diff --git a/src/routes/test/clients-test.js b/src/routes/test/clients-test.js index bc817afcc..99871edb6 100644 --- a/src/routes/test/clients-test.js +++ b/src/routes/test/clients-test.js @@ -369,7 +369,7 @@ describe('Clients', function () { setup, function (callback) { - superagent.get(SERVER_URL + '/api/v1/profile') + superagent.get(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token }) .end(function (error, result) { expect(result).to.be.ok(); @@ -533,7 +533,7 @@ describe('Clients', function () { expect(result.statusCode).to.equal(204); // further calls with this token should not work - superagent.get(SERVER_URL + '/api/v1/profile') + superagent.get(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token }) .end(function (error, result) { expect(result.statusCode).to.equal(401); diff --git a/src/routes/test/developer-test.js b/src/routes/test/developer-test.js index 5cccdbc89..3a82ca005 100644 --- a/src/routes/test/developer-test.js +++ b/src/routes/test/developer-test.js @@ -205,14 +205,14 @@ describe('Developer API', function () { after(cleanup); it('fails with non sdk token', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile/password').query({ access_token: token_normal }).send({ newPassword: 'Some?$123' }).end(function (error, result) { + superagent.post(SERVER_URL + '/api/v1/user/profile/password').query({ access_token: token_normal }).send({ newPassword: 'Some?$123' }).end(function (error, result) { expect(result.statusCode).to.equal(400); done(); }); }); it('succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile/password').query({ access_token: token_sdk }).send({ newPassword: 'Some?$123' }).end(function (error, result) { + superagent.post(SERVER_URL + '/api/v1/user/profile/password').query({ access_token: token_sdk }).send({ newPassword: 'Some?$123' }).end(function (error, result) { expect(result.statusCode).to.equal(204); done(); }); diff --git a/src/routes/test/groups-test.js b/src/routes/test/groups-test.js index 84998bc29..5d654e76a 100644 --- a/src/routes/test/groups-test.js +++ b/src/routes/test/groups-test.js @@ -45,7 +45,7 @@ function setup(done) { // stash token for further use token = result.body.token; - superagent.get(SERVER_URL + '/api/v1/profile') + superagent.get(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token }) .end(function (error, result) { expect(result).to.be.ok(); diff --git a/src/routes/test/oauth2-test.js b/src/routes/test/oauth2-test.js index 37e8bb4e0..a82a3f7d2 100644 --- a/src/routes/test/oauth2-test.js +++ b/src/routes/test/oauth2-test.js @@ -845,7 +845,7 @@ describe('OAuth2', function () { expect(foo.token_type).to.eql('Bearer'); // Ensure the token is also usable - superagent.get(SERVER_URL + '/api/v1/profile?access_token=' + foo.access_token, function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile?access_token=' + foo.access_token, function (error, result) { expect(error).to.not.be.ok(); expect(result.status).to.eql(200); expect(result.body.username).to.equal(USER_0.username.toLowerCase()); @@ -1232,7 +1232,7 @@ describe('OAuth2', function () { expect(body.token_type).to.eql('Bearer'); // Ensure the token is also usable - superagent.get(SERVER_URL + '/api/v1/profile?access_token=' + body.access_token, function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile?access_token=' + body.access_token, function (error, result) { expect(error).to.not.be.ok(); expect(result.status).to.eql(200); expect(result.body.username).to.equal(USER_0.username.toLowerCase()); diff --git a/src/routes/test/profile-test.js b/src/routes/test/profile-test.js index 6f793859a..b82354540 100644 --- a/src/routes/test/profile-test.js +++ b/src/routes/test/profile-test.js @@ -72,7 +72,7 @@ describe('Profile API', function () { after(cleanup); it('fails without token', function (done) { - superagent.get(SERVER_URL + '/api/v1/profile/').end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile/').end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -80,7 +80,7 @@ describe('Profile API', function () { }); it('fails with empty token', function (done) { - superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: '' }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: '' }).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -88,7 +88,7 @@ describe('Profile API', function () { }); it('fails with invalid token', function (done) { - superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: 'some token' }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: 'some token' }).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -96,7 +96,7 @@ describe('Profile API', function () { }); it('succeeds', function (done) { - superagent.get(SERVER_URL + '/api/v1/profile/').query({ access_token: token_0 }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile/').query({ access_token: token_0 }).end(function (error, result) { expect(result.statusCode).to.equal(200); expect(result.body.username).to.equal(USERNAME_0.toLowerCase()); expect(result.body.email).to.equal(EMAIL_0.toLowerCase()); @@ -119,7 +119,7 @@ describe('Profile API', function () { tokendb.add(token, user_0.id, null, expires, '*', function (error) { expect(error).to.not.be.ok(); - superagent.get(SERVER_URL + '/api/v1/profile').query({ access_token: token }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile').query({ access_token: token }).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); @@ -128,14 +128,14 @@ describe('Profile API', function () { }); it('fails with invalid token in auth header', function (done) { - superagent.get(SERVER_URL + '/api/v1/profile').set('Authorization', 'Bearer ' + 'x' + token_0).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile').set('Authorization', 'Bearer ' + 'x' + token_0).end(function (error, result) { expect(result.statusCode).to.equal(401); done(); }); }); it('succeeds with token in auth header', function (done) { - superagent.get(SERVER_URL + '/api/v1/profile').set('Authorization', 'Bearer ' + token_0).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile').set('Authorization', 'Bearer ' + token_0).end(function (error, result) { expect(result.statusCode).to.equal(200); expect(result.body.username).to.equal(USERNAME_0.toLowerCase()); expect(result.body.email).to.equal(EMAIL_0.toLowerCase()); @@ -153,7 +153,7 @@ describe('Profile API', function () { after(cleanup); it('change email fails due to missing token', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/user/profile') .send({ email: EMAIL_0_NEW }) .end(function (error, result) { expect(result.statusCode).to.equal(401); @@ -162,7 +162,7 @@ describe('Profile API', function () { }); it('change email fails due to invalid email', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token_0 }) .send({ email: 'foo@bar' }) .end(function (error, result) { @@ -172,7 +172,7 @@ describe('Profile API', function () { }); it('change user succeeds without email nor displayName', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token_0 }) .send({}) .end(function (error, result) { @@ -182,13 +182,13 @@ describe('Profile API', function () { }); it('change email succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token_0 }) .send({ email: EMAIL_0_NEW, fallbackEmail: EMAIL_0_NEW_FALLBACK }) .end(function (error, result) { expect(result.statusCode).to.equal(204); - superagent.get(SERVER_URL + '/api/v1/profile') + superagent.get(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token_0 }) .end(function (err, res) { expect(res.statusCode).to.equal(200); @@ -204,13 +204,13 @@ describe('Profile API', function () { }); it('change displayName succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile') + superagent.post(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token_0 }) .send({ displayName: DISPLAY_NAME_0_NEW }) .end(function (error, result) { expect(result.statusCode).to.equal(204); - superagent.get(SERVER_URL + '/api/v1/profile') + superagent.get(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token_0 }) .end(function (err, res) { expect(res.statusCode).to.equal(200); @@ -230,7 +230,7 @@ describe('Profile API', function () { after(cleanup); it('fails due to missing current password', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/user/profile/password') .query({ access_token: token_0 }) .send({ newPassword: 'some wrong password' }) .end(function (err, res) { @@ -240,7 +240,7 @@ describe('Profile API', function () { }); it('fails due to missing new password', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/user/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD }) .end(function (err, res) { @@ -250,7 +250,7 @@ describe('Profile API', function () { }); it('fails due to wrong password', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/user/profile/password') .query({ access_token: token_0 }) .send({ password: 'some wrong password', newPassword: 'MOre#$%34' }) .end(function (err, res) { @@ -260,7 +260,7 @@ describe('Profile API', function () { }); it('fails due to invalid password', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/user/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD, newPassword: 'five' }) .end(function (err, res) { @@ -270,7 +270,7 @@ describe('Profile API', function () { }); it('succeeds', function (done) { - superagent.post(SERVER_URL + '/api/v1/profile/password') + superagent.post(SERVER_URL + '/api/v1/user/profile/password') .query({ access_token: token_0 }) .send({ password: PASSWORD, newPassword: 'MOre#$%34' }) .end(function (err, res) { diff --git a/src/routes/test/user-test.js b/src/routes/test/user-test.js index b0477ee05..fe186a18c 100644 --- a/src/routes/test/user-test.js +++ b/src/routes/test/user-test.js @@ -126,7 +126,7 @@ describe('User API', function () { // stash for later use token = res.body.token; - superagent.get(SERVER_URL + '/api/v1/profile').query({ access_token: token }).end(function (error, result) { + superagent.get(SERVER_URL + '/api/v1/user/profile').query({ access_token: token }).end(function (error, result) { expect(error).to.eql(null); expect(result.status).to.equal(200); @@ -702,7 +702,7 @@ describe('User API', function () { }); it('can get profile of user with pre-set password', function (done) { - superagent.get(SERVER_URL + '/api/v1/profile') + superagent.get(SERVER_URL + '/api/v1/user/profile') .query({ access_token: token }) .end(function (err, res) { expect(res.statusCode).to.equal(200); diff --git a/src/server.js b/src/server.js index cc400496a..c59158d12 100644 --- a/src/server.js +++ b/src/server.js @@ -126,13 +126,13 @@ function initializeExpressSync() { router.del ('/api/v1/cloudron/ssh/authorized_keys/:identifier', cloudronScope, routes.user.requireAdmin, routes.ssh.delAuthorizedKey); router.get ('/api/v1/cloudron/eventlog', cloudronScope, routes.user.requireAdmin, routes.eventlog.get); - // profile api, working off the user behind the provided token - router.get ('/api/v1/profile', profileScope, routes.profile.get); - router.post('/api/v1/profile', profileScope, routes.profile.update); - router.post('/api/v1/profile/password', profileScope, routes.user.verifyPassword, routes.profile.changePassword); - router.post('/api/v1/profile/twofactorauthentication', profileScope, routes.profile.setTwoFactorAuthenticationSecret); - router.post('/api/v1/profile/twofactorauthentication/enable', profileScope, routes.profile.enableTwoFactorAuthentication); - router.post('/api/v1/profile/twofactorauthentication/disable', profileScope, routes.user.verifyPassword, routes.profile.disableTwoFactorAuthentication); + // working off the user behind the provided token + router.get ('/api/v1/user/profile', profileScope, routes.profile.get); + router.post('/api/v1/user/profile', profileScope, routes.profile.update); + router.post('/api/v1/user/profile/password', profileScope, routes.user.verifyPassword, routes.profile.changePassword); + router.post('/api/v1/user/profile/twofactorauthentication', profileScope, routes.profile.setTwoFactorAuthenticationSecret); + router.post('/api/v1/user/profile/twofactorauthentication/enable', profileScope, routes.profile.enableTwoFactorAuthentication); + router.post('/api/v1/user/profile/twofactorauthentication/disable', profileScope, routes.user.verifyPassword, routes.profile.disableTwoFactorAuthentication); // user routes router.get ('/api/v1/users', usersScope, routes.user.requireAdmin, routes.user.list);