Server: delete user with the id and not the username
This commit is contained in:
parent
45b81debd6
commit
68a3b9f2aa
|
@ -34,7 +34,7 @@ router.put('/:id',
|
|||
updateUser
|
||||
)
|
||||
|
||||
router.delete('/:username',
|
||||
router.delete('/:id',
|
||||
oAuth.authenticate,
|
||||
admin.ensureIsAdmin,
|
||||
validatorsUsers.usersRemove,
|
||||
|
@ -83,7 +83,7 @@ function listUsers (req, res, next) {
|
|||
function removeUser (req, res, next) {
|
||||
waterfall([
|
||||
function getUser (callback) {
|
||||
User.loadByUsername(req.params.username, callback)
|
||||
User.loadById(req.params.id, callback)
|
||||
},
|
||||
|
||||
function getVideos (user, callback) {
|
||||
|
|
|
@ -25,12 +25,12 @@ function usersAdd (req, res, next) {
|
|||
}
|
||||
|
||||
function usersRemove (req, res, next) {
|
||||
req.checkParams('username', 'Should have a valid username').isUserUsernameValid()
|
||||
req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
|
||||
|
||||
logger.debug('Checking usersRemove parameters', { parameters: req.params })
|
||||
|
||||
checkErrors(req, res, function () {
|
||||
User.loadByUsername(req.params.username, function (err, user) {
|
||||
User.loadById(req.params.id, function (err, user) {
|
||||
if (err) {
|
||||
logger.error('Error in usersRemove request validator.', { error: err })
|
||||
return res.sendStatus(500)
|
||||
|
@ -44,6 +44,7 @@ function usersRemove (req, res, next) {
|
|||
}
|
||||
|
||||
function usersUpdate (req, res, next) {
|
||||
req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
|
||||
// Add old password verification
|
||||
req.checkBody('password', 'Should have a valid password').isUserPasswordValid()
|
||||
|
||||
|
|
|
@ -21,6 +21,7 @@ UserSchema.methods = {
|
|||
UserSchema.statics = {
|
||||
getByUsernameAndPassword: getByUsernameAndPassword,
|
||||
list: list,
|
||||
loadById: loadById,
|
||||
loadByUsername: loadByUsername
|
||||
}
|
||||
|
||||
|
@ -36,6 +37,10 @@ function list (callback) {
|
|||
return this.find(callback)
|
||||
}
|
||||
|
||||
function loadById (id, callback) {
|
||||
return this.findById(id, callback)
|
||||
}
|
||||
|
||||
function loadByUsername (username, callback) {
|
||||
return this.findOne({ username: username }, callback)
|
||||
}
|
||||
|
|
|
@ -610,23 +610,23 @@ describe('Test parameters validator', function () {
|
|||
})
|
||||
|
||||
describe('When removing an user', function () {
|
||||
it('Should fail with an incorrect username', function (done) {
|
||||
it('Should fail with an incorrect id', function (done) {
|
||||
request(server.url)
|
||||
.delete(path + 'bla-bla')
|
||||
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||
.expect(400, done)
|
||||
})
|
||||
|
||||
it('Should return 404 with a non existing username', function (done) {
|
||||
it('Should return 404 with a non existing id', function (done) {
|
||||
request(server.url)
|
||||
.delete(path + 'qzzerg')
|
||||
.delete(path + '579f982228c99c221d8092b8')
|
||||
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||
.expect(404, done)
|
||||
})
|
||||
|
||||
it('Should success with the correct parameters', function (done) {
|
||||
request(server.url)
|
||||
.delete(path + 'user1')
|
||||
.delete(path + userId)
|
||||
.set('Authorization', 'Bearer ' + server.accessToken)
|
||||
.expect(204, done)
|
||||
})
|
||||
|
|
|
@ -235,7 +235,7 @@ describe('Test users', function () {
|
|||
})
|
||||
|
||||
it('Should be able to remove this user', function (done) {
|
||||
usersUtils.removeUser(server.url, accessToken, 'user_1', done)
|
||||
usersUtils.removeUser(server.url, userId, accessToken, done)
|
||||
})
|
||||
|
||||
it('Should not be able to login with this user', function (done) {
|
||||
|
|
|
@ -52,7 +52,7 @@ function getUsersList (url, end) {
|
|||
.end(end)
|
||||
}
|
||||
|
||||
function removeUser (url, token, username, expectedStatus, end) {
|
||||
function removeUser (url, userId, accessToken, expectedStatus, end) {
|
||||
if (!end) {
|
||||
end = expectedStatus
|
||||
expectedStatus = 204
|
||||
|
@ -61,9 +61,9 @@ function removeUser (url, token, username, expectedStatus, end) {
|
|||
const path = '/api/v1/users'
|
||||
|
||||
request(url)
|
||||
.delete(path + '/' + username)
|
||||
.delete(path + '/' + userId)
|
||||
.set('Accept', 'application/json')
|
||||
.set('Authorization', 'Bearer ' + token)
|
||||
.set('Authorization', 'Bearer ' + accessToken)
|
||||
.expect(expectedStatus)
|
||||
.end(end)
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue