From: Chocobozzz Date: Fri, 7 Oct 2016 13:32:09 +0000 (+0200) Subject: Server: forbid to remove the root user X-Git-Tag: v0.0.1-alpha~688 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=af1068ce1d1ca7ecaea5789ece1566987ce712ef;p=oweals%2Fpeertube.git Server: forbid to remove the root user --- diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js index d541e9124..02e4f34cb 100644 --- a/server/middlewares/validators/users.js +++ b/server/middlewares/validators/users.js @@ -47,6 +47,8 @@ function usersRemove (req, res, next) { if (!user) return res.status(404).send('User not found') + if (user.username === 'root') return res.status(400).send('Cannot remove the root user') + next() }) }) diff --git a/server/tests/api/check-params.js b/server/tests/api/check-params.js index 57b5ca024..07f41daab 100644 --- a/server/tests/api/check-params.js +++ b/server/tests/api/check-params.js @@ -497,6 +497,7 @@ describe('Test parameters validator', function () { describe('Of the users API', function () { const path = '/api/v1/users/' let userId = null + let rootId = null describe('When listing users', function () { it('Should fail with a bad start pagination', function (done) { @@ -626,6 +627,7 @@ describe('Test parameters validator', function () { if (err) throw err userId = res.body.data[1].id + rootId = res.body.data[2].id done() }) }) @@ -691,6 +693,13 @@ describe('Test parameters validator', function () { .expect(400, done) }) + it('Should fail with the root user', function (done) { + request(server.url) + .delete(path + rootId) + .set('Authorization', 'Bearer ' + server.accessToken) + .expect(400, done) + }) + it('Should return 404 with a non existing id', function (done) { request(server.url) .delete(path + '579f982228c99c221d8092b8')