Server: delete user with the id and not the username

This commit is contained in:
Chocobozzz 2016-08-09 21:44:45 +02:00
parent 45b81debd6
commit 68a3b9f2aa
6 changed files with 18 additions and 12 deletions

View File

@ -34,7 +34,7 @@ router.put('/:id',
updateUser updateUser
) )
router.delete('/:username', router.delete('/:id',
oAuth.authenticate, oAuth.authenticate,
admin.ensureIsAdmin, admin.ensureIsAdmin,
validatorsUsers.usersRemove, validatorsUsers.usersRemove,
@ -83,7 +83,7 @@ function listUsers (req, res, next) {
function removeUser (req, res, next) { function removeUser (req, res, next) {
waterfall([ waterfall([
function getUser (callback) { function getUser (callback) {
User.loadByUsername(req.params.username, callback) User.loadById(req.params.id, callback)
}, },
function getVideos (user, callback) { function getVideos (user, callback) {

View File

@ -25,12 +25,12 @@ function usersAdd (req, res, next) {
} }
function usersRemove (req, res, next) { function usersRemove (req, res, next) {
req.checkParams('username', 'Should have a valid username').isUserUsernameValid() req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
logger.debug('Checking usersRemove parameters', { parameters: req.params }) logger.debug('Checking usersRemove parameters', { parameters: req.params })
checkErrors(req, res, function () { checkErrors(req, res, function () {
User.loadByUsername(req.params.username, function (err, user) { User.loadById(req.params.id, function (err, user) {
if (err) { if (err) {
logger.error('Error in usersRemove request validator.', { error: err }) logger.error('Error in usersRemove request validator.', { error: err })
return res.sendStatus(500) return res.sendStatus(500)
@ -44,6 +44,7 @@ function usersRemove (req, res, next) {
} }
function usersUpdate (req, res, next) { function usersUpdate (req, res, next) {
req.checkParams('id', 'Should have a valid id').notEmpty().isMongoId()
// Add old password verification // Add old password verification
req.checkBody('password', 'Should have a valid password').isUserPasswordValid() req.checkBody('password', 'Should have a valid password').isUserPasswordValid()

View File

@ -21,6 +21,7 @@ UserSchema.methods = {
UserSchema.statics = { UserSchema.statics = {
getByUsernameAndPassword: getByUsernameAndPassword, getByUsernameAndPassword: getByUsernameAndPassword,
list: list, list: list,
loadById: loadById,
loadByUsername: loadByUsername loadByUsername: loadByUsername
} }
@ -36,6 +37,10 @@ function list (callback) {
return this.find(callback) return this.find(callback)
} }
function loadById (id, callback) {
return this.findById(id, callback)
}
function loadByUsername (username, callback) { function loadByUsername (username, callback) {
return this.findOne({ username: username }, callback) return this.findOne({ username: username }, callback)
} }

View File

@ -610,23 +610,23 @@ describe('Test parameters validator', function () {
}) })
describe('When removing an user', function () { describe('When removing an user', function () {
it('Should fail with an incorrect username', function (done) { it('Should fail with an incorrect id', function (done) {
request(server.url) request(server.url)
.delete(path + 'bla-bla') .delete(path + 'bla-bla')
.set('Authorization', 'Bearer ' + server.accessToken) .set('Authorization', 'Bearer ' + server.accessToken)
.expect(400, done) .expect(400, done)
}) })
it('Should return 404 with a non existing username', function (done) { it('Should return 404 with a non existing id', function (done) {
request(server.url) request(server.url)
.delete(path + 'qzzerg') .delete(path + '579f982228c99c221d8092b8')
.set('Authorization', 'Bearer ' + server.accessToken) .set('Authorization', 'Bearer ' + server.accessToken)
.expect(404, done) .expect(404, done)
}) })
it('Should success with the correct parameters', function (done) { it('Should success with the correct parameters', function (done) {
request(server.url) request(server.url)
.delete(path + 'user1') .delete(path + userId)
.set('Authorization', 'Bearer ' + server.accessToken) .set('Authorization', 'Bearer ' + server.accessToken)
.expect(204, done) .expect(204, done)
}) })

View File

@ -235,7 +235,7 @@ describe('Test users', function () {
}) })
it('Should be able to remove this user', function (done) { it('Should be able to remove this user', function (done) {
usersUtils.removeUser(server.url, accessToken, 'user_1', done) usersUtils.removeUser(server.url, userId, accessToken, done)
}) })
it('Should not be able to login with this user', function (done) { it('Should not be able to login with this user', function (done) {

View File

@ -52,7 +52,7 @@ function getUsersList (url, end) {
.end(end) .end(end)
} }
function removeUser (url, token, username, expectedStatus, end) { function removeUser (url, userId, accessToken, expectedStatus, end) {
if (!end) { if (!end) {
end = expectedStatus end = expectedStatus
expectedStatus = 204 expectedStatus = 204
@ -61,9 +61,9 @@ function removeUser (url, token, username, expectedStatus, end) {
const path = '/api/v1/users' const path = '/api/v1/users'
request(url) request(url)
.delete(path + '/' + username) .delete(path + '/' + userId)
.set('Accept', 'application/json') .set('Accept', 'application/json')
.set('Authorization', 'Bearer ' + token) .set('Authorization', 'Bearer ' + accessToken)
.expect(expectedStatus) .expect(expectedStatus)
.end(end) .end(end)
} }