1
1
Fork 0
mirror of https://code.mensbeam.com/MensBeam/Arsse.git synced 2025-01-08 17:02:41 +00:00

Make token creation check that the user exists

This commit is contained in:
J. King 2019-03-10 15:54:43 -04:00
parent 3aa2b62d02
commit b02c910b1e
2 changed files with 7 additions and 0 deletions

View file

@ -392,6 +392,8 @@ class Database {
// If the user isn't authorized to perform this action then throw an exception. // If the user isn't authorized to perform this action then throw an exception.
if (!Arsse::$user->authorize($user, __FUNCTION__)) { if (!Arsse::$user->authorize($user, __FUNCTION__)) {
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]); throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
} elseif (!$this->userExists($user)) {
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
} }
// generate a token if it's not provided // generate a token if it's not provided
$id = $id ?? UUID::mint()->hex; $id = $id ?? UUID::mint()->hex;

View file

@ -96,6 +96,11 @@ trait SeriesToken {
$this->compareExpectations($state); $this->compareExpectations($state);
} }
public function testCreateATokenForAMissingUser() {
$this->assertException("doesNotExist", "User");
Arsse::$db->tokenCreate("fever.login", "jane.doe@example.biz");
}
public function testCreateATokenWithoutAuthority() { public function testCreateATokenWithoutAuthority() {
Phake::when(Arsse::$user)->authorize->thenReturn(false); Phake::when(Arsse::$user)->authorize->thenReturn(false);
$this->assertException("notAuthorized", "User", "ExceptionAuthz"); $this->assertException("notAuthorized", "User", "ExceptionAuthz");