fix: null validation (#25891)

2026-03-23 23:49:46 +03:00 · 2026-02-04 12:27:52 -05:00
parent 440b3b4c6f
commit 9dddccd831
18 changed files with 357 additions and 47 deletions
--- a/server/src/controllers/user-admin.controller.spec.ts
+++ b/server/src/controllers/user-admin.controller.spec.ts
@@ -31,12 +31,55 @@ describe(UserAdminController.name, () => {
    });
  });

+  describe('PUT /admin/users/:id', () => {
+    it('should be an authenticated route', async () => {
+      await request(ctx.getHttpServer()).put(`/admin/users/${factory.uuid()}`);
+      expect(ctx.authenticate).toHaveBeenCalled();
+    });
+  });
+
  describe('POST /admin/users', () => {
    it('should be an authenticated route', async () => {
      await request(ctx.getHttpServer()).post('/admin/users');
      expect(ctx.authenticate).toHaveBeenCalled();
    });

+    it('should allow a null pinCode', async () => {
+      await request(ctx.getHttpServer()).post(`/admin/users`).send({
+        name: 'Test user',
+        email: 'test@immich.cloud',
+        password: 'password',
+        pinCode: null,
+      });
+      expect(service.create).toHaveBeenCalledWith(expect.objectContaining({ pinCode: null }));
+    });
+
+    it('should allow a null avatarColor', async () => {
+      await request(ctx.getHttpServer()).post(`/admin/users`).send({
+        name: 'Test user',
+        email: 'test@immich.cloud',
+        password: 'password',
+        avatarColor: null,
+      });
+      expect(service.create).toHaveBeenCalledWith(expect.objectContaining({ avatarColor: null }));
+    });
+
+    it(`should `, async () => {
+      const dto: UserAdminCreateDto = {
+        email: 'user@immich.app',
+        password: 'test',
+        name: 'Test User',
+        quotaSizeInBytes: 1.2,
+      };
+
+      const { status, body } = await request(ctx.getHttpServer())
+        .post(`/admin/users`)
+        .set('Authorization', `Bearer token`)
+        .send(dto);
+      expect(status).toBe(400);
+      expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['quotaSizeInBytes must be an integer number'])));
+    });
+
    it(`should not allow decimal quota`, async () => {
      const dto: UserAdminCreateDto = {
        email: 'user@immich.app',
@@ -75,5 +118,17 @@ describe(UserAdminController.name, () => {
      expect(status).toBe(400);
      expect(body).toEqual(errorDto.badRequest(expect.arrayContaining(['quotaSizeInBytes must be an integer number'])));
    });
+
+    it('should allow a null pinCode', async () => {
+      const id = factory.uuid();
+      await request(ctx.getHttpServer()).put(`/admin/users/${id}`).send({ pinCode: null });
+      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ pinCode: null }));
+    });
+
+    it('should allow a null avatarColor', async () => {
+      const id = factory.uuid();
+      await request(ctx.getHttpServer()).put(`/admin/users/${id}`).send({ avatarColor: null });
+      expect(service.update).toHaveBeenCalledWith(undefined, id, expect.objectContaining({ avatarColor: null }));
+    });
  });
 });