Skip to content

Commit

Permalink
fix: broken tests from api change
Browse files Browse the repository at this point in the history
  • Loading branch information
julianlam committed Oct 15, 2020
1 parent 2d252f2 commit 222b4c9
Show file tree
Hide file tree
Showing 2 changed files with 19 additions and 3 deletions.
15 changes: 13 additions & 2 deletions src/api/users.js
Original file line number Diff line number Diff line change
Expand Up @@ -23,19 +23,28 @@ usersAPI.create = async function (caller, data) {
};

usersAPI.update = async function (caller, data) {
if (!caller.uid) {
throw new Error('[[error:invalid-uid]]');
}

if (!data || !data.uid) {
throw new Error('[[error:invalid-data]]');
}

const oldUserData = await user.getUserFields(data.uid, ['email', 'username']);
if (!oldUserData || !oldUserData.username) {
throw new Error('[[error:invalid-data]]');
}

const [isAdminOrGlobalMod, canEdit, passwordMatch] = await Promise.all([
const [isAdminOrGlobalMod, canEdit, hasPassword, passwordMatch] = await Promise.all([
user.isAdminOrGlobalMod(caller.uid),
privileges.users.canEdit(caller.uid, data.uid),
user.hasPassword(data.uid),
data.password ? user.isPasswordCorrect(data.uid, data.password, caller.ip) : false,
]);

// Changing own email/username requires password confirmation
if (['email', 'username'].some(prop => Object.keys(data).includes(prop)) && !isAdminOrGlobalMod && caller.uid === data.uid && !passwordMatch) {
if (['email', 'username'].some(prop => Object.keys(data).includes(prop)) && !isAdminOrGlobalMod && caller.uid === data.uid && hasPassword && !passwordMatch) {
throw new Error('[[error:invalid-password]]');
}

Expand Down Expand Up @@ -69,6 +78,8 @@ usersAPI.update = async function (caller, data) {
if (userData.username !== oldUserData.username) {
await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username });
}

return userData;
};

usersAPI.delete = async function (caller, data) {
Expand Down
7 changes: 6 additions & 1 deletion test/user.js
Original file line number Diff line number Diff line change
Expand Up @@ -805,6 +805,7 @@ describe('User', function () {
groupTitle: 'testGroup',
birthday: '01/01/1980',
signature: 'nodebb is good',
password: '123456',
};
socketUser.updateProfile({ uid: uid }, data, function (err, result) {
assert.ifError(err);
Expand All @@ -816,7 +817,11 @@ describe('User', function () {
db.getObject('user:' + uid, function (err, userData) {
assert.ifError(err);
Object.keys(data).forEach(function (key) {
assert.equal(data[key], userData[key]);
if (key !== 'password') {
assert.equal(data[key], userData[key]);
} else {
assert(userData[key].startsWith('$2a$'));
}
});
done();
});
Expand Down

0 comments on commit 222b4c9

Please sign in to comment.