src/socket.io/admin/user.js

'use strict';

const async = require('async');
const winston = require('winston');

const db = require('../../database');
const groups = require('../../groups');
const user = require('../../user');
const events = require('../../events');
const meta = require('../../meta');
const plugins = require('../../plugins');
const translator = require('../../translator');

const User = module.exports;

User.makeAdmins = async function (socket, uids) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}
	const userData = await user.getUsersFields(uids, ['banned']);
	userData.forEach((userData) => {
		if (userData && userData.banned) {
			throw new Error('[[error:cant-make-banned-users-admin]]');
		}
	});
	for (const uid of uids) {
		/* eslint-disable no-await-in-loop */
		await groups.join('administrators', uid);
		await events.log({
			type: 'user-makeAdmin',
			uid: socket.uid,
			targetUid: uid,
			ip: socket.ip,
		});
	}
};

User.removeAdmins = async function (socket, uids) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}
	for (const uid of uids) {
		/* eslint-disable no-await-in-loop */
		const count = await groups.getMemberCount('administrators');
		if (count === 1) {
			throw new Error('[[error:cant-remove-last-admin]]');
		}
		await groups.leave('administrators', uid);
		await events.log({
			type: 'user-removeAdmin',
			uid: socket.uid,
			targetUid: uid,
			ip: socket.ip,
		});
	}
};

User.createUser = async function (socket, userData) {
	if (!userData) {
		throw new Error('[[error:invalid-data]]');
	}
	return await user.create(userData);
};

User.resetLockouts = async function (socket, uids) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}
	await Promise.all(uids.map(uid => user.auth.resetLockout(uid)));
};

User.validateEmail = async function (socket, uids) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}

	uids = uids.filter(uid => parseInt(uid, 10));
	await db.setObjectField(uids.map(uid => 'user:' + uid), 'email:confirmed', 1);
	await db.sortedSetRemove('users:notvalidated', uids);
};

User.sendValidationEmail = async function (socket, uids) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}

	if (!meta.config.requireEmailConfirmation) {
		throw new Error('[[error:email-confirmations-are-disabled]]');
	}

	await async.eachLimit(uids, 50, async function (uid) {
		await user.email.sendValidationEmail(uid);
	});
};

User.sendPasswordResetEmail = async function (socket, uids) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}

	uids = uids.filter(uid => parseInt(uid, 10));

	await Promise.all(uids.map(async function (uid) {
		const userData = await user.getUserFields(uid, ['email', 'username']);
		if (!userData.email) {
			throw new Error('[[error:user-doesnt-have-email, ' + userData.username + ']]');
		}
		await user.reset.send(userData.email);
	}));
};

User.forcePasswordReset = async function (socket, uids) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}

	uids = uids.filter(uid => parseInt(uid, 10));

	await db.setObjectField(uids.map(uid => 'user:' + uid), 'passwordExpiry', Date.now());
	await user.auth.revokeAllSessions(uids);
};

User.deleteUsers = async function (socket, uids) {
	deleteUsers(socket, uids, async function (uid) {
		await user.deleteAccount(uid);
	});
};

User.deleteUsersAndContent = async function (socket, uids) {
	deleteUsers(socket, uids, async function (uid) {
		await user.delete(socket.uid, uid);
	});
};

async function deleteUsers(socket, uids, method) {
	if (!Array.isArray(uids)) {
		throw new Error('[[error:invalid-data]]');
	}
	const isMembers = await groups.isMembers(uids, 'administrators');
	if (isMembers.includes(true)) {
		throw new Error('[[error:cant-delete-other-admins]]');
	}
	async function doDelete(uid) {
		const userData = await method(uid);
		await events.log({
			type: 'user-delete',
			uid: socket.uid,
			targetUid: uid,
			ip: socket.ip,
			username: userData.username,
			email: userData.email,
		});
		plugins.fireHook('action:user.delete', {
			callerUid: socket.uid,
			uid: uid,
			ip: socket.ip,
		});
	}
	try {
		await Promise.all(uids.map(uid => doDelete(uid)));
	} catch (err) {
		winston.error(err);
	}
}

User.search = async function (socket, data) {
	const searchData = await user.search({
		query: data.query,
		searchBy: data.searchBy,
		uid: socket.uid,
	});

	if (!searchData.users.length) {
		return searchData;
	}

	const uids = searchData.users.map(user => user && user.uid);
	const userInfo = await user.getUsersFields(uids, ['email', 'flags', 'lastonline', 'joindate']);

	searchData.users.forEach(function (user, index) {
		if (user && userInfo[index]) {
			user.email = userInfo[index].email;
			user.flags = userInfo[index].flags || 0;
			user.lastonlineISO = userInfo[index].lastonlineISO;
			user.joindateISO = userInfo[index].joindateISO;
		}
	});
	return searchData;
};

User.restartJobs = async function () {
	user.startJobs();
};

User.loadGroups = async function (socket, uids) {
	const [userData, groupData] = await Promise.all([
		user.getUsersData(uids),
		groups.getUserGroupsFromSet('groups:createtime', uids),
	]);
	userData.forEach((data, index) => {
		data.groups = groupData[index].filter(group => !groups.isPrivilegeGroup(group.name));
		data.groups.forEach((group) => {
			group.nameEscaped = translator.escape(group.displayName);
		});
	});
	return { users: userData };
};
ESlint quotes 2017-02-18 01:56:23 -07:00			`'use strict';`
socket.io admin/user 2014-04-15 02:25:42 -04:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`const async = require('async');`
			`const winston = require('winston');`
closes #5060 2016-09-27 13:31:50 +03:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`const db = require('../../database');`
			`const groups = require('../../groups');`
			`const user = require('../../user');`
			`const events = require('../../events');`
			`const meta = require('../../meta');`
			`const plugins = require('../../plugins');`
feat: #5272, allow changing user groups from manage users page 2019-12-04 11:14:01 -05:00			`const translator = require('../../translator');`
socket.io admin/user 2014-04-15 02:25:42 -04:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`const User = module.exports;`
socket.io admin/user 2014-04-15 02:25:42 -04:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.makeAdmins = async function (socket, uids) {`
ESlint keyword-spacing, no-multi-spaces 2017-02-18 01:52:56 -07:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
			`}`
			`const userData = await user.getUsersFields(uids, ['banned']);`
			`userData.forEach((userData) => {`
			`if (userData && userData.banned) {`
			`throw new Error('[[error:cant-make-banned-users-admin]]');`
			`}`
			`});`
			`for (const uid of uids) {`
			`/* eslint-disable no-await-in-loop */`
			`await groups.join('administrators', uid);`
			`await events.log({`
			`type: 'user-makeAdmin',`
			`uid: socket.uid,`
			`targetUid: uid,`
			`ip: socket.ip,`
			`});`
some checks to make last admin isnt removed 2014-06-13 22:48:24 -04:00			`}`
socket.io admin/user 2014-04-15 02:25:42 -04:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.removeAdmins = async function (socket, uids) {`
ESlint keyword-spacing, no-multi-spaces 2017-02-18 01:52:56 -07:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
			`}`
			`for (const uid of uids) {`
			`/* eslint-disable no-await-in-loop */`
			`const count = await groups.getMemberCount('administrators');`
			`if (count === 1) {`
			`throw new Error('[[error:cant-remove-last-admin]]');`
			`}`
			`await groups.leave('administrators', uid);`
			`await events.log({`
			`type: 'user-removeAdmin',`
			`uid: socket.uid,`
			`targetUid: uid,`
			`ip: socket.ip,`
			`});`
closes #1487 ban and delete user admin actions takes an array of uids now. 2014-05-05 16:48:09 -04:00			`}`
some checks to make last admin isnt removed 2014-06-13 22:48:24 -04:00			`};`
closes #1487 ban and delete user admin actions takes an array of uids now. 2014-05-05 16:48:09 -04:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.createUser = async function (socket, userData) {`
socket.io admin/user 2014-04-15 02:25:42 -04:00			`if (!userData) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
socket.io admin/user 2014-04-15 02:25:42 -04:00			`}`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`return await user.create(userData);`
socket.io admin/user 2014-04-15 02:25:42 -04:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.resetLockouts = async function (socket, uids) {`
closes #1971 2014-08-14 08:34:38 -04:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
closes #1971 2014-08-14 08:34:38 -04:00			`}`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`await Promise.all(uids.map(uid => user.auth.resetLockout(uid)));`
closes #1971 2014-08-14 08:34:38 -04:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.validateEmail = async function (socket, uids) {`
closes #2213 2014-10-06 13:11:12 -04:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
closes #2213 2014-10-06 13:11:12 -04:00			`}`

closes #6910 2018-11-05 08:20:43 -05:00			`uids = uids.filter(uid => parseInt(uid, 10));`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`await db.setObjectField(uids.map(uid => 'user:' + uid), 'email:confirmed', 1);`
			`await db.sortedSetRemove('users:notvalidated', uids);`
closes #2315 2014-11-03 15:31:41 -05:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.sendValidationEmail = async function (socket, uids) {`
closes #2640 2015-02-11 14:44:56 -05:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
closes #2640 2015-02-11 14:44:56 -05:00			`}`
closes #2971 2015-04-13 17:29:43 -04:00
Parse int (#6853) * Store config fields as JSON in the db Fewer parseInts * Remove unnecessary parseInts * remove some dupe code add tests * remove console.log * remove more parseInts * WIP: read meta.configs defaults from defaults.json remove more parseInts * more work * add log for failing test * update admin pwd * fix tests, dont require posts/cache before configs are initialized * handle saves * Test boolean conditions * remove more parseInts * Fix boolean values * remove lots more parseInts * removed json parsing * renamed var to number * categories dont have timestamp 2018-10-21 16:47:51 -04:00			`if (!meta.config.requireEmailConfirmation) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:email-confirmations-are-disabled]]');`
closes #2640 2015-02-11 14:44:56 -05:00			`}`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`await async.eachLimit(uids, 50, async function (uid) {`
			`await user.email.sendValidationEmail(uid);`
			`});`
closes #2640 2015-02-11 14:44:56 -05:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.sendPasswordResetEmail = async function (socket, uids) {`
closes #2315 2014-11-03 15:31:41 -05:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
closes #2315 2014-11-03 15:31:41 -05:00			`}`

closes #6910 2018-11-05 08:20:43 -05:00			`uids = uids.filter(uid => parseInt(uid, 10));`
closes #2315 2014-11-03 15:31:41 -05:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`await Promise.all(uids.map(async function (uid) {`
			`const userData = await user.getUserFields(uid, ['email', 'username']);`
			`if (!userData.email) {`
			`throw new Error('[[error:user-doesnt-have-email, ' + userData.username + ']]');`
			`}`
			`await user.reset.send(userData.email);`
			`}));`
closes #2213 2014-10-06 13:11:12 -04:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.forcePasswordReset = async function (socket, uids) {`
feat: manual password expiry. closes #7471 2019-03-20 16:34:22 -04:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
feat: manual password expiry. closes #7471 2019-03-20 16:34:22 -04:00			`}`

			`uids = uids.filter(uid => parseInt(uid, 10));`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`await db.setObjectField(uids.map(uid => 'user:' + uid), 'passwordExpiry', Date.now());`
			`await user.auth.revokeAllSessions(uids);`
feat: manual password expiry. closes #7471 2019-03-20 16:34:22 -04:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.deleteUsers = async function (socket, uids) {`
			`deleteUsers(socket, uids, async function (uid) {`
			`await user.deleteAccount(uid);`
			`});`
closes #2832 2016-08-12 01:55:38 +03:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.deleteUsersAndContent = async function (socket, uids) {`
			`deleteUsers(socket, uids, async function (uid) {`
			`await user.delete(socket.uid, uid);`
			`});`
closes #2832 2016-08-12 01:55:38 +03:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`async function deleteUsers(socket, uids, method) {`
closes #2832 2016-08-12 01:55:38 +03:00			`if (!Array.isArray(uids)) {`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`throw new Error('[[error:invalid-data]]');`
closes #1487 ban and delete user admin actions takes an array of uids now. 2014-05-05 16:48:09 -04:00			`}`
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`const isMembers = await groups.isMembers(uids, 'administrators');`
			`if (isMembers.includes(true)) {`
			`throw new Error('[[error:cant-delete-other-admins]]');`
			`}`
			`async function doDelete(uid) {`
			`const userData = await method(uid);`
			`await events.log({`
			`type: 'user-delete',`
			`uid: socket.uid,`
			`targetUid: uid,`
			`ip: socket.ip,`
			`username: userData.username,`
			`email: userData.email,`
			`});`
			`plugins.fireHook('action:user.delete', {`
			`callerUid: socket.uid,`
			`uid: uid,`
			`ip: socket.ip,`
			`});`
			`}`
			`try {`
			`await Promise.all(uids.map(uid => doDelete(uid)));`
			`} catch (err) {`
			`winston.error(err);`
			`}`
			`}`
prevent administrators from being deleted - first remove them from admin group 2014-09-16 12:19:58 -04:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.search = async function (socket, data) {`
			`const searchData = await user.search({`
			`query: data.query,`
			`searchBy: data.searchBy,`
			`uid: socket.uid,`
change user delete so it returns quickly 2018-10-03 19:12:46 -04:00			`});`
socket.io admin/user 2014-04-15 02:25:42 -04:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`if (!searchData.users.length) {`
			`return searchData;`
			`}`
closes #2458 2014-12-21 16:29:32 -05:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`const uids = searchData.users.map(user => user && user.uid);`
			`const userInfo = await user.getUsersFields(uids, ['email', 'flags', 'lastonline', 'joindate']);`
more tests 2016-11-15 14:01:06 +03:00
refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`searchData.users.forEach(function (user, index) {`
			`if (user && userInfo[index]) {`
			`user.email = userInfo[index].email;`
			`user.flags = userInfo[index].flags \|\| 0;`
			`user.lastonlineISO = userInfo[index].lastonlineISO;`
			`user.joindateISO = userInfo[index].joindateISO;`
			`}`
			`});`
			`return searchData;`
socket.io admin/user 2014-04-15 02:25:42 -04:00			`};`

refactor: async/await socket.io/admin 2019-09-07 18:22:03 -04:00			`User.restartJobs = async function () {`
feat: #7743 user/index.js user/info.js user/invite.js user/jobs.js 2019-07-16 11:42:24 -04:00			`user.startJobs();`
closes #4766 2016-08-26 10:04:38 -04:00			`};`
feat: #5272, allow changing user groups from manage users page 2019-12-04 11:14:01 -05:00
			`User.loadGroups = async function (socket, uids) {`
			`const [userData, groupData] = await Promise.all([`
			`user.getUsersData(uids),`
			`groups.getUserGroupsFromSet('groups:createtime', uids),`
			`]);`
			`userData.forEach((data, index) => {`
			`data.groups = groupData[index].filter(group => !groups.isPrivilegeGroup(group.name));`
			`data.groups.forEach((group) => {`
			`group.nameEscaped = translator.escape(group.displayName);`
			`});`
			`});`
			`return { users: userData };`
			`};`