geli-lms · PatrickSkowronek · Jun 10, 2018 · Jun 8, 2018 · Jun 8, 2018 · Jun 8, 2018
diff --git a/.travis/coveralls.sh b/.travis/coveralls.sh
@@ -31,7 +31,8 @@ echo "+ sending lcov file to coveralls"
 # since we are using typescript and remap our coverage data to the ts files we need to remove the "build" part of all paths
 # this could easily be done with some sed magic
 # search for "api/build/src" and replace it with "api/src"
-sed "s/api\/build\/src/api\/src/g" api/coverage/lcov.info | $BIN_PATH_FULL/coveralls -v
+sed -i "s/api\/build\/src/api\/src/g" api/coverage/lcov.info
+cat api/coverage/lcov.info | $BIN_PATH_FULL/coveralls -v
 
 echo "+ INFO: Currently only the api-coverdata are generated and send"
 
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -36,6 +36,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Fixed broken Apidoc [#737](https://github.com/h-da/geli/issues/737)
 - Disabled `tutor` role. [#710](https://github.com/h-da/geli/issues/710)
 - Fixed notifications on hidden units. [#733](https://github.com/utetrapp/geli/issues/733)
+- Validate user input for notication settings api. [#771](https://github.com/utetrapp/geli/issues/771)
 
 ## [[0.7.0](https://github.com/h-da/geli/releases/tag/v0.7.0)] - 2018-05-05 - SS 18 intermediate Release
 ### Added

diff --git a/api/src/controllers/NotificationSettingsController.ts b/api/src/controllers/NotificationSettingsController.ts
@@ -1,6 +1,10 @@
 import {Authorized, BadRequestError, Body, Get, JsonController, Param, Post, Put, UseBefore} from 'routing-controllers';
 import passportJwtMiddleware from '../security/passportJwtMiddleware';
-import {API_NOTIFICATION_TYPE_ALL_CHANGES, INotificationSettingsModel, NotificationSettings} from '../models/NotificationSettings';
+import {
+  API_NOTIFICATION_TYPE_ALL_CHANGES,
+  INotificationSettingsModel,
+  NotificationSettings
+} from '../models/NotificationSettings';
 import {INotificationSettings} from '../../../shared/models/INotificationSettings';
 
 @JsonController('/notificationSettings')
@@ -81,7 +85,7 @@ export class NotificationSettingsController {
   @Authorized(['student', 'teacher', 'admin'])
   @Put('/:id')
   async updateNotificationSettings(@Param('id') id: string, @Body() notificationSettings: INotificationSettings) {
-    if (!notificationSettings) {
+    if (!notificationSettings.course || !notificationSettings.user) {
       throw new BadRequestError('notification needs fields course and user');
     }
     const settings: INotificationSettingsModel =

diff --git a/api/test/controllers/TestNotificationSettingsController.ts b/api/test/controllers/TestNotificationSettingsController.ts
@@ -3,7 +3,11 @@ import {Server} from '../../src/server';
 import {FixtureLoader} from '../../fixtures/FixtureLoader';
 import {FixtureUtils} from '../../fixtures/FixtureUtils';
 import {JwtUtils} from '../../src/security/JwtUtils';
-import {API_NOTIFICATION_TYPE_ALL_CHANGES, API_NOTIFICATION_TYPE_NONE, NotificationSettings} from '../../src/models/NotificationSettings';
+import {
+  API_NOTIFICATION_TYPE_ALL_CHANGES,
+  API_NOTIFICATION_TYPE_NONE,
+  NotificationSettings
+} from '../../src/models/NotificationSettings';
 import {User} from '../../src/models/User';
 import {Course} from '../../src/models/Course';
 import chaiHttp = require('chai-http');
@@ -22,7 +26,7 @@ describe('NotificationSettings', async () => {
   describe(`POST ${BASE_URL}`, async () => {
     it('should create notification settings', async () => {
       const course = await FixtureUtils.getRandomCourse();
-      const student = await User.findById(course.students[0]);
+      const student = course.students[0];
       const newSettings = {user: student, course: course};
 
       const res = await chai.request(app)
@@ -40,6 +44,35 @@ describe('NotificationSettings', async () => {
       notificationSettings.user.toString().should.be.equal(newSettings.user._id.toString());
       notificationSettings.course.toString().should.be.equal(newSettings.course._id.toString());
     });
+
+    it('should fail when already exist', async () => {
+      const course = await FixtureUtils.getRandomCourse();
+      const student = course.students[0];
+      const newSettings = {user: student, course: course};
+
+      const res = await chai.request(app)
+        .post(BASE_URL)
+        .set('Authorization', `JWT ${JwtUtils.generateToken(student)}`)
+        .send(newSettings);
+      res.status.should.be.equals(200);
+
+      const resFail = await chai.request(app)
+        .post(BASE_URL)
+        .set('Authorization', `JWT ${JwtUtils.generateToken(student)}`)
+        .send(newSettings);
+      resFail.status.should.be.equals(400);
+    });
+
+    it('should fail when course or user missing', async () => {
+      const course = await FixtureUtils.getRandomCourse();
+      const student = course.students[0];
+
+      const res = await chai.request(app)
+        .post(BASE_URL)
+        .set('Authorization', `JWT ${JwtUtils.generateToken(student)}`)
+        .send({});
+      res.status.should.be.equals(400);
+    });
   });
 
   describe(`GET ${BASE_URL} user :id`, () => {
@@ -102,6 +135,24 @@ describe('NotificationSettings', async () => {
       res.body.should.have.property('course');
       res.body._id.should.be.a('string');
     });
+
+    it('should fail when missing course or user', async () => {
+      const course = await FixtureUtils.getRandomCourse();
+      const student = course.students[Math.floor(Math.random() * course.students.length)];
+
+      const settings = await new NotificationSettings({
+        'user': student,
+        'course': course,
+        'notificationType': API_NOTIFICATION_TYPE_ALL_CHANGES,
+        'emailNotification': false
+      }).save();
+
+      const res = await chai.request(app)
+        .put(`${BASE_URL}/${settings._id}`)
+        .set('Authorization', `JWT ${JwtUtils.generateToken(student)}`)
+        .send([]);
+      res.should.have.status(400);
+    });
   });
 });