fix(server): don't publicly reveal user count (#4409)

* fix: don't reveal user count publicly * fix: mobile and user controller * fix: update other frontend endpoints * fix: revert openapi change * chore: open api * fix: initialize * openapi --------- Co-authored-by: Alex Tran <alex.tran1502@gmail.com>
2025-10-29 17:40:28 +00:00 · 2023-10-11 04:37:13 +02:00
parent 09bf1c9175
commit 41befc0948
20 changed files with 101 additions and 15 deletions
--- a/server/test/e2e/server-info.e2e-spec.ts
+++ b/server/test/e2e/server-info.e2e-spec.ts
@@ -102,6 +102,7 @@ describe(`${ServerInfoController.name} (e2e)`, () => {
        oauthButtonText: 'Login with OAuth',
        mapTileUrl: 'https://tile.openstreetmap.org/{z}/{x}/{y}.png',
        trashDays: 30,
+        isInitialized: true,
      });
    });
  });
--- a/server/test/e2e/user.e2e-spec.ts
+++ b/server/test/e2e/user.e2e-spec.ts
@@ -311,10 +311,10 @@ describe(`${UserController.name}`, () => {
  });

  describe('GET /user/count', () => {
-    it('should not require authentication', async () => {
+    it('should require authentication', async () => {
      const { status, body } = await request(server).get(`/user/count`);
-      expect(status).toBe(200);
-      expect(body).toEqual({ userCount: 1 });
+      expect(status).toBe(401);
+      expect(body).toEqual(errorStub.unauthorized);
    });

    it('should start with just the admin', async () => {
--- a/server/test/repositories/user.repository.mock.ts
+++ b/server/test/repositories/user.repository.mock.ts
@@ -14,5 +14,6 @@ export const newUserRepositoryMock = (): jest.Mocked<IUserRepository> => {
    delete: jest.fn(),
    getDeletedUsers: jest.fn(),
    restore: jest.fn(),
+    hasAdmin: jest.fn(),
  };
 };