Ask password reset/email verif error handling
With a user that uses a plugin authentication
This commit is contained in:
parent
1f545e80b4
commit
c5f3ff39e5
|
@ -343,7 +343,7 @@ async function askResetUserPassword (req: express.Request, res: express.Response
|
||||||
|
|
||||||
const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
|
const verificationString = await Redis.Instance.setResetPasswordVerificationString(user.id)
|
||||||
const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
|
const url = WEBSERVER.URL + '/reset-password?userId=' + user.id + '&verificationString=' + verificationString
|
||||||
await Emailer.Instance.addPasswordResetEmailJob(user.username, user.email, url)
|
Emailer.Instance.addPasswordResetEmailJob(user.username, user.email, url)
|
||||||
|
|
||||||
return res.status(HttpStatusCode.NO_CONTENT_204).end()
|
return res.status(HttpStatusCode.NO_CONTENT_204).end()
|
||||||
}
|
}
|
||||||
|
|
|
@ -411,6 +411,13 @@ const usersAskResetPasswordValidator = [
|
||||||
return res.status(HttpStatusCode.NO_CONTENT_204).end()
|
return res.status(HttpStatusCode.NO_CONTENT_204).end()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (res.locals.user.pluginAuth) {
|
||||||
|
return res.fail({
|
||||||
|
status: HttpStatusCode.CONFLICT_409,
|
||||||
|
message: 'Cannot recover password of a user that uses a plugin authentication.'
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
@ -454,6 +461,13 @@ const usersAskSendVerifyEmailValidator = [
|
||||||
return res.status(HttpStatusCode.NO_CONTENT_204).end()
|
return res.status(HttpStatusCode.NO_CONTENT_204).end()
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (res.locals.user.pluginAuth) {
|
||||||
|
return res.fail({
|
||||||
|
status: HttpStatusCode.CONFLICT_409,
|
||||||
|
message: 'Cannot ask verification email of a user that uses a plugin authentication.'
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
||||||
return next()
|
return next()
|
||||||
}
|
}
|
||||||
]
|
]
|
||||||
|
|
|
@ -94,6 +94,14 @@ describe('Official plugin auth-ldap', function () {
|
||||||
await server.login.login({ user: { username: 'fry@planetexpress.com', password: 'fry' } })
|
await server.login.login({ user: { username: 'fry@planetexpress.com', password: 'fry' } })
|
||||||
})
|
})
|
||||||
|
|
||||||
|
it('Should not be able to ask password reset', async function () {
|
||||||
|
await server.users.askResetPassword({ email: 'fry@planetexpress.com', expectedStatus: HttpStatusCode.CONFLICT_409 })
|
||||||
|
})
|
||||||
|
|
||||||
|
it('Should not be able to ask email verification', async function () {
|
||||||
|
await server.users.askSendVerifyEmail({ email: 'fry@planetexpress.com', expectedStatus: HttpStatusCode.CONFLICT_409 })
|
||||||
|
})
|
||||||
|
|
||||||
it('Should not login if the plugin is uninstalled', async function () {
|
it('Should not login if the plugin is uninstalled', async function () {
|
||||||
await server.plugins.uninstall({ npmName: 'peertube-plugin-auth-ldap' })
|
await server.plugins.uninstall({ npmName: 'peertube-plugin-auth-ldap' })
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue