From af1068ce1d1ca7ecaea5789ece1566987ce712ef Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Fri, 7 Oct 2016 15:32:09 +0200 Subject: [PATCH] Server: forbid to remove the root user --- server/middlewares/validators/users.js | 2 ++ server/tests/api/check-params.js | 9 +++++++++ 2 files changed, 11 insertions(+) diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js index d541e9124..02e4f34cb 100644 --- a/server/middlewares/validators/users.js +++ b/server/middlewares/validators/users.js @@ -47,6 +47,8 @@ function usersRemove (req, res, next) { if (!user) return res.status(404).send('User not found') + if (user.username === 'root') return res.status(400).send('Cannot remove the root user') + next() }) }) diff --git a/server/tests/api/check-params.js b/server/tests/api/check-params.js index 57b5ca024..07f41daab 100644 --- a/server/tests/api/check-params.js +++ b/server/tests/api/check-params.js @@ -497,6 +497,7 @@ describe('Test parameters validator', function () { describe('Of the users API', function () { const path = '/api/v1/users/' let userId = null + let rootId = null describe('When listing users', function () { it('Should fail with a bad start pagination', function (done) { @@ -626,6 +627,7 @@ describe('Test parameters validator', function () { if (err) throw err userId = res.body.data[1].id + rootId = res.body.data[2].id done() }) }) @@ -691,6 +693,13 @@ describe('Test parameters validator', function () { .expect(400, done) }) + it('Should fail with the root user', function (done) { + request(server.url) + .delete(path + rootId) + .set('Authorization', 'Bearer ' + server.accessToken) + .expect(400, done) + }) + it('Should return 404 with a non existing id', function (done) { request(server.url) .delete(path + '579f982228c99c221d8092b8') -- 2.25.1