dearsky/ntfy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

prevent changing admin passwords

Browse Source
This commit is contained in:
Hunter Kehoe
2025-01-25 21:37:23 -07:00
parent 8f9dafce20
commit ad7ab18fb7
2 changed files with 19 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
server/server_admin_test.go
View File

@@ -59,7 +59,7 @@ func TestUser_AddRemove(t *testing.T) {
require.Equal(t, user.Everyone, users[2].Name)
}
func TestUser_ChangePassword(t *testing.T) {
func TestUser_ChangeUserPassword(t *testing.T) {
s := newTestServer(t, newTestConfigWithAuthFile(t))
defer s.closeDatabases()
@@ -97,6 +97,21 @@ func TestUser_ChangePassword(t *testing.T) {
require.Equal(t, 200, rr.Code)
}
func TestUser_DontChangeAdminPassword(t *testing.T) {
s := newTestServer(t, newTestConfigWithAuthFile(t))
defer s.closeDatabases()
// Create admin
require.Nil(t, s.userManager.AddUser("phil", "phil", user.RoleAdmin))
require.Nil(t, s.userManager.AddUser("admin", "admin", user.RoleAdmin))
// Try to change password via API
rr := request(t, s, "PUT", "/v1/users", `{"username": "admin", "password": "admin-new", "force":true}`, map[string]string{
"Authorization": util.BasicAuth("phil", "phil"),
})
require.Equal(t, 403, rr.Code)
}
func TestUser_AddRemove_Failures(t *testing.T) {
s := newTestServer(t, newTestConfigWithAuthFile(t))
defer s.closeDatabases()