Relax admin automated account registration
Some checks failed
Lint / pnpm_install (pull_request) Successful in 1m44s
Publish Docker image / Build (pull_request) Successful in 5m0s
Test (production install and build) / production (20.16.0) (pull_request) Successful in 1m17s
Lint / lint (backend) (pull_request) Successful in 2m15s
Test (backend) / unit (20.16.0) (pull_request) Successful in 8m53s
Lint / lint (frontend) (pull_request) Successful in 2m29s
Lint / lint (frontend-embed) (pull_request) Successful in 2m20s
Lint / lint (misskey-bubble-game) (pull_request) Successful in 2m21s
Lint / lint (frontend-shared) (pull_request) Successful in 2m50s
Test (backend) / e2e (20.16.0) (pull_request) Successful in 12m35s
Lint / lint (sw) (pull_request) Has been cancelled
Lint / typecheck (backend) (pull_request) Has been cancelled
Lint / typecheck (misskey-js) (pull_request) Has been cancelled
Lint / typecheck (sw) (pull_request) Has been cancelled
Lint / lint (misskey-js) (pull_request) Has been cancelled
Lint / lint (misskey-reversi) (pull_request) Has been cancelled

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
This commit is contained in:
ゆめ 2024-11-14 02:50:44 -06:00
parent 7748ab5dd0
commit 64c67e6b8b
No known key found for this signature in database

View file

@ -15,18 +15,21 @@ import { DI } from '@/di-symbols.js';
import type { Config } from '@/config.js'; import type { Config } from '@/config.js';
import { ApiError } from '@/server/api/error.js'; import { ApiError } from '@/server/api/error.js';
import { Packed } from '@/misc/json-schema.js'; import { Packed } from '@/misc/json-schema.js';
import { RoleService } from '@/core/RoleService.js';
export const meta = { export const meta = {
tags: ['admin'], tags: ['admin'],
errors: { errors: {
accessDenied: { accessDenied: {
httpStatusCode: 403,
message: 'Access denied.', message: 'Access denied.',
code: 'ACCESS_DENIED', code: 'ACCESS_DENIED',
id: '1fb7cb09-d46a-4fff-b8df-057708cce513', id: '1fb7cb09-d46a-4fff-b8df-057708cce513',
}, },
wrongInitialPassword: { wrongInitialPassword: {
httpStatusCode: 401,
message: 'Initial password is incorrect.', message: 'Initial password is incorrect.',
code: 'INCORRECT_INITIAL_PASSWORD', code: 'INCORRECT_INITIAL_PASSWORD',
id: '97147c55-1ae1-4f6f-91d6-e1c3e0e76d62', id: '97147c55-1ae1-4f6f-91d6-e1c3e0e76d62',
@ -65,6 +68,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
@Inject(DI.usersRepository) @Inject(DI.usersRepository)
private usersRepository: UsersRepository, private usersRepository: UsersRepository,
private roleService: RoleService,
private userEntityService: UserEntityService, private userEntityService: UserEntityService,
private signupService: SignupService, private signupService: SignupService,
private instanceActorService: InstanceActorService, private instanceActorService: InstanceActorService,
@ -85,8 +89,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
// 初期パスワードが設定されていないのに初期パスワードが入力された場合 // 初期パスワードが設定されていないのに初期パスワードが入力された場合
throw new ApiError(meta.errors.wrongInitialPassword); throw new ApiError(meta.errors.wrongInitialPassword);
} }
} else if ((realUsers && !me?.isRoot) || token !== null) { } else if (!(me?.isRoot) && !await this.roleService.isAdministrator(me)) {
// 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合 // 管理者でない場合
throw new ApiError(meta.errors.accessDenied); throw new ApiError(meta.errors.accessDenied);
} }