diff --git a/src/routes/postWarning.ts b/src/routes/postWarning.ts index 8a503e7..f003570 100644 --- a/src/routes/postWarning.ts +++ b/src/routes/postWarning.ts @@ -22,17 +22,15 @@ function checkExpiredWarning(warning: warningEntry): boolean { } export async function postWarning(req: Request, res: Response): Promise { - // exit early if no body passed in - if (!req.body.userID && !req.body.issuerUserID) return res.status(400).json({ "message": "Missing parameters" }); - // Collect user input data - const issuerUserID: HashedUserID = await getHashCache( req.body.issuerUserID); - const userID: UserID = req.body.userID; + if (!req.body.userID) return res.status(400).json({ "message": "Missing parameters" }); + + const issuerUserID: HashedUserID = req.body.issuerUserID ? await getHashCache(req.body.issuerUserID as UserID) : null; + const userID: HashedUserID = issuerUserID ? req.body.userID : await getHashCache(req.body.userID as UserID); const issueTime = new Date().getTime(); const enabled: boolean = req.body.enabled ?? true; const reason: string = req.body.reason ?? ""; - // Ensure user is a VIP - if (!await isUserVIP(issuerUserID)) { + if ((!issuerUserID && enabled) ||(issuerUserID && !await isUserVIP(issuerUserID))) { Logger.warn(`Permission violation: User ${issuerUserID} attempted to warn user ${userID}.`); return res.status(403).json({ "message": "Not a VIP" }); } diff --git a/test/cases/postWarning.ts b/test/cases/postWarning.ts index 93730b3..b49910f 100644 --- a/test/cases/postWarning.ts +++ b/test/cases/postWarning.ts @@ -9,6 +9,8 @@ describe("postWarning", () => { const endpoint = "/api/warnUser"; const getWarning = (userID: string) => db.prepare("get", `SELECT "userID", "issueTime", "issuerUserID", enabled, "reason" FROM warnings WHERE "userID" = ?`, [userID]); + const warnedUser = getHash("warning-0"); + before(async () => { await db.prepare("run", `INSERT INTO "vipUsers" ("userID") VALUES (?)`, [getHash("warning-vip")]); }); @@ -16,7 +18,7 @@ describe("postWarning", () => { it("Should be able to create warning if vip (exp 200)", (done) => { const json = { issuerUserID: "warning-vip", - userID: "warning-0", + userID: warnedUser, reason: "warning-reason-0" }; client.post(endpoint, json) @@ -37,7 +39,7 @@ describe("postWarning", () => { it("Should be not be able to create a duplicate warning if vip", (done) => { const json = { issuerUserID: "warning-vip", - userID: "warning-0", + userID: warnedUser, }; client.post(endpoint, json) @@ -57,7 +59,7 @@ describe("postWarning", () => { it("Should be able to remove warning if vip", (done) => { const json = { issuerUserID: "warning-vip", - userID: "warning-0", + userID: warnedUser, enabled: false }; @@ -100,7 +102,7 @@ describe("postWarning", () => { it("Should re-enable disabled warning", (done) => { const json = { issuerUserID: "warning-vip", - userID: "warning-0", + userID: warnedUser, enabled: true }; @@ -116,4 +118,23 @@ describe("postWarning", () => { }) .catch(err => done(err)); }); + + it("Should be able to remove your own warning", (done) => { + const json = { + userID: "warning-0", + enabled: false + }; + + client.post(endpoint, json) + .then(async res => { + assert.strictEqual(res.status, 200); + const data = await getWarning(warnedUser); + const expected = { + enabled: 0 + }; + assert.ok(partialDeepEquals(data, expected)); + done(); + }) + .catch(err => done(err)); + }); });