jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

users: cannot update profile fields of external user

Browse Source
This commit is contained in:
Girish Ramakrishnan
2024-01-20 10:41:24 +01:00
parent bd1ab000f3
commit c99c24b3bd
7 changed files with 174 additions and 93 deletions
Download Patch File Download Diff File Expand all files Collapse all files

66
src/routes/test/users-test.js
View File

@@ -213,7 +213,7 @@ describe('Users API', function () {
describe('admin status', function () {
it('set second user as admin succeeds', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/role`)
.query({ access_token: owner.token })
.send({ role: users.ROLE_ADMIN });
@@ -229,7 +229,7 @@ describe('Users API', function () {
});
it('make self as admin fails', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${owner.id}/role`)
.query({ access_token: owner.token })
.send({ role: users.ROLE_ADMIN })
.ok(() => true);
@@ -238,7 +238,7 @@ describe('Users API', function () {
});
it('make self as normal user fails', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${owner.id}/role`)
.query({ access_token: owner.token })
.send({ role: users.ROLE_USER })
.ok(() => true);
@@ -247,7 +247,7 @@ describe('Users API', function () {
});
it('remove second user as admin succeeds', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/role`)
.query({ access_token: owner.token })
.send({ role: users.ROLE_USER });
@@ -255,7 +255,7 @@ describe('Users API', function () {
});
it('normal user cannot change role of admin', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${owner.id}/role`)
.query({ access_token: user.token })
.send({ role: users.ROLE_USER })
.ok(() => true);
@@ -307,9 +307,9 @@ describe('Users API', function () {
});
});
describe('update', function () {
describe('profile update', function () {
it('change email fails due to missing token', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/profile`)
.send({ email: 'newemail@cloudron.local' })
.ok(() => true);
@@ -317,7 +317,7 @@ describe('Users API', function () {
});
it('change email fails due to invalid email', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/profile`)
.query({ access_token: owner.token })
.send({ email: 'newemail@cloudron' })
.ok(() => true);
@@ -326,7 +326,7 @@ describe('Users API', function () {
});
it('change fallbackEmail fails due to invalid email', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/profile`)
.query({ access_token: owner.token })
.send({ fallbackEmail: 'newemail@cloudron' })
.ok(() => true);
@@ -335,7 +335,7 @@ describe('Users API', function () {
});
it('change user succeeds without email nor displayName', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/profile`)
.query({ access_token: owner.token })
.send({});
@@ -344,7 +344,7 @@ describe('Users API', function () {
it('change email succeeds', async function () {
user2.email = 'NewEmail@cloudron.local';
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/profile`)
.query({ access_token: owner.token })
.send({ email: user2.email });
@@ -360,7 +360,7 @@ describe('Users API', function () {
});
it('cannot change email to existing one', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/profile`)
.query({ access_token: owner.token })
.send({ email: owner.email })
.ok(() => true);
@@ -371,7 +371,7 @@ describe('Users API', function () {
it('can change display name', async function () {
const displayName = 'New name';
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}`)
const response = await superagent.post(`${serverUrl}/api/v1/users/${user2.id}/profile`)
.query({ access_token: owner.token })
.send({ displayName: displayName });
@@ -416,9 +416,39 @@ describe('Users API', function () {
});
});
describe('active', function () {
it('can make user inactive', async function () {
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/active`)
.query({ access_token: owner.token })
.send({ active: false });
expect(response.statusCode).to.equal(204);
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.query({ access_token: owner.token });
expect(response2.statusCode).to.equal(200);
expect(response2.body.active).to.equal(false);
});
it('can make user active', async function () {
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/active`)
.query({ access_token: owner.token })
.send({ active: true });
expect(response.statusCode).to.equal(204);
const response2 = await superagent.get(`${serverUrl}/api/v1/users/${user.id}`)
.query({ access_token: owner.token });
expect(response2.statusCode).to.equal(200);
expect(response2.body.active).to.equal(true);
});
});
describe('role - user manager', function () {
it('can make normal user a usermanager', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/role`)
.query({ access_token: owner.token })
.send({ role: users.ROLE_USER_MANAGER });
@@ -452,7 +482,7 @@ describe('Users API', function () {
});
it('cannot change admin bit of another', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${owner.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${owner.id}/role`)
.query({ access_token: user.token })
.send({ role: users.ROLE_ADMIN })
.ok(() => true);
@@ -461,7 +491,7 @@ describe('Users API', function () {
});
it('cannot change admin bit of self', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/role`)
.query({ access_token: user.token })
.send({ role: users.ROLE_ADMIN })
.ok(() => true);
@@ -506,7 +536,7 @@ describe('Users API', function () {
describe('role - mail manager', function () {
it('can make normal user a usermanager', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/role`)
.query({ access_token: owner.token })
.send({ role: users.ROLE_MAIL_MANAGER });
@@ -523,7 +553,7 @@ describe('Users API', function () {
});
it('cannot change admin bit of self', async function () {
const response = await superagent.post(`${serverUrl}/api/v1/users/${user.id}`)
const response = await superagent.put(`${serverUrl}/api/v1/users/${user.id}/role`)
.query({ access_token: user.token })
.send({ role: users.ROLE_ADMIN })
.ok(() => true);