Relax admin automated account registration #16
2 changed files with 94 additions and 2 deletions
|
@ -15,18 +15,21 @@ import { DI } from '@/di-symbols.js';
|
|||
import type { Config } from '@/config.js';
|
||||
import { ApiError } from '@/server/api/error.js';
|
||||
import { Packed } from '@/misc/json-schema.js';
|
||||
import { RoleService } from '@/core/RoleService.js';
|
||||
|
||||
export const meta = {
|
||||
tags: ['admin'],
|
||||
|
||||
errors: {
|
||||
accessDenied: {
|
||||
httpStatusCode: 403,
|
||||
message: 'Access denied.',
|
||||
code: 'ACCESS_DENIED',
|
||||
id: '1fb7cb09-d46a-4fff-b8df-057708cce513',
|
||||
},
|
||||
|
||||
wrongInitialPassword: {
|
||||
httpStatusCode: 401,
|
||||
message: 'Initial password is incorrect.',
|
||||
code: 'INCORRECT_INITIAL_PASSWORD',
|
||||
id: '97147c55-1ae1-4f6f-91d6-e1c3e0e76d62',
|
||||
|
@ -65,6 +68,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
@Inject(DI.usersRepository)
|
||||
private usersRepository: UsersRepository,
|
||||
|
||||
private roleService: RoleService,
|
||||
private userEntityService: UserEntityService,
|
||||
private signupService: SignupService,
|
||||
private instanceActorService: InstanceActorService,
|
||||
|
@ -85,8 +89,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> { // eslint-
|
|||
// 初期パスワードが設定されていないのに初期パスワードが入力された場合
|
||||
throw new ApiError(meta.errors.wrongInitialPassword);
|
||||
}
|
||||
} else if ((realUsers && !me?.isRoot) || token !== null) {
|
||||
// 初回セットアップではなく、管理者でない場合 or 外部トークンを使用している場合
|
||||
} else if (!(me?.isRoot) && !await this.roleService.isAdministrator(me)) {
|
||||
// 管理者でない場合
|
||||
throw new ApiError(meta.errors.accessDenied);
|
||||
}
|
||||
|
||||
|
|
88
packages/backend/test/e2e/admin-create-account.ts
Normal file
88
packages/backend/test/e2e/admin-create-account.ts
Normal file
|
@ -0,0 +1,88 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: syuilo and misskey-project
|
||||
* SPDX-License-Identifier: AGPL-3.0-only
|
||||
*/
|
||||
|
||||
process.env.NODE_ENV = 'test';
|
||||
|
||||
import * as assert from 'assert';
|
||||
|
||||
import type * as misskey from 'misskey-js';
|
||||
import { api, role, signup } from '../utils.js';
|
||||
|
||||
describe('Admin Create User', () => {
|
||||
let admin: misskey.entities.SignupResponse;
|
||||
let user: misskey.entities.SignupResponse;
|
||||
let formerAdmin: misskey.entities.SignupResponse;
|
||||
let adminRole : misskey.entities.Role;
|
||||
let formerAdminRole : misskey.entities.Role;
|
||||
|
||||
beforeAll(async () => {
|
||||
admin = await signup({ username: 'admin' });
|
||||
formerAdmin = await signup({ username: 'former_admin' });
|
||||
user = await signup({ username: 'user' });
|
||||
adminRole = await role(admin, {
|
||||
name: 'admin',
|
||||
isAdministrator: true
|
||||
});
|
||||
formerAdminRole = await role(admin, {
|
||||
name: 'former_admin',
|
||||
isAdministrator: true
|
||||
});
|
||||
const addAdminRole = await api('admin/roles/assign', {
|
||||
userId: admin.id,
|
||||
roleId: adminRole.id
|
||||
}, admin);
|
||||
assert.strictEqual(addAdminRole.status, 204);
|
||||
|
||||
const addFormerAdminRole = await api('admin/roles/assign', {
|
||||
userId: formerAdmin.id,
|
||||
roleId: formerAdminRole.id
|
||||
}, admin);
|
||||
assert.strictEqual(addFormerAdminRole.status, 204);
|
||||
}, 1000 * 60 * 2);
|
||||
|
||||
test('Create User', async () => {
|
||||
const newUser1 = await api('admin/accounts/create', {
|
||||
username: 'new_user1',
|
||||
password: 'password',
|
||||
}, admin);
|
||||
assert.strictEqual(newUser1.status, 200);
|
||||
|
||||
const newUser2 = await api('admin/accounts/create', {
|
||||
username: 'new_user2',
|
||||
password: 'password',
|
||||
}, formerAdmin);
|
||||
assert.strictEqual(newUser2.status, 200);
|
||||
|
||||
const newUser3 = await api('admin/accounts/create', {
|
||||
username: 'new_user3',
|
||||
password: 'password',
|
||||
}, user);
|
||||
assert.strictEqual(newUser3.status, 403);
|
||||
});
|
||||
|
||||
test('Revoking Admin Role', async () => {
|
||||
const res = await api('admin/roles/delete', {roleId: formerAdminRole.id}, admin);
|
||||
assert.strictEqual(res.status, 200);
|
||||
|
||||
const res2 = await api('admin/roles/delete', {roleId: adminRole.id}, formerAdmin);
|
||||
assert.strictEqual(res2.status, 403);
|
||||
});
|
||||
|
||||
test('Revoked User Should Not Create User', async () => {
|
||||
const newUser4 = await api('admin/accounts/create', {
|
||||
username: 'new_user4',
|
||||
password: 'password',
|
||||
}, formerAdmin);
|
||||
|
||||
assert.strictEqual(newUser4.status, 403);
|
||||
|
||||
const newUser5 = await api('admin/accounts/create', {
|
||||
username: 'new_user5',
|
||||
password: 'password',
|
||||
}, admin);
|
||||
|
||||
assert.strictEqual(newUser5.status, 200);
|
||||
});
|
||||
})
|
Loading…
Reference in a new issue