mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2025-01-08 17:02:41 +00:00
Make token creation check that the user exists
This commit is contained in:
parent
3aa2b62d02
commit
b02c910b1e
2 changed files with 7 additions and 0 deletions
|
@ -392,6 +392,8 @@ class Database {
|
||||||
// If the user isn't authorized to perform this action then throw an exception.
|
// If the user isn't authorized to perform this action then throw an exception.
|
||||||
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
||||||
|
} elseif (!$this->userExists($user)) {
|
||||||
|
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
|
||||||
}
|
}
|
||||||
// generate a token if it's not provided
|
// generate a token if it's not provided
|
||||||
$id = $id ?? UUID::mint()->hex;
|
$id = $id ?? UUID::mint()->hex;
|
||||||
|
|
|
@ -96,6 +96,11 @@ trait SeriesToken {
|
||||||
$this->compareExpectations($state);
|
$this->compareExpectations($state);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testCreateATokenForAMissingUser() {
|
||||||
|
$this->assertException("doesNotExist", "User");
|
||||||
|
Arsse::$db->tokenCreate("fever.login", "jane.doe@example.biz");
|
||||||
|
}
|
||||||
|
|
||||||
public function testCreateATokenWithoutAuthority() {
|
public function testCreateATokenWithoutAuthority() {
|
||||||
Phake::when(Arsse::$user)->authorize->thenReturn(false);
|
Phake::when(Arsse::$user)->authorize->thenReturn(false);
|
||||||
$this->assertException("notAuthorized", "User", "ExceptionAuthz");
|
$this->assertException("notAuthorized", "User", "ExceptionAuthz");
|
||||||
|
|
Loading…
Reference in a new issue