From 2bd02f492182dca3642aacd328ab2335ac796332 Mon Sep 17 00:00:00 2001 From: rr- Date: Sun, 8 May 2016 17:03:55 +0200 Subject: [PATCH] server/users: fix detecting duplicate user names --- server/szurubooru/api/user_api.py | 5 ++-- server/szurubooru/func/users.py | 8 +++---- .../tests/api/test_user_updating.py | 24 +++++++++++++++++-- 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/server/szurubooru/api/user_api.py b/server/szurubooru/api/user_api.py index 7cddce7..1170bd8 100644 --- a/server/szurubooru/api/user_api.py +++ b/server/szurubooru/api/user_api.py @@ -17,7 +17,7 @@ class UserListApi(BaseApi): name = ctx.get_param_as_string('name', required=True) password = ctx.get_param_as_string('password', required=True) email = ctx.get_param_as_string('email', required=False, default='') - user = users.create_user(name, password, email, ctx.user) + user = users.create_user(name, password, email) if ctx.has_param('rank'): users.update_user_rank( user, ctx.get_param_as_string('rank'), ctx.user) @@ -42,8 +42,7 @@ class UserDetailApi(BaseApi): infix = 'self' if ctx.user.user_id == user.user_id else 'any' if ctx.has_param('name'): auth.verify_privilege(ctx.user, 'users:edit:%s:name' % infix) - users.update_user_name( - user, ctx.get_param_as_string('name'), ctx.user) + users.update_user_name(user, ctx.get_param_as_string('name')) if ctx.has_param('password'): auth.verify_privilege(ctx.user, 'users:edit:%s:pass' % infix) users.update_user_password( diff --git a/server/szurubooru/func/users.py b/server/szurubooru/func/users.py index d57af4c..168cc5e 100644 --- a/server/szurubooru/func/users.py +++ b/server/szurubooru/func/users.py @@ -72,9 +72,9 @@ def get_user_by_name_or_email(name_or_email): raise UserNotFoundError('User %r not found.' % name_or_email) return user -def create_user(name, password, email, auth_user): +def create_user(name, password, email): user = db.User() - update_user_name(user, name, auth_user) + update_user_name(user, name) update_user_password(user, password) update_user_email(user, email) if get_user_count() > 0: @@ -85,13 +85,13 @@ def create_user(name, password, email, auth_user): user.avatar_style = db.User.AVATAR_GRAVATAR return user -def update_user_name(user, name, auth_user): +def update_user_name(user, name): if not name: raise InvalidUserNameError('Name cannot be empty.') if util.value_exceeds_column_size(name, db.User.name): raise InvalidUserNameError('User name is too long.') other_user = try_get_user_by_name(name) - if other_user and other_user.user_id != auth_user.user_id: + if other_user and other_user.user_id != user.user_id: raise UserAlreadyExistsError('User %r already exists.' % name) name = name.strip() name_regex = config.config['user_name_regex'] diff --git a/server/szurubooru/tests/api/test_user_updating.py b/server/szurubooru/tests/api/test_user_updating.py index 4dbb321..40230bb 100644 --- a/server/szurubooru/tests/api/test_user_updating.py +++ b/server/szurubooru/tests/api/test_user_updating.py @@ -152,12 +152,32 @@ def test_trying_to_become_someone_else(test_ctx): db.session.add_all([user1, user2]) with pytest.raises(users.UserAlreadyExistsError): test_ctx.api.put( - test_ctx.context_factory(input={'name': 'her'}, user=user1), - 'me') + test_ctx.context_factory(input={'name': 'her'}, user=user1), 'me') with pytest.raises(users.UserAlreadyExistsError): test_ctx.api.put( test_ctx.context_factory(input={'name': 'HER'}, user=user1), 'me') +def test_trying_to_make_someone_into_someone_else(test_ctx): + user1 = test_ctx.user_factory(name='him', rank=db.User.RANK_REGULAR) + user2 = test_ctx.user_factory(name='her', rank=db.User.RANK_REGULAR) + user3 = test_ctx.user_factory(name='me', rank=db.User.RANK_MODERATOR) + db.session.add_all([user1, user2, user3]) + with pytest.raises(users.UserAlreadyExistsError): + test_ctx.api.put( + test_ctx.context_factory(input={'name': 'her'}, user=user3), 'him') + with pytest.raises(users.UserAlreadyExistsError): + test_ctx.api.put( + test_ctx.context_factory(input={'name': 'HER'}, user=user3), 'him') + +def test_renaming_someone_else(test_ctx): + user1 = test_ctx.user_factory(name='him', rank=db.User.RANK_REGULAR) + user2 = test_ctx.user_factory(name='me', rank=db.User.RANK_MODERATOR) + db.session.add_all([user1, user2]) + test_ctx.api.put( + test_ctx.context_factory(input={'name': 'himself'}, user=user2), 'him') + test_ctx.api.put( + test_ctx.context_factory(input={'name': 'HIMSELF'}, user=user2), 'himself') + def test_mods_trying_to_become_admin(test_ctx): user1 = test_ctx.user_factory(name='u1', rank=db.User.RANK_MODERATOR) user2 = test_ctx.user_factory(name='u2', rank=db.User.RANK_MODERATOR)