mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-31 21:12:41 +00:00
Make token creation check that the user exists
This commit is contained in:
parent
3aa2b62d02
commit
b02c910b1e
2 changed files with 7 additions and 0 deletions
|
@ -392,6 +392,8 @@ class Database {
|
|||
// If the user isn't authorized to perform this action then throw an exception.
|
||||
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
||||
} elseif (!$this->userExists($user)) {
|
||||
throw new User\Exception("doesNotExist", ["action" => __FUNCTION__, "user" => $user]);
|
||||
}
|
||||
// generate a token if it's not provided
|
||||
$id = $id ?? UUID::mint()->hex;
|
||||
|
|
|
@ -96,6 +96,11 @@ trait SeriesToken {
|
|||
$this->compareExpectations($state);
|
||||
}
|
||||
|
||||
public function testCreateATokenForAMissingUser() {
|
||||
$this->assertException("doesNotExist", "User");
|
||||
Arsse::$db->tokenCreate("fever.login", "jane.doe@example.biz");
|
||||
}
|
||||
|
||||
public function testCreateATokenWithoutAuthority() {
|
||||
Phake::when(Arsse::$user)->authorize->thenReturn(false);
|
||||
$this->assertException("notAuthorized", "User", "ExceptionAuthz");
|
||||
|
|
Loading…
Reference in a new issue