOre#$%34' }) .end(function (err, res) { diff --git a/src/routes/test/users-test.js b/src/routes/test/users-test.js index a501a53b0..d749d791c 100644 --- a/src/routes/test/users-test.js +++ b/src/routes/test/users-test.js @@ -127,7 +127,7 @@ describe('Users API', function () { // stash for later use token = res.body.token; - superagent.get(SERVER_URL + '/api/v1/user/profile').query({ access_token: token }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/profile').query({ access_token: token }).end(function (error, result) { expect(error).to.eql(null); expect(result.status).to.equal(200); @@ -703,7 +703,7 @@ describe('Users API', function () { }); it('can get profile of user with pre-set password', function (done) { - superagent.get(SERVER_URL + '/api/v1/user/profile') + superagent.get(SERVER_URL + '/api/v1/profile') .query({ access_token: token }) .end(function (err, res) { expect(res.statusCode).to.equal(200); diff --git a/src/server.js b/src/server.js index c17a752b3..606c5f278 100644 --- a/src/server.js +++ b/src/server.js @@ -131,13 +131,12 @@ function initializeExpressSync() { // working off the user behind the provided token router.get ('/api/v1/user/apps', profileScope, routes.apps.getAllByUser); router.get ('/api/v1/user/cloudron_config', profileScope, routes.user.getCloudronConfig); - router.get ('/api/v1/profile', profileScope, routes.profile.get); // duplicate route for compatibility - router.get ('/api/v1/user/profile', profileScope, routes.profile.get); - router.post('/api/v1/user/profile', profileScope, routes.profile.update); - router.post('/api/v1/user/profile/password', profileScope, routes.users.verifyPassword, routes.profile.changePassword); - router.post('/api/v1/user/profile/twofactorauthentication', profileScope, routes.profile.setTwoFactorAuthenticationSecret); - router.post('/api/v1/user/profile/twofactorauthentication/enable', profileScope, routes.profile.enableTwoFactorAuthentication); - router.post('/api/v1/user/profile/twofactorauthentication/disable', profileScope, routes.users.verifyPassword, routes.profile.disableTwoFactorAuthentication); + router.get ('/api/v1/profile', profileScope, routes.profile.get); + router.post('/api/v1/profile', profileScope, routes.profile.update); + router.post('/api/v1/profile/password', profileScope, routes.users.verifyPassword, routes.profile.changePassword); + router.post('/api/v1/profile/twofactorauthentication', profileScope, routes.profile.setTwoFactorAuthenticationSecret); + router.post('/api/v1/profile/twofactorauthentication/enable', profileScope, routes.profile.enableTwoFactorAuthentication); + router.post('/api/v1/profile/twofactorauthentication/disable', profileScope, routes.users.verifyPassword, routes.profile.disableTwoFactorAuthentication); // user routes router.get ('/api/v1/users', usersScope, routes.users.list);