aljaz/btcpayserver
1
0
Fork 0
mirror of https://github.com/aljazceru/btcpayserver.git synced 2025-12-18 22:44:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Improve tests and small refactoring

Browse Source
This commit is contained in:
Kukks
2021-06-04 12:20:45 +02:00
parent ca3f97c42f
commit 28da78fc78
3 changed files with 39 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
BTCPayServer.Client/BTCPayServerClient.Users.cs
View File

@@ -21,11 +21,15 @@ namespace BTCPayServer.Client
return await HandleResponse<ApplicationUserData>(response); return await HandleResponse<ApplicationUserData>(response);
} }
public virtual async Task<HttpResponseMessage> DeleteUser(string userId, CancellationToken token = default) public virtual async Task DeleteUser(string userId, CancellationToken token = default)
{ {
var response = await _httpClient.SendAsync(CreateHttpRequest($"api/v1/users/{userId}", null, HttpMethod.Delete), token); var response = await _httpClient.SendAsync(CreateHttpRequest($"api/v1/users/{userId}", null, HttpMethod.Delete), token);
await HandleResponse(response); await HandleResponse(response);
return response; }
public virtual async Task DeleteCurrentUser(CancellationToken token = default)
{
await DeleteUser("me", token);
} }
} }
} }

25
BTCPayServer.Tests/GreenfieldAPITests.cs
View File

@@ -131,8 +131,7 @@ namespace BTCPayServer.Tests
[Trait("Integration", "Integration")] [Trait("Integration", "Integration")]
public async Task CanDeleteUsersViaApi() public async Task CanDeleteUsersViaApi()
{ {
using (var tester = ServerTester.Create(newDb: true)) using var tester = ServerTester.Create(newDb: true);
{
await tester.StartAsync(); await tester.StartAsync();
var unauthClient = new BTCPayServerClient(tester.PayTester.ServerUri); var unauthClient = new BTCPayServerClient(tester.PayTester.ServerUri);
// Should not be authorized to perform this action // Should not be authorized to perform this action
@@ -140,13 +139,31 @@ namespace BTCPayServer.Tests
async () => await unauthClient.DeleteUser("lol user id")); async () => await unauthClient.DeleteUser("lol user id"));
var user = tester.NewAccount(); var user = tester.NewAccount();
user.GrantAccess(); await user.GrantAccessAsync();
await user.MakeAdmin(); await user.MakeAdmin();
var adminClient = await user.CreateClient(Policies.Unrestricted); var adminClient = await user.CreateClient(Policies.Unrestricted);
//can't delete if the only admin
await AssertHttpError(403,
async () => await adminClient.DeleteCurrentUser());
// Should 404 if user doesn't exist // Should 404 if user doesn't exist
await AssertHttpError(404, await AssertHttpError(404,
async () => await adminClient.DeleteUser("lol user id")); async () => await adminClient.DeleteUser("lol user id"));
}
user = tester.NewAccount();
await user.GrantAccessAsync();
var badClient = await user.CreateClient(Policies.CanCreateInvoice);
await AssertHttpError(403,
async () => await badClient.DeleteCurrentUser());
var goodClient = await user.CreateClient(Policies.CanDeleteUser, Policies.CanViewProfile);
await goodClient.DeleteCurrentUser();
await AssertHttpError(404,
async () => await adminClient.DeleteUser(user.UserId));
tester.Stores.Remove(user.StoreId);
} }
[Fact(Timeout = TestTimeout)] [Fact(Timeout = TestTimeout)]

19
BTCPayServer/Controllers/GreenField/UsersController.cs
View File

@@ -37,9 +37,6 @@ namespace BTCPayServer.Controllers.GreenField
private readonly BTCPayServerOptions _options; private readonly BTCPayServerOptions _options;
private readonly IAuthorizationService _authorizationService; private readonly IAuthorizationService _authorizationService;
private readonly CssThemeManager _themeManager; private readonly CssThemeManager _themeManager;
private readonly FileService _fileService;
private readonly StoredFileRepository _storedFileRepository;
private readonly StoreRepository _storeRepository;
private readonly UserService _userService; private readonly UserService _userService;
public UsersController(UserManager<ApplicationUser> userManager, public UsersController(UserManager<ApplicationUser> userManager,
@@ -51,9 +48,6 @@ namespace BTCPayServer.Controllers.GreenField
BTCPayServerOptions options, BTCPayServerOptions options,
IAuthorizationService authorizationService, IAuthorizationService authorizationService,
CssThemeManager themeManager, CssThemeManager themeManager,
FileService fileService,
StoredFileRepository storedFileRepository,
StoreRepository storeRepository,
UserService userService) UserService userService)
{ {
_userManager = userManager; _userManager = userManager;
@@ -65,9 +59,6 @@ namespace BTCPayServer.Controllers.GreenField
_options = options; _options = options;
_authorizationService = authorizationService; _authorizationService = authorizationService;
_themeManager = themeManager; _themeManager = themeManager;
_fileService = fileService;
_storedFileRepository = storedFileRepository;
_storeRepository = storeRepository;
_userService = userService; _userService = userService;
} }
@@ -83,15 +74,7 @@ namespace BTCPayServer.Controllers.GreenField
[HttpDelete("~/api/v1/users/me")] [HttpDelete("~/api/v1/users/me")]
public async Task<IActionResult> DeleteCurrentUser() public async Task<IActionResult> DeleteCurrentUser()
{ {
// Don't want to allow the user to delete themselves if they are the only admin return await DeleteUser(_userManager.GetUserId(User));
if (await IsUserTheOnlyOneAdmin()) {
return Forbid(AuthenticationSchemes.GreenfieldBasic);
}
var user = await _userManager.GetUserAsync(User);
await _userService.DeleteUserAndAssociatedData(user);
return Ok();
} }
[AllowAnonymous] [AllowAnonymous]