ulysia/szurubooru
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

server/users: fix detecting duplicate user names

Browse source
This commit is contained in:
rr- 2016-05-08 17:03:55 +02:00
parent 0214341473
commit 2bd02f4921
3 changed files with 28 additions and 9 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
server/szurubooru/api/user_api.py
View file

@ -17,7 +17,7 @@ class UserListApi(BaseApi):
name = ctx.get_param_as_string('name', required=True) name = ctx.get_param_as_string('name', required=True)
password = ctx.get_param_as_string('password', required=True) password = ctx.get_param_as_string('password', required=True)
email = ctx.get_param_as_string('email', required=False, default='') email = ctx.get_param_as_string('email', required=False, default='')
user = users.create_user(name, password, email, ctx.user) user = users.create_user(name, password, email)
if ctx.has_param('rank'): if ctx.has_param('rank'):
users.update_user_rank( users.update_user_rank(
user, ctx.get_param_as_string('rank'), ctx.user) user, ctx.get_param_as_string('rank'), ctx.user)
@ -42,8 +42,7 @@ class UserDetailApi(BaseApi):
infix = 'self' if ctx.user.user_id == user.user_id else 'any' infix = 'self' if ctx.user.user_id == user.user_id else 'any'
if ctx.has_param('name'): if ctx.has_param('name'):
auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix) auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix)
users.update_user_name( users.update_user_name(user, ctx.get_param_as_string('name'))
user, ctx.get_param_as_string('name'), ctx.user)
if ctx.has_param('password'): if ctx.has_param('password'):
auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix) auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix)
users.update_user_password( users.update_user_password(

8
server/szurubooru/func/users.py
View file

@ -72,9 +72,9 @@ def get_user_by_name_or_email(name_or_email):
raise UserNotFoundError('User %r not found.' % name_or_email) raise UserNotFoundError('User %r not found.' % name_or_email)
return user return user
def create_user(name, password, email, auth_user): def create_user(name, password, email):
user = db.User() user = db.User()
update_user_name(user, name, auth_user) update_user_name(user, name)
update_user_password(user, password) update_user_password(user, password)
update_user_email(user, email) update_user_email(user, email)
if get_user_count() > 0: if get_user_count() > 0:
@ -85,13 +85,13 @@ def create_user(name, password, email, auth_user):
user.avatar_style = db.User.AVATAR_GRAVATAR user.avatar_style = db.User.AVATAR_GRAVATAR
return user return user
def update_user_name(user, name, auth_user): def update_user_name(user, name):
if not name: if not name:
raise InvalidUserNameError('Name cannot be empty.') raise InvalidUserNameError('Name cannot be empty.')
if util.value_exceeds_column_size(name, db.User.name): if util.value_exceeds_column_size(name, db.User.name):
raise InvalidUserNameError('User name is too long.') raise InvalidUserNameError('User name is too long.')
other_user = try_get_user_by_name(name) other_user = try_get_user_by_name(name)
if other_user and other_user.user_id != auth_user.user_id: if other_user and other_user.user_id != user.user_id:
raise UserAlreadyExistsError('User %r already exists.' % name) raise UserAlreadyExistsError('User %r already exists.' % name)
name = name.strip() name = name.strip()
name_regex = config.config['user_name_regex'] name_regex = config.config['user_name_regex']

24
server/szurubooru/tests/api/test_user_updating.py
View file

@ -152,12 +152,32 @@ def test_trying_to_become_someone_else(test_ctx):
db.session.add_all([user1, user2]) db.session.add_all([user1, user2])
with pytest.raises(users.UserAlreadyExistsError): with pytest.raises(users.UserAlreadyExistsError):
test_ctx.api.put( test_ctx.api.put(
test_ctx.context_factory(input={'name': 'her'}, user=user1), test_ctx.context_factory(input={'name': 'her'}, user=user1), 'me')
'me')
with pytest.raises(users.UserAlreadyExistsError): with pytest.raises(users.UserAlreadyExistsError):
test_ctx.api.put( test_ctx.api.put(
test_ctx.context_factory(input={'name': 'HER'}, user=user1), 'me') test_ctx.context_factory(input={'name': 'HER'}, user=user1), 'me')
def test_trying_to_make_someone_into_someone_else(test_ctx):
user1 = test_ctx.user_factory(name='him', rank=db.User.RANK_REGULAR)
user2 = test_ctx.user_factory(name='her', rank=db.User.RANK_REGULAR)
user3 = test_ctx.user_factory(name='me', rank=db.User.RANK_MODERATOR)
db.session.add_all([user1, user2, user3])
with pytest.raises(users.UserAlreadyExistsError):
test_ctx.api.put(
test_ctx.context_factory(input={'name': 'her'}, user=user3), 'him')
with pytest.raises(users.UserAlreadyExistsError):
test_ctx.api.put(
test_ctx.context_factory(input={'name': 'HER'}, user=user3), 'him')
def test_renaming_someone_else(test_ctx):
user1 = test_ctx.user_factory(name='him', rank=db.User.RANK_REGULAR)
user2 = test_ctx.user_factory(name='me', rank=db.User.RANK_MODERATOR)
db.session.add_all([user1, user2])
test_ctx.api.put(
test_ctx.context_factory(input={'name': 'himself'}, user=user2), 'him')
test_ctx.api.put(
test_ctx.context_factory(input={'name': 'HIMSELF'}, user=user2), 'himself')
def test_mods_trying_to_become_admin(test_ctx): def test_mods_trying_to_become_admin(test_ctx):
user1 = test_ctx.user_factory(name='u1', rank=db.User.RANK_MODERATOR) user1 = test_ctx.user_factory(name='u1', rank=db.User.RANK_MODERATOR)
user2 = test_ctx.user_factory(name='u2', rank=db.User.RANK_MODERATOR) user2 = test_ctx.user_factory(name='u2', rank=db.User.RANK_MODERATOR)