Really disallow usage of the same account for an org as the one being converted. Before, you could do so via email.
This commit is contained in:
Joseph Schorr
parent
edd0ba4cdb
commit
60036927c9
2 changed files with 16 additions and 6 deletions
|
|
@ -444,19 +444,19 @@ class ConvertToOrganization(ApiResource):
|
||||||
user = get_authenticated_user()
|
user = get_authenticated_user()
|
||||||
convert_data = request.get_json()
|
convert_data = request.get_json()
|
||||||
|
|
||||||
# Ensure that the new admin user is the not user being converted.
|
|
||||||
admin_username = convert_data['adminUser']
|
|
||||||
if admin_username == user.username:
|
|
||||||
raise request_error(reason='invaliduser',
|
|
||||||
message='The admin user is not valid')
|
|
||||||
|
|
||||||
# Ensure that the sign in credentials work.
|
# Ensure that the sign in credentials work.
|
||||||
|
admin_username = convert_data['adminUser']
|
||||||
admin_password = convert_data['adminPassword']
|
admin_password = convert_data['adminPassword']
|
||||||
(admin_user, error_message) = authentication.verify_user(admin_username, admin_password)
|
(admin_user, error_message) = authentication.verify_user(admin_username, admin_password)
|
||||||
if not admin_user:
|
if not admin_user:
|
||||||
raise request_error(reason='invaliduser',
|
raise request_error(reason='invaliduser',
|
||||||
message='The admin user credentials are not valid')
|
message='The admin user credentials are not valid')
|
||||||
|
|
||||||
|
# Ensure that the new admin user is the not user being converted.
|
||||||
|
if admin_user.id == user.id:
|
||||||
|
raise request_error(reason='invaliduser',
|
||||||
|
message='The admin user is not valid')
|
||||||
|
|
||||||
# Subscribe the organization to the new plan.
|
# Subscribe the organization to the new plan.
|
||||||
if features.BILLING:
|
if features.BILLING:
|
||||||
plan = convert_data.get('plan', 'free')
|
plan = convert_data.get('plan', 'free')
|
||||||
|
|
|
||||||
|
|
@ -307,6 +307,16 @@ class TestConvertToOrganization(ApiTestCase):
|
||||||
|
|
||||||
self.assertEqual('The admin user is not valid', json['message'])
|
self.assertEqual('The admin user is not valid', json['message'])
|
||||||
|
|
||||||
|
def test_sameadminuser_by_email(self):
|
||||||
|
self.login(READ_ACCESS_USER)
|
||||||
|
json = self.postJsonResponse(ConvertToOrganization,
|
||||||
|
data={'adminUser': 'no1@thanks.com',
|
||||||
|
'adminPassword': 'password',
|
||||||
|
'plan': 'free'},
|
||||||
|
expected_code=400)
|
||||||
|
|
||||||
|
self.assertEqual('The admin user is not valid', json['message'])
|
||||||
|
|
||||||
def test_invalidadminuser(self):
|
def test_invalidadminuser(self):
|
||||||
self.login(READ_ACCESS_USER)
|
self.login(READ_ACCESS_USER)
|
||||||
json = self.postJsonResponse(ConvertToOrganization,
|
json = self.postJsonResponse(ConvertToOrganization,
|
||||||
|
|
|
||||||
Reference in a new issue