chore(userAccounts): do not allow creating a user with the same usern…

…ame as admin
benjohns1 · Mar 4, 2024 · bb9e75a · bb9e75a
1 parent e0340c6
commit bb9e75a
Show file tree

Hide file tree

Showing 4 changed files with 23 additions and 1 deletion.
diff --git a/app/users.go b/app/users.go
@@ -18,6 +18,13 @@ type (
 var ErrDuplicateUsername = fmt.Errorf("username already exists")
 
 func (a *App) CreateUser(ctx context.Context, args CreateUserArgs) error {
+	_, found, err := a.getCredentials(args.Username)
+	if err != nil {
+		return Err(ErrInternal, err)
+	}
+	if found {
+		return ErrUser("Error creating user", fmt.Sprintf("Username %q is reserved and cannot be used.", args.Username), fmt.Errorf("attempted to create a user with same username as the system admin %q", args.Username))
+	}
 	uID, err := a.cfg.GenerateUserID()
 	if err != nil {
 		return Err(ErrInternal, fmt.Errorf("generating user ID: %w", err))

diff --git a/app/web/users.go b/app/web/users.go
@@ -85,7 +85,11 @@ func deleteUsers(ctx iris.Context, a App) error {
 		if err != nil {
 			setFlashErr(ctx, a, err)
 		} else {
-			setFlashSuccess(ctx, fmt.Sprintf("Deleted %d users.", len(deleteUserIDs)))
+			var plural string
+			if len(deleteUserIDs) != 1 {
+				plural = "s"
+			}
+			setFlashSuccess(ctx, fmt.Sprintf("Deleted %d user%s.", len(deleteUserIDs), plural))
 		}
 	}
 

diff --git a/test/cypress/features/userAccounts.feature b/test/cypress/features/userAccounts.feature
@@ -21,6 +21,13 @@ Scenario: Admin cannot create a user with a duplicate username
 
   Then I should see a duplicate username failure message
 
+Scenario: Admin cannot create a user with the same username as the admin
+  Given I am on the user list page
+
+  When I create a new user with the username "admin" and password "password12345678"
+
+  Then I should see a reserved username failure message
+
 Scenario: Admin can delete users
   Given I am on the user list page
   And a user with the name "testuser1" exists

diff --git a/test/cypress/steps/userAccounts.ts b/test/cypress/steps/userAccounts.ts
@@ -66,6 +66,10 @@ Then("I should see a duplicate username failure message", () => {
     getMessage().should("contain", `Username "${state.user}" already exists.`);
 });
 
+Then("I should see a reserved username failure message", () => {
+    getMessage().should("contain", `Username "${state.user}" is reserved and cannot be used.`);
+});
+
 Then("I should see the user in the list", () => {
     getUsernames().first().should('contain.text', state.user);
 });