mirror of
https://github.com/immich-app/immich.git
synced 2025-01-19 18:26:46 +01:00
fix(server): user update (#2143)
* fix(server): user update * update dto * generate api * improve validation * add e2e tests for updating user --------- Co-authored-by: Michel Heusschen <59014050+michelheusschen@users.noreply.github.com>
This commit is contained in:
parent
aaaf1a6cf8
commit
d04f340b5b
10 changed files with 101 additions and 47 deletions
BIN
mobile/openapi/doc/UpdateUserDto.md
generated
BIN
mobile/openapi/doc/UpdateUserDto.md
generated
Binary file not shown.
BIN
mobile/openapi/lib/model/update_user_dto.dart
generated
BIN
mobile/openapi/lib/model/update_user_dto.dart
generated
Binary file not shown.
BIN
mobile/openapi/test/update_user_dto_test.dart
generated
BIN
mobile/openapi/test/update_user_dto_test.dart
generated
Binary file not shown.
|
@ -32,7 +32,7 @@ import { UserCountDto } from '@app/domain';
|
||||||
|
|
||||||
@ApiTags('User')
|
@ApiTags('User')
|
||||||
@Controller('user')
|
@Controller('user')
|
||||||
@UsePipes(new ValidationPipe({ transform: true }))
|
@UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
|
||||||
export class UserController {
|
export class UserController {
|
||||||
constructor(private service: UserService) {}
|
constructor(private service: UserService) {}
|
||||||
|
|
||||||
|
|
|
@ -2,7 +2,7 @@ import { Test, TestingModule } from '@nestjs/testing';
|
||||||
import { INestApplication } from '@nestjs/common';
|
import { INestApplication } from '@nestjs/common';
|
||||||
import request from 'supertest';
|
import request from 'supertest';
|
||||||
import { clearDb, authCustom } from './test-utils';
|
import { clearDb, authCustom } from './test-utils';
|
||||||
import { CreateUserDto, UserService, AuthUserDto } from '@app/domain';
|
import { CreateUserDto, UserService, AuthUserDto, UserResponseDto } from '@app/domain';
|
||||||
import { DataSource } from 'typeorm';
|
import { DataSource } from 'typeorm';
|
||||||
import { AuthService } from '@app/domain';
|
import { AuthService } from '@app/domain';
|
||||||
import { AppModule } from '../src/app.module';
|
import { AppModule } from '../src/app.module';
|
||||||
|
@ -39,10 +39,11 @@ describe('User', () => {
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
describe('with auth', () => {
|
describe('with admin auth', () => {
|
||||||
let userService: UserService;
|
let userService: UserService;
|
||||||
let authService: AuthService;
|
let authService: AuthService;
|
||||||
let authUser: AuthUserDto;
|
let authUser: AuthUserDto;
|
||||||
|
let userOne: UserResponseDto;
|
||||||
|
|
||||||
beforeAll(async () => {
|
beforeAll(async () => {
|
||||||
const builder = Test.createTestingModule({ imports: [AppModule] });
|
const builder = Test.createTestingModule({ imports: [AppModule] });
|
||||||
|
@ -69,7 +70,8 @@ describe('User', () => {
|
||||||
password: '1234',
|
password: '1234',
|
||||||
});
|
});
|
||||||
authUser = { ...adminSignupResponseDto, isAdmin: true }; // TODO: find out why adminSignUp doesn't have isAdmin (maybe can just return UserResponseDto)
|
authUser = { ...adminSignupResponseDto, isAdmin: true }; // TODO: find out why adminSignUp doesn't have isAdmin (maybe can just return UserResponseDto)
|
||||||
await Promise.allSettled([
|
|
||||||
|
[userOne] = await Promise.all([
|
||||||
_createUser(userService, {
|
_createUser(userService, {
|
||||||
firstName: 'one',
|
firstName: 'one',
|
||||||
lastName: 'test',
|
lastName: 'test',
|
||||||
|
@ -121,6 +123,67 @@ describe('User', () => {
|
||||||
);
|
);
|
||||||
expect(body).toEqual(expect.not.arrayContaining([expect.objectContaining({ email: authUserEmail })]));
|
expect(body).toEqual(expect.not.arrayContaining([expect.objectContaining({ email: authUserEmail })]));
|
||||||
});
|
});
|
||||||
|
|
||||||
|
it('disallows admin user from creating a second admin account', async () => {
|
||||||
|
const { status } = await request(app.getHttpServer())
|
||||||
|
.put('/user')
|
||||||
|
.send({
|
||||||
|
...userOne,
|
||||||
|
isAdmin: true,
|
||||||
|
});
|
||||||
|
expect(status).toEqual(400);
|
||||||
|
});
|
||||||
|
|
||||||
|
it('ignores updates to createdAt, updatedAt and deletedAt', async () => {
|
||||||
|
const { status, body } = await request(app.getHttpServer())
|
||||||
|
.put('/user')
|
||||||
|
.send({
|
||||||
|
...userOne,
|
||||||
|
createdAt: '2023-01-01T00:00:00.000Z',
|
||||||
|
updatedAt: '2023-01-01T00:00:00.000Z',
|
||||||
|
deletedAt: '2023-01-01T00:00:00.000Z',
|
||||||
|
});
|
||||||
|
expect(status).toEqual(200);
|
||||||
|
expect(body).toStrictEqual({
|
||||||
|
...userOne,
|
||||||
|
createdAt: new Date(userOne.createdAt).toISOString(),
|
||||||
|
updatedAt: expect.anything(),
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('ignores updates to profileImagePath', async () => {
|
||||||
|
const { status, body } = await request(app.getHttpServer())
|
||||||
|
.put('/user')
|
||||||
|
.send({
|
||||||
|
...userOne,
|
||||||
|
profileImagePath: 'invalid.jpg',
|
||||||
|
});
|
||||||
|
expect(status).toEqual(200);
|
||||||
|
expect(body).toStrictEqual({
|
||||||
|
...userOne,
|
||||||
|
createdAt: new Date(userOne.createdAt).toISOString(),
|
||||||
|
updatedAt: expect.anything(),
|
||||||
|
});
|
||||||
|
});
|
||||||
|
|
||||||
|
it('allows to update first and last name', async () => {
|
||||||
|
const { status, body } = await request(app.getHttpServer())
|
||||||
|
.put('/user')
|
||||||
|
.send({
|
||||||
|
...userOne,
|
||||||
|
firstName: 'newFirstName',
|
||||||
|
lastName: 'newLastName',
|
||||||
|
});
|
||||||
|
|
||||||
|
expect(status).toEqual(200);
|
||||||
|
expect(body).toMatchObject({
|
||||||
|
...userOne,
|
||||||
|
createdAt: new Date(userOne.createdAt).toISOString(),
|
||||||
|
updatedAt: expect.anything(),
|
||||||
|
firstName: 'newFirstName',
|
||||||
|
lastName: 'newLastName',
|
||||||
|
});
|
||||||
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
|
@ -4812,29 +4812,31 @@
|
||||||
"UpdateUserDto": {
|
"UpdateUserDto": {
|
||||||
"type": "object",
|
"type": "object",
|
||||||
"properties": {
|
"properties": {
|
||||||
"id": {
|
|
||||||
"type": "string"
|
|
||||||
},
|
|
||||||
"email": {
|
"email": {
|
||||||
"type": "string"
|
"type": "string",
|
||||||
|
"example": "testuser@email.com"
|
||||||
},
|
},
|
||||||
"password": {
|
"password": {
|
||||||
"type": "string"
|
"type": "string",
|
||||||
|
"example": "password"
|
||||||
},
|
},
|
||||||
"firstName": {
|
"firstName": {
|
||||||
"type": "string"
|
"type": "string",
|
||||||
|
"example": "John"
|
||||||
},
|
},
|
||||||
"lastName": {
|
"lastName": {
|
||||||
"type": "string"
|
"type": "string",
|
||||||
|
"example": "Doe"
|
||||||
|
},
|
||||||
|
"id": {
|
||||||
|
"type": "string",
|
||||||
|
"format": "uuid"
|
||||||
},
|
},
|
||||||
"isAdmin": {
|
"isAdmin": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
},
|
||||||
"shouldChangePassword": {
|
"shouldChangePassword": {
|
||||||
"type": "boolean"
|
"type": "boolean"
|
||||||
},
|
|
||||||
"profileImagePath": {
|
|
||||||
"type": "string"
|
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
"required": [
|
"required": [
|
||||||
|
|
|
@ -1,28 +1,18 @@
|
||||||
import { IsEmail, IsNotEmpty, IsOptional } from 'class-validator';
|
import { IsBoolean, IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
|
||||||
|
import { CreateUserDto } from './create-user.dto';
|
||||||
|
import { ApiProperty, PartialType } from '@nestjs/swagger';
|
||||||
|
|
||||||
export class UpdateUserDto {
|
export class UpdateUserDto extends PartialType(CreateUserDto) {
|
||||||
@IsNotEmpty()
|
@IsNotEmpty()
|
||||||
|
@IsUUID('4')
|
||||||
|
@ApiProperty({ format: 'uuid' })
|
||||||
id!: string;
|
id!: string;
|
||||||
|
|
||||||
@IsEmail()
|
|
||||||
@IsOptional()
|
|
||||||
email?: string;
|
|
||||||
|
|
||||||
@IsOptional()
|
|
||||||
password?: string;
|
|
||||||
|
|
||||||
@IsOptional()
|
|
||||||
firstName?: string;
|
|
||||||
|
|
||||||
@IsOptional()
|
|
||||||
lastName?: string;
|
|
||||||
|
|
||||||
@IsOptional()
|
@IsOptional()
|
||||||
|
@IsBoolean()
|
||||||
isAdmin?: boolean;
|
isAdmin?: boolean;
|
||||||
|
|
||||||
@IsOptional()
|
@IsOptional()
|
||||||
|
@IsBoolean()
|
||||||
shouldChangePassword?: boolean;
|
shouldChangePassword?: boolean;
|
||||||
|
|
||||||
@IsOptional()
|
|
||||||
profileImagePath?: string;
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -21,12 +21,16 @@ export class UserCore {
|
||||||
constructor(private userRepository: IUserRepository, private cryptoRepository: ICryptoRepository) {}
|
constructor(private userRepository: IUserRepository, private cryptoRepository: ICryptoRepository) {}
|
||||||
|
|
||||||
async updateUser(authUser: AuthUserDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> {
|
async updateUser(authUser: AuthUserDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> {
|
||||||
if (!(authUser.isAdmin || authUser.id === id)) {
|
if (!authUser.isAdmin && authUser.id !== id) {
|
||||||
throw new ForbiddenException('You are not allowed to update this user');
|
throw new ForbiddenException('You are not allowed to update this user');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dto.isAdmin && authUser.isAdmin && authUser.id !== id) {
|
if (!authUser.isAdmin) {
|
||||||
throw new BadRequestException('Admin user exists');
|
// Users can never update the isAdmin property.
|
||||||
|
delete dto.isAdmin;
|
||||||
|
} else if (dto.isAdmin && authUser.id !== id) {
|
||||||
|
// Admin cannot create another admin.
|
||||||
|
throw new BadRequestException('The server already has an admin');
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dto.email) {
|
if (dto.email) {
|
||||||
|
|
|
@ -90,6 +90,7 @@ export class UserService {
|
||||||
if (!user) {
|
if (!user) {
|
||||||
throw new NotFoundException('User not found');
|
throw new NotFoundException('User not found');
|
||||||
}
|
}
|
||||||
|
|
||||||
const updatedUser = await this.userCore.updateUser(authUser, dto.id, dto);
|
const updatedUser = await this.userCore.updateUser(authUser, dto.id, dto);
|
||||||
return mapUser(updatedUser);
|
return mapUser(updatedUser);
|
||||||
}
|
}
|
||||||
|
|
18
web/src/api/open-api/api.ts
generated
18
web/src/api/open-api/api.ts
generated
|
@ -2292,12 +2292,6 @@ export interface UpdateTagDto {
|
||||||
* @interface UpdateUserDto
|
* @interface UpdateUserDto
|
||||||
*/
|
*/
|
||||||
export interface UpdateUserDto {
|
export interface UpdateUserDto {
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @type {string}
|
|
||||||
* @memberof UpdateUserDto
|
|
||||||
*/
|
|
||||||
'id': string;
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @type {string}
|
* @type {string}
|
||||||
|
@ -2322,6 +2316,12 @@ export interface UpdateUserDto {
|
||||||
* @memberof UpdateUserDto
|
* @memberof UpdateUserDto
|
||||||
*/
|
*/
|
||||||
'lastName'?: string;
|
'lastName'?: string;
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
* @type {string}
|
||||||
|
* @memberof UpdateUserDto
|
||||||
|
*/
|
||||||
|
'id': string;
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* @type {boolean}
|
* @type {boolean}
|
||||||
|
@ -2334,12 +2334,6 @@ export interface UpdateUserDto {
|
||||||
* @memberof UpdateUserDto
|
* @memberof UpdateUserDto
|
||||||
*/
|
*/
|
||||||
'shouldChangePassword'?: boolean;
|
'shouldChangePassword'?: boolean;
|
||||||
/**
|
|
||||||
*
|
|
||||||
* @type {string}
|
|
||||||
* @memberof UpdateUserDto
|
|
||||||
*/
|
|
||||||
'profileImagePath'?: string;
|
|
||||||
}
|
}
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
|
|
Loading…
Reference in a new issue