dearsky/ntfy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent changing a provisioned user's password

Browse Source
This commit is contained in:
Hunter Kehoe
2025-08-03 16:07:24 -06:00
parent 15a7f86344
commit 81463614c9
8 changed files with 54 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
server/server_account_test.go
View File

@@ -251,7 +251,11 @@ func TestAccount_Subscription_AddUpdateDelete(t *testing.T) {
}
func TestAccount_ChangePassword(t *testing.T) {
s := newTestServer(t, newTestConfigWithAuthFile(t))
conf := newTestConfigWithAuthFile(t)
conf.AuthUsers = []*user.User{
{Name: "philuser", Hash: "$2a$10$U4WSIYY6evyGmZaraavM2e2JeVG6EMGUKN1uUwufUeeRd4Jpg6cGC", Role: user.RoleUser}, // philuser:philpass
}
s := newTestServer(t, conf)
defer s.closeDatabases()
require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleUser, false))
@@ -281,6 +285,12 @@ func TestAccount_ChangePassword(t *testing.T) {
"Authorization": util.BasicAuth("phil", "new password"),
})
require.Equal(t, 200, rr.Code)
// Cannot change password of provisioned user
rr = request(t, s, "POST", "/v1/account/password", `{"password": "philpass", "new_password": "new password"}`, map[string]string{
"Authorization": util.BasicAuth("philuser", "philpass"),
})
require.Equal(t, 409, rr.Code)
}
func TestAccount_ChangePassword_NoAccount(t *testing.T) {