diff --git a/server/controllers/api/users.js b/server/controllers/api/users.js index f854b3082..6b6c0774f 100644 --- a/server/controllers/api/users.js +++ b/server/controllers/api/users.js @@ -71,6 +71,7 @@ function createUser (req, res, next) { username: req.body.username, password: req.body.password, email: req.body.email, + displayNSFW: false, role: constants.USER_ROLES.USER }) @@ -136,7 +137,9 @@ function updateUser (req, res, next) { db.User.loadByUsername(res.locals.oauth.token.user.username, function (err, user) { if (err) return next(err) - user.password = req.body.password + if (req.body.password) user.password = req.body.password + if (req.body.displayNSFW !== undefined) user.displayNSFW = req.body.displayNSFW + user.save().asCallback(function (err) { if (err) return next(err) diff --git a/server/helpers/custom-validators/users.js b/server/helpers/custom-validators/users.js index 88fa1592e..2fc026e98 100644 --- a/server/helpers/custom-validators/users.js +++ b/server/helpers/custom-validators/users.js @@ -9,7 +9,8 @@ const USERS_CONSTRAINTS_FIELDS = constants.CONSTRAINTS_FIELDS.USERS const usersValidators = { isUserPasswordValid, isUserRoleValid, - isUserUsernameValid + isUserUsernameValid, + isUserDisplayNSFWValid } function isUserPasswordValid (value) { @@ -26,6 +27,10 @@ function isUserUsernameValid (value) { return validator.matches(value, new RegExp(`^[a-zA-Z0-9._]{${min},${max}}$`)) } +function isUserDisplayNSFWValid (value) { + return validator.isBoolean(value) +} + // --------------------------------------------------------------------------- module.exports = usersValidators diff --git a/server/initializers/constants.js b/server/initializers/constants.js index f3799ba0f..6352d7c46 100644 --- a/server/initializers/constants.js +++ b/server/initializers/constants.js @@ -5,7 +5,7 @@ const path = require('path') // --------------------------------------------------------------------------- -const LAST_MIGRATION_VERSION = 40 +const LAST_MIGRATION_VERSION = 45 // --------------------------------------------------------------------------- diff --git a/server/initializers/migrations/0045-user-display-nsfw.js b/server/initializers/migrations/0045-user-display-nsfw.js new file mode 100644 index 000000000..03624e593 --- /dev/null +++ b/server/initializers/migrations/0045-user-display-nsfw.js @@ -0,0 +1,19 @@ +'use strict' + +// utils = { transaction, queryInterface, sequelize, Sequelize } +exports.up = function (utils, finalCallback) { + const q = utils.queryInterface + const Sequelize = utils.Sequelize + + const data = { + type: Sequelize.BOOLEAN, + allowNull: false, + defaultValue: false + } + + q.addColumn('Users', 'displayNSFW', data, { transaction: utils.transaction }).asCallback(finalCallback) +} + +exports.down = function (options, callback) { + throw new Error('Not implemented.') +} diff --git a/server/middlewares/validators/users.js b/server/middlewares/validators/users.js index ce83fc074..1e7a64793 100644 --- a/server/middlewares/validators/users.js +++ b/server/middlewares/validators/users.js @@ -56,7 +56,8 @@ function usersRemove (req, res, next) { function usersUpdate (req, res, next) { req.checkParams('id', 'Should have a valid id').notEmpty().isInt() // Add old password verification - req.checkBody('password', 'Should have a valid password').isUserPasswordValid() + req.checkBody('password', 'Should have a valid password').optional().isUserPasswordValid() + req.checkBody('displayNSFW', 'Should have a valid display Not Safe For Work attribute').optional().isUserDisplayNSFWValid() logger.debug('Checking usersUpdate parameters', { parameters: req.body }) diff --git a/server/models/user.js b/server/models/user.js index 24e710fa7..e64bab8ab 100644 --- a/server/models/user.js +++ b/server/models/user.js @@ -39,6 +39,17 @@ module.exports = function (sequelize, DataTypes) { isEmail: true } }, + displayNSFW: { + type: DataTypes.BOOLEAN, + allowNull: false, + defaultValue: false, + validate: { + nsfwValid: function (value) { + const res = customUsersValidators.isUserDisplayNSFWValid(value) + if (res === false) throw new Error('Display NSFW is not valid.') + } + } + }, role: { type: DataTypes.ENUM(values(constants.USER_ROLES)), allowNull: false @@ -101,6 +112,7 @@ function toFormatedJSON () { id: this.id, username: this.username, email: this.email, + displayNSFW: this.displayNSFW, role: this.role, createdAt: this.createdAt } diff --git a/server/tests/api/check-params/users.js b/server/tests/api/check-params/users.js index b04f9f4a6..4a176e6c2 100644 --- a/server/tests/api/check-params/users.js +++ b/server/tests/api/check-params/users.js @@ -270,6 +270,14 @@ describe('Test users API validators', function () { requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done) }) + it('Should fail with an invalid display NSFW attribute', function (done) { + const data = { + displayNSFW: -1 + } + + requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done) + }) + it('Should fail with an non authenticated user', function (done) { const data = { password: 'my super password' @@ -280,7 +288,8 @@ describe('Test users API validators', function () { it('Should succeed with the correct params', function (done) { const data = { - password: 'my super password' + password: 'my super password', + displayNSFW: true } requestsUtils.makePutBodyRequest(server.url, path + userId, userAccessToken, data, done, 204) diff --git a/server/tests/api/users.js b/server/tests/api/users.js index 2b6956baa..a5e8a7edf 100644 --- a/server/tests/api/users.js +++ b/server/tests/api/users.js @@ -209,6 +209,7 @@ describe('Test users', function () { expect(user.username).to.equal('user_1') expect(user.email).to.equal('user_1@example.com') + expect(user.displayNSFW).to.be.falsy expect(user.id).to.exist done() @@ -237,10 +238,13 @@ describe('Test users', function () { const user = users[0] expect(user.username).to.equal('user_1') expect(user.email).to.equal('user_1@example.com') + expect(user.displayNSFW).to.be.falsy const rootUser = users[1] expect(rootUser.username).to.equal('root') expect(rootUser.email).to.equal('admin1@example.com') + expect(rootUser.displayNSFW).to.be.falsy + userId = user.id done() @@ -261,6 +265,7 @@ describe('Test users', function () { const user = users[0] expect(user.username).to.equal('root') expect(user.email).to.equal('admin1@example.com') + expect(user.displayNSFW).to.be.falsy done() }) @@ -280,6 +285,7 @@ describe('Test users', function () { const user = users[0] expect(user.username).to.equal('user_1') expect(user.email).to.equal('user_1@example.com') + expect(user.displayNSFW).to.be.falsy done() }) @@ -299,6 +305,7 @@ describe('Test users', function () { const user = users[0] expect(user.username).to.equal('user_1') expect(user.email).to.equal('user_1@example.com') + expect(user.displayNSFW).to.be.falsy done() }) @@ -317,15 +324,18 @@ describe('Test users', function () { expect(users[0].username).to.equal('root') expect(users[0].email).to.equal('admin1@example.com') + expect(users[0].displayNSFW).to.be.falsy + expect(users[1].username).to.equal('user_1') expect(users[1].email).to.equal('user_1@example.com') + expect(users[1].displayNSFW).to.be.falsy done() }) }) it('Should update the user password', function (done) { - usersUtils.updateUser(server.url, userId, accessTokenUser, 'new password', function (err, res) { + usersUtils.updateUser(server.url, userId, accessTokenUser, 'new password', null, function (err, res) { if (err) throw err server.user.password = 'new password' @@ -333,6 +343,25 @@ describe('Test users', function () { }) }) + it('Should be able to change the NSFW display attribute', function (done) { + usersUtils.updateUser(server.url, userId, accessTokenUser, null, true, function (err, res) { + if (err) throw err + + usersUtils.getUserInformation(server.url, accessTokenUser, function (err, res) { + if (err) throw err + + const user = res.body + + expect(user.username).to.equal('user_1') + expect(user.email).to.equal('user_1@example.com') + expect(user.displayNSFW).to.be.truthy + expect(user.id).to.exist + + done() + }) + }) + }) + it('Should be able to remove this user', function (done) { usersUtils.removeUser(server.url, userId, accessToken, done) }) diff --git a/server/tests/utils/users.js b/server/tests/utils/users.js index 7817160b9..8138074d0 100644 --- a/server/tests/utils/users.js +++ b/server/tests/utils/users.js @@ -101,14 +101,18 @@ function removeUser (url, userId, accessToken, expectedStatus, end) { .end(end) } -function updateUser (url, userId, accessToken, newPassword, end) { +function updateUser (url, userId, accessToken, newPassword, displayNSFW, end) { const path = '/api/v1/users/' + userId + const toSend = {} + if (newPassword !== undefined && newPassword !== null) toSend.password = newPassword + if (displayNSFW !== undefined && displayNSFW !== null) toSend.displayNSFW = displayNSFW + request(url) .put(path) .set('Accept', 'application/json') .set('Authorization', 'Bearer ' + accessToken) - .send({ password: newPassword }) + .send(toSend) .expect(204) .end(end) }