1
0
Fork 0
mirror of https://github.com/immich-app/immich.git synced 2025-01-19 18:26:46 +01:00

fix(server): user update (#2143)

* fix(server): user update

* update dto

* generate api

* improve validation

* add e2e tests for updating user

---------

Co-authored-by: Michel Heusschen <59014050+michelheusschen@users.noreply.github.com>
This commit is contained in:
Alex 2023-04-01 11:43:45 -05:00 committed by GitHub
parent aaaf1a6cf8
commit d04f340b5b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 101 additions and 47 deletions

Binary file not shown.

Binary file not shown.

Binary file not shown.

View file

@ -32,7 +32,7 @@ import { UserCountDto } from '@app/domain';
@ApiTags('User') @ApiTags('User')
@Controller('user') @Controller('user')
@UsePipes(new ValidationPipe({ transform: true })) @UsePipes(new ValidationPipe({ transform: true, whitelist: true }))
export class UserController { export class UserController {
constructor(private service: UserService) {} constructor(private service: UserService) {}

View file

@ -2,7 +2,7 @@ import { Test, TestingModule } from '@nestjs/testing';
import { INestApplication } from '@nestjs/common'; import { INestApplication } from '@nestjs/common';
import request from 'supertest'; import request from 'supertest';
import { clearDb, authCustom } from './test-utils'; import { clearDb, authCustom } from './test-utils';
import { CreateUserDto, UserService, AuthUserDto } from '@app/domain'; import { CreateUserDto, UserService, AuthUserDto, UserResponseDto } from '@app/domain';
import { DataSource } from 'typeorm'; import { DataSource } from 'typeorm';
import { AuthService } from '@app/domain'; import { AuthService } from '@app/domain';
import { AppModule } from '../src/app.module'; import { AppModule } from '../src/app.module';
@ -39,10 +39,11 @@ describe('User', () => {
}); });
}); });
describe('with auth', () => { describe('with admin auth', () => {
let userService: UserService; let userService: UserService;
let authService: AuthService; let authService: AuthService;
let authUser: AuthUserDto; let authUser: AuthUserDto;
let userOne: UserResponseDto;
beforeAll(async () => { beforeAll(async () => {
const builder = Test.createTestingModule({ imports: [AppModule] }); const builder = Test.createTestingModule({ imports: [AppModule] });
@ -69,7 +70,8 @@ describe('User', () => {
password: '1234', password: '1234',
}); });
authUser = { ...adminSignupResponseDto, isAdmin: true }; // TODO: find out why adminSignUp doesn't have isAdmin (maybe can just return UserResponseDto) authUser = { ...adminSignupResponseDto, isAdmin: true }; // TODO: find out why adminSignUp doesn't have isAdmin (maybe can just return UserResponseDto)
await Promise.allSettled([
[userOne] = await Promise.all([
_createUser(userService, { _createUser(userService, {
firstName: 'one', firstName: 'one',
lastName: 'test', lastName: 'test',
@ -121,6 +123,67 @@ describe('User', () => {
); );
expect(body).toEqual(expect.not.arrayContaining([expect.objectContaining({ email: authUserEmail })])); expect(body).toEqual(expect.not.arrayContaining([expect.objectContaining({ email: authUserEmail })]));
}); });
it('disallows admin user from creating a second admin account', async () => {
const { status } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
isAdmin: true,
});
expect(status).toEqual(400);
});
it('ignores updates to createdAt, updatedAt and deletedAt', async () => {
const { status, body } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
createdAt: '2023-01-01T00:00:00.000Z',
updatedAt: '2023-01-01T00:00:00.000Z',
deletedAt: '2023-01-01T00:00:00.000Z',
});
expect(status).toEqual(200);
expect(body).toStrictEqual({
...userOne,
createdAt: new Date(userOne.createdAt).toISOString(),
updatedAt: expect.anything(),
});
});
it('ignores updates to profileImagePath', async () => {
const { status, body } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
profileImagePath: 'invalid.jpg',
});
expect(status).toEqual(200);
expect(body).toStrictEqual({
...userOne,
createdAt: new Date(userOne.createdAt).toISOString(),
updatedAt: expect.anything(),
});
});
it('allows to update first and last name', async () => {
const { status, body } = await request(app.getHttpServer())
.put('/user')
.send({
...userOne,
firstName: 'newFirstName',
lastName: 'newLastName',
});
expect(status).toEqual(200);
expect(body).toMatchObject({
...userOne,
createdAt: new Date(userOne.createdAt).toISOString(),
updatedAt: expect.anything(),
firstName: 'newFirstName',
lastName: 'newLastName',
});
});
}); });
}); });
}); });

View file

@ -4812,29 +4812,31 @@
"UpdateUserDto": { "UpdateUserDto": {
"type": "object", "type": "object",
"properties": { "properties": {
"id": {
"type": "string"
},
"email": { "email": {
"type": "string" "type": "string",
"example": "testuser@email.com"
}, },
"password": { "password": {
"type": "string" "type": "string",
"example": "password"
}, },
"firstName": { "firstName": {
"type": "string" "type": "string",
"example": "John"
}, },
"lastName": { "lastName": {
"type": "string" "type": "string",
"example": "Doe"
},
"id": {
"type": "string",
"format": "uuid"
}, },
"isAdmin": { "isAdmin": {
"type": "boolean" "type": "boolean"
}, },
"shouldChangePassword": { "shouldChangePassword": {
"type": "boolean" "type": "boolean"
},
"profileImagePath": {
"type": "string"
} }
}, },
"required": [ "required": [

View file

@ -1,28 +1,18 @@
import { IsEmail, IsNotEmpty, IsOptional } from 'class-validator'; import { IsBoolean, IsNotEmpty, IsOptional, IsUUID } from 'class-validator';
import { CreateUserDto } from './create-user.dto';
import { ApiProperty, PartialType } from '@nestjs/swagger';
export class UpdateUserDto { export class UpdateUserDto extends PartialType(CreateUserDto) {
@IsNotEmpty() @IsNotEmpty()
@IsUUID('4')
@ApiProperty({ format: 'uuid' })
id!: string; id!: string;
@IsEmail()
@IsOptional()
email?: string;
@IsOptional()
password?: string;
@IsOptional()
firstName?: string;
@IsOptional()
lastName?: string;
@IsOptional() @IsOptional()
@IsBoolean()
isAdmin?: boolean; isAdmin?: boolean;
@IsOptional() @IsOptional()
@IsBoolean()
shouldChangePassword?: boolean; shouldChangePassword?: boolean;
@IsOptional()
profileImagePath?: string;
} }

View file

@ -21,12 +21,16 @@ export class UserCore {
constructor(private userRepository: IUserRepository, private cryptoRepository: ICryptoRepository) {} constructor(private userRepository: IUserRepository, private cryptoRepository: ICryptoRepository) {}
async updateUser(authUser: AuthUserDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> { async updateUser(authUser: AuthUserDto, id: string, dto: Partial<UserEntity>): Promise<UserEntity> {
if (!(authUser.isAdmin || authUser.id === id)) { if (!authUser.isAdmin && authUser.id !== id) {
throw new ForbiddenException('You are not allowed to update this user'); throw new ForbiddenException('You are not allowed to update this user');
} }
if (dto.isAdmin && authUser.isAdmin && authUser.id !== id) { if (!authUser.isAdmin) {
throw new BadRequestException('Admin user exists'); // Users can never update the isAdmin property.
delete dto.isAdmin;
} else if (dto.isAdmin && authUser.id !== id) {
// Admin cannot create another admin.
throw new BadRequestException('The server already has an admin');
} }
if (dto.email) { if (dto.email) {

View file

@ -90,6 +90,7 @@ export class UserService {
if (!user) { if (!user) {
throw new NotFoundException('User not found'); throw new NotFoundException('User not found');
} }
const updatedUser = await this.userCore.updateUser(authUser, dto.id, dto); const updatedUser = await this.userCore.updateUser(authUser, dto.id, dto);
return mapUser(updatedUser); return mapUser(updatedUser);
} }

View file

@ -2292,12 +2292,6 @@ export interface UpdateTagDto {
* @interface UpdateUserDto * @interface UpdateUserDto
*/ */
export interface UpdateUserDto { export interface UpdateUserDto {
/**
*
* @type {string}
* @memberof UpdateUserDto
*/
'id': string;
/** /**
* *
* @type {string} * @type {string}
@ -2322,6 +2316,12 @@ export interface UpdateUserDto {
* @memberof UpdateUserDto * @memberof UpdateUserDto
*/ */
'lastName'?: string; 'lastName'?: string;
/**
*
* @type {string}
* @memberof UpdateUserDto
*/
'id': string;
/** /**
* *
* @type {boolean} * @type {boolean}
@ -2334,12 +2334,6 @@ export interface UpdateUserDto {
* @memberof UpdateUserDto * @memberof UpdateUserDto
*/ */
'shouldChangePassword'?: boolean; 'shouldChangePassword'?: boolean;
/**
*
* @type {string}
* @memberof UpdateUserDto
*/
'profileImagePath'?: string;
} }
/** /**
* *