<span class="email">{{ user.pendingEmail }}</span> is awaiting email verification
</div>
-<form role="form" class="change-email" (ngSubmit)="changeEmail()" [formGroup]="form">
+<form role="form" class="change-email" (ngSubmit)="changeEmail()" [formGroup]="form" *ngIf="user.pluginAuth === null">
<div class="form-group">
<label i18n for="new-email">New email</label>
</div>
<div class="form-group">
+ <label i18n for="new-email">Your current password</label>
<input
type="password" id="password" i18n-placeholder placeholder="Your password" autocomplete="off"
formControlName="password" [ngClass]="{ 'input-error': formErrors['password'] }" class="form-control"
</div>
</div>
-<div class="form-row mt-5"> <!-- password grid -->
+<div class="form-row mt-5" *ngIf="user.pluginAuth === null"> <!-- password grid -->
<div class="form-group col-12 col-lg-4 col-xl-3">
<div i18n class="account-title">PASSWORD</div>
</div>
import { createUserAccountAndChannelAndPlaylist } from './user'
import { UserRole } from '@shared/models/users/user-role'
import { PluginManager } from '@server/lib/plugins/plugin-manager'
+import { ActorModel } from '@server/models/activitypub/actor'
type TokenInfo = { accessToken: string, refreshToken: string, accessTokenExpiresAt: Date, refreshTokenExpiresAt: Date }
let user = await UserModel.loadByEmail(obj.user.email)
if (!user) user = await createUserFromExternal(obj.pluginName, obj.user)
+ // Cannot create a user
+ if (!user) throw new AccessDeniedError('Cannot create such user: an actor with that name already exists.')
+
// If the user does not belongs to a plugin, it was created before its installation
// Then we just go through a regular login process
if (user.pluginAuth !== null) {
role: UserRole
displayName: string
}) {
+ // Check an actor does not already exists with that name (removed user)
+ const actor = await ActorModel.loadLocalByName(options.username)
+ if (actor) return null
+
const userToCreate = new UserModel({
username: options.username,
password: null,
async (req: express.Request, res: express.Response, next: express.NextFunction) => {
logger.debug('Checking usersUpdateMe parameters', { parameters: omit(req.body, 'password') })
+ const user = res.locals.oauth.token.User
+
if (req.body.password || req.body.email) {
+ if (user.pluginAuth !== null) {
+ return res.status(400)
+ .json({ error: 'You cannot update your email or password that is associated with an external auth system.' })
+ }
+
if (!req.body.currentPassword) {
return res.status(400)
.json({ error: 'currentPassword parameter is missing.' })
- .end()
}
- const user = res.locals.oauth.token.User
if (await user.isPasswordMatch(req.body.currentPassword) !== true) {
return res.status(401)
.json({ error: 'currentPassword is invalid.' })
}
await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { targetUrl: getYoutubeVideoUrl() }))
await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { magnetUri: getMagnetURI() }))
- await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' }))
+ await importVideo(server.url, server.accessToken, immutableAssign(baseAttributes, { torrentfile: 'video-720p.torrent' as any }))
await waitJobs([ server ])
{
const attributes = immutableAssign(baseAttributes, {
- torrentfile: 'video-720p.torrent',
+ torrentfile: 'video-720p.torrent' as any,
description: 'this is a super torrent description',
tags: [ 'tag_torrent1', 'tag_torrent2' ]
})
expect(body.role).to.equal(UserRole.USER)
})
+ it('Should not update an external auth email', async function () {
+ await updateMyUser({
+ url: server.url,
+ accessToken: cyanAccessToken,
+ email: 'toto@example.com',
+ currentPassword: 'toto',
+ statusCodeExpected: 400
+ })
+ })
+
it('Should reject token of Kefka by the plugin hook', async function () {
this.timeout(10000)
.expect(expectedStatus)
}
-function updateMyUser (options: { url: string, accessToken: string } & UserUpdateMe) {
+function updateMyUser (options: { url: string, accessToken: string, statusCodeExpected?: number } & UserUpdateMe) {
const path = '/api/v1/users/me'
const toSend: UserUpdateMe = omit(options, 'url', 'accessToken')
path,
token: options.accessToken,
fields: toSend,
- statusCodeExpected: 204
+ statusCodeExpected: options.statusCodeExpected || 204
})
}