diff --git a/lib/imageserv.js b/lib/imageserv.js index ff861f21..e3258dd5 100644 --- a/lib/imageserv.js +++ b/lib/imageserv.js @@ -42,7 +42,7 @@ const upload = multer({ const uploadAsync = util.promisify(upload); exports.uploadImage = async (req, res) => { - const oldimg = req.user.image; + const oldimg = req.currentUser.image; // If upload folder doesn't exists, create it. if (!fs.existsSync(uploadFolderName)) { @@ -72,7 +72,7 @@ exports.uploadImage = async (req, res) => { return errors.makeValidationError(res, 'Malformed file content.'); } - await req.user.update({ + await req.currentUser.update({ image: req.file.filename }); @@ -84,24 +84,24 @@ exports.uploadImage = async (req, res) => { return res.json({ success: true, message: 'File uploaded successfully', - data: req.user.image, + data: req.currentUser.image, }); }; exports.removeImage = async (req, res) => { - if (!req.user.image) { + if (!req.currentUser.image) { return errors.makeValidationError(res, 'No image is specified for the user.'); } - await fs.promises.unlink(path.join(uploadFolderName, req.user.image)); + await fs.promises.unlink(path.join(uploadFolderName, req.currentUser.image)); - await req.user.update({ + await req.currentUser.update({ image: null }); return res.json({ success: true, message: 'File removed successfully', - data: req.user.image + data: req.currentUser.image }); }; diff --git a/test/api/users-image-remove.test.js b/test/api/users-image-remove.test.js index 26fa8157..afe35172 100644 --- a/test/api/users-image-remove.test.js +++ b/test/api/users-image-remove.test.js @@ -71,4 +71,61 @@ describe('Users image remove', () => { userFromDb = await User.findByPk(user.id); expect(userFromDb.image).toEqual(null); }); + + it('should remove a file of another user', async () => { + const admin = await generator.createUser({ superadmin: true }); + const token = await generator.createAccessToken(admin); + + const user = await generator.createUser(); + + const firstRequest = await request({ + uri: '/members/' + admin.id + '/upload', + method: 'POST', + headers: { 'X-Auth-Token': token.value }, + formData: { + head_image: fs.createReadStream('./test/assets/valid_image.png') + } + }); + + expect(firstRequest.statusCode).toEqual(200); + + const adminFromDbBeforeChange = await User.findByPk(admin.id); + + const secondRequest = await request({ + uri: '/members/' + user.id + '/upload', + method: 'POST', + headers: { 'X-Auth-Token': token.value }, + formData: { + head_image: fs.createReadStream('./test/assets/valid_second_image.PNG') + } + }); + + expect(secondRequest.statusCode).toEqual(200); + + let userFromDb = await User.findByPk(user.id); + + const res = await request({ + uri: '/members/' + user.id + '/image', + method: 'DELETE', + headers: { 'X-Auth-Token': token.value } + }); + + expect(res.statusCode).toEqual(200); + expect(res.body.success).toEqual(true); + expect(res.body).toHaveProperty('message'); + + const oldImgPath = path.join(__dirname, '..', '..', config.media_dir, 'headimages', userFromDb.image); + expect(fs.existsSync(oldImgPath)).toEqual(false); + + userFromDb = await User.findByPk(user.id); + expect(userFromDb.image).toEqual(null); + + const adminFromDb = await User.findByPk(admin.id); + + expect(adminFromDb.image).not.toEqual(null); + expect(adminFromDbBeforeChange.image).toEqual(adminFromDb.image); + + const adminImgPath = path.join(__dirname, '..', '..', config.media_dir, 'headimages', adminFromDb.image); + expect(fs.existsSync(adminImgPath)).toEqual(true); + }); }); diff --git a/test/api/users-image-upload.test.js b/test/api/users-image-upload.test.js index a69c5319..1030c079 100644 --- a/test/api/users-image-upload.test.js +++ b/test/api/users-image-upload.test.js @@ -178,4 +178,49 @@ describe('Users image upload', () => { const oldImgPath = path.join(__dirname, '..', '..', config.media_dir, 'headimages', userFromDb.image); expect(fs.existsSync(oldImgPath)).toEqual(false); }); + + it('should update a valid image to only another user if other user is selected', async () => { + const admin = await generator.createUser({ superadmin: true }); + const token = await generator.createAccessToken(admin); + + const user = await generator.createUser(); + + const firstRequest = await request({ + uri: '/members/' + admin.id + '/upload', + method: 'POST', + headers: { 'X-Auth-Token': token.value }, + formData: { + head_image: fs.createReadStream('./test/assets/valid_image.png') + } + }); + + expect(firstRequest.statusCode).toEqual(200); + + const adminFromDbBeforeChange = await User.findByPk(admin.id); + + const res = await request({ + uri: '/members/' + user.id + '/upload', + method: 'POST', + headers: { 'X-Auth-Token': token.value }, + formData: { + head_image: fs.createReadStream('./test/assets/valid_second_image.PNG') + } + }); + + expect(res.statusCode).toEqual(200); + expect(res.body.success).toEqual(true); + expect(res.body).toHaveProperty('message'); + + const userFromDb = await User.findByPk(user.id); + + const imgPath = path.join(__dirname, '..', '..', config.media_dir, 'headimages', userFromDb.image); + expect(fs.existsSync(imgPath)).toEqual(true); + + const adminFromDb = await User.findByPk(admin.id); + + expect(adminFromDbBeforeChange.image).toEqual(adminFromDb.image); + + const adminImgPath = path.join(__dirname, '..', '..', config.media_dir, 'headimages', adminFromDb.image); + expect(fs.existsSync(adminImgPath)).toEqual(true); + }); });