src/socket.io/user.js

'use strict';

const util = require('util');
const winston = require('winston');

const sleep = util.promisify(setTimeout);

const user = require('../user');
const topics = require('../topics');
const messaging = require('../messaging');
const plugins = require('../plugins');
const meta = require('../meta');
const events = require('../events');
const emailer = require('../emailer');
const db = require('../database');
const userController = require('../controllers/user');
const privileges = require('../privileges');
const utils = require('../utils');

const SocketUser = module.exports;

require('./user/profile')(SocketUser);
require('./user/status')(SocketUser);
require('./user/picture')(SocketUser);
require('./user/registration')(SocketUser);

// Password Reset
SocketUser.reset = {};

SocketUser.reset.send = async function (socket, email) {
	if (!email) {
		throw new Error('[[error:invalid-data]]');
	}

	if (meta.config['password:disableEdit']) {
		throw new Error('[[error:no-privileges]]');
	}
	async function logEvent(text) {
		await events.log({
			type: 'password-reset',
			text: text,
			ip: socket.ip,
			uid: socket.uid,
			email: email,
		});
	}
	try {
		await user.reset.send(email);
		await logEvent('[[success:success]]');
		await sleep(2500 + ((Math.random() * 500) - 250));
	} catch (err) {
		await logEvent(err.message);
		await sleep(2500 + ((Math.random() * 500) - 250));
		const internalErrors = ['[[error:invalid-email]]'];
		if (!internalErrors.includes(err.message)) {
			throw err;
		}
	}
};

SocketUser.reset.commit = async function (socket, data) {
	if (!data || !data.code || !data.password) {
		throw new Error('[[error:invalid-data]]');
	}
	const [uid] = await Promise.all([
		db.getObjectField('reset:uid', data.code),
		user.reset.commit(data.code, data.password),
		plugins.hooks.fire('action:password.reset', { uid: socket.uid }),
	]);

	await events.log({
		type: 'password-reset',
		uid: uid,
		ip: socket.ip,
	});

	const username = await user.getUserField(uid, 'username');
	const now = new Date();
	const parsedDate = `${now.getFullYear()}/${now.getMonth() + 1}/${now.getDate()}`;
	emailer.send('reset_notify', uid, {
		username: username,
		date: parsedDate,
		subject: '[[email:reset.notify.subject]]',
	}).catch(err => winston.error(`[emailer.send] ${err.stack}`));
};

SocketUser.isFollowing = async function (socket, data) {
	if (!socket.uid || !data.uid) {
		return false;
	}

	return await user.isFollowing(socket.uid, data.uid);
};

SocketUser.getUnreadCount = async function (socket) {
	if (!socket.uid) {
		return 0;
	}
	return await topics.getTotalUnread(socket.uid, '');
};

SocketUser.getUnreadChatCount = async function (socket) {
	if (!socket.uid) {
		return 0;
	}
	return await messaging.getUnreadCount(socket.uid);
};

SocketUser.getUnreadCounts = async function (socket) {
	if (!socket.uid) {
		return {};
	}
	const results = await utils.promiseParallel({
		unreadCounts: topics.getUnreadTids({ uid: socket.uid, count: true }),
		unreadChatCount: messaging.getUnreadCount(socket.uid),
		unreadNotificationCount: user.notifications.getUnreadCount(socket.uid),
	});
	results.unreadTopicCount = results.unreadCounts[''];
	results.unreadNewTopicCount = results.unreadCounts.new;
	results.unreadWatchedTopicCount = results.unreadCounts.watched;
	results.unreadUnrepliedTopicCount = results.unreadCounts.unreplied;
	return results;
};

SocketUser.getUserByUID = async function (socket, uid) {
	return await userController.getUserDataByField(socket.uid, 'uid', uid);
};

SocketUser.getUserByUsername = async function (socket, username) {
	return await userController.getUserDataByField(socket.uid, 'username', username);
};

SocketUser.getUserByEmail = async function (socket, email) {
	return await userController.getUserDataByField(socket.uid, 'email', email);
};

SocketUser.setModerationNote = async function (socket, data) {
	if (!socket.uid || !data || !data.uid || !data.note) {
		throw new Error('[[error:invalid-data]]');
	}
	const noteData = {
		uid: socket.uid,
		note: data.note,
		timestamp: Date.now(),
	};
	let canEdit = await privileges.users.canEdit(socket.uid, data.uid);
	if (!canEdit) {
		canEdit = await user.isModeratorOfAnyCategory(socket.uid);
	}
	if (!canEdit) {
		throw new Error('[[error:no-privileges]]');
	}

	await user.appendModerationNote({ uid: data.uid, noteData });
	return await user.getModerationNotes(data.uid, 0, 0);
};

SocketUser.deleteUpload = async function (socket, data) {
	if (!data || !data.name || !data.uid) {
		throw new Error('[[error:invalid-data]]');
	}
	await user.deleteUpload(socket.uid, data.uid, data.name);
};

SocketUser.gdpr = {};

SocketUser.gdpr.consent = async function (socket) {
	await user.setUserField(socket.uid, 'gdpr_consent', 1);
};

SocketUser.gdpr.check = async function (socket, data) {
	const isAdmin = await user.isAdministrator(socket.uid);
	if (!isAdmin) {
		data.uid = socket.uid;
	}
	return await db.getObjectField(`user:${data.uid}`, 'gdpr_consent');
};

require('../promisify')(SocketUser);
moved user search to its own file 2014-03-12 22:11:48 -04:00			`'use strict';`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`const util = require('util');`
fix: email testing and settings change from ACP - changing email SMTP settings wouldn't apply the first time - "Send Test Email" now will report emailer errors in most cases 2020-12-05 14:25:14 -07:00			`const winston = require('winston');`
chore: eslint import/newline-after-import 2021-02-03 23:53:16 -07:00
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`const sleep = util.promisify(setTimeout);`

			`const user = require('../user');`
			`const topics = require('../topics');`
			`const messaging = require('../messaging');`
			`const plugins = require('../plugins');`
			`const meta = require('../meta');`
			`const events = require('../events');`
			`const emailer = require('../emailer');`
			`const db = require('../database');`
			`const userController = require('../controllers/user');`
			`const privileges = require('../privileges');`
			`const utils = require('../utils');`

			`const SocketUser = module.exports;`
so far so good... user, meta, notifications, categories 2014-01-09 22:46:51 -05:00
socket.io/user.js refactor 2015-09-25 15:56:58 -04:00			`require('./user/profile')(SocketUser);`
			`require('./user/status')(SocketUser);`
			`require('./user/picture')(SocketUser);`
fix: #7316 2019-01-29 13:11:45 -05:00			`require('./user/registration')(SocketUser);`
socket.io/user.js refactor 2015-09-25 15:56:58 -04:00
so far so good... user, meta, notifications, categories 2014-01-09 22:46:51 -05:00			`// Password Reset`
			`SocketUser.reset = {};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.reset.send = async function (socket, email) {`
added some missing callbacks 2016-03-09 19:13:36 +02:00			`if (!email) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`throw new Error('[[error:invalid-data]]');`
added data checks to user calls 2014-01-16 18:18:42 -05:00			`}`
added some missing callbacks 2016-03-09 19:13:36 +02:00
fix: #7576 "Disable password changes" can be sidestepped 2019-05-09 15:51:36 -04:00			`if (meta.config['password:disableEdit']) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`throw new Error('[[error:no-privileges]]');`
fix: #7576 "Disable password changes" can be sidestepped 2019-05-09 15:51:36 -04:00			`}`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`async function logEvent(text) {`
			`await events.log({`
feat: logging password resets and errors into event log closes #7343, also adds tests for password reset socket calls 2019-02-08 10:50:15 -05:00			`type: 'password-reset',`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`text: text,`
feat: logging password resets and errors into event log closes #7343, also adds tests for password reset socket calls 2019-02-08 10:50:15 -05:00			`ip: socket.ip,`
			`uid: socket.uid,`
			`email: email,`
			`});`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`}`
			`try {`
			`await user.reset.send(email);`
			`await logEvent('[[success:success]]');`
fix: introduce artificial delay + delay fudging on invalid email during reset token generation 2021-06-11 14:47:13 -04:00			`await sleep(2500 + ((Math.random() * 500) - 250));`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`} catch (err) {`
			`await logEvent(err.message);`
fix: introduce artificial delay + delay fudging on invalid email during reset token generation 2021-06-11 14:47:13 -04:00			`await sleep(2500 + ((Math.random() * 500) - 250));`
Fix for #11119, restore password reset rate limiting (#11120) * chore: incrementing version number - v2.8.1 * chore: update changelog for v2.8.1 * fix: accidental clearing of reset rate limiting on reset send * test: move user reset tests to its own file, add failing test for user reset locks * fix: #11119, counter attempted flooding of user reset route * test: fix password reset socket test to check for error now * test: same user sending multiple reset emails should work after waiting the correct amount of time * lint: fixes * chore: rename outdated `cleanTokensAndUids` method * test: no need to create user for new test Co-authored-by: Misty Release Bot <deploy@nodebb.org> Co-authored-by: Barış Soner Uşaklı <barisusakli@gmail.com> 2023-01-04 11:24:46 -05:00			`const internalErrors = ['[[error:invalid-email]]'];`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`if (!internalErrors.includes(err.message)) {`
			`throw err;`
closes #4918 2016-08-09 12:56:42 -04:00			`}`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`}`
so far so good... user, meta, notifications, categories 2014-01-09 22:46:51 -05:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.reset.commit = async function (socket, data) {`
use uid instead of socket.uid 2015-02-11 21:54:20 -05:00			`if (!data \|\| !data.code \|\| !data.password) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`throw new Error('[[error:invalid-data]]');`
use uid instead of socket.uid 2015-02-11 21:54:20 -05:00			`}`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`const [uid] = await Promise.all([`
			`db.getObjectField('reset:uid', data.code),`
			`user.reset.commit(data.code, data.password),`
refactor: move plugin hook methods to plugin.hooks.* 2020-11-20 16:06:26 -05:00			`plugins.hooks.fire('action:password.reset', { uid: socket.uid }),`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`]);`

			`await events.log({`
			`type: 'password-reset',`
			`uid: uid,`
			`ip: socket.ip,`
			`});`

			`const username = await user.getUserField(uid, 'username');`
			`const now = new Date();`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			const parsedDate = `${now.getFullYear()}/${now.getMonth() + 1}/${now.getDate()}`;
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`emailer.send('reset_notify', uid, {`
			`username: username,`
			`date: parsedDate,`
			`subject: '[[email:reset.notify.subject]]',`
Revert "fix: update usage of emailer.send to not catch (as errors are no longer thrown), email error throttler" This reverts commit d4e5259fcffeaba1dfffd43f559df7d195c8e7a7. 2022-01-28 15:25:33 -05:00			}).catch(err => winston.error(`[emailer.send] ${err.stack}`));
so far so good... user, meta, notifications, categories 2014-01-09 22:46:51 -05:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.isFollowing = async function (socket, data) {`
user.isFollowing socket call 2015-10-29 22:22:33 -04:00			`if (!socket.uid \|\| !data.uid) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`return false;`
user.isFollowing socket call 2015-10-29 22:22:33 -04:00			`}`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`return await user.isFollowing(socket.uid, data.uid);`
user.isFollowing socket call 2015-10-29 22:22:33 -04:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.getUnreadCount = async function (socket) {`
checks in socket.io/user reset doesnt need socket 2014-11-01 16:55:50 -04:00			`if (!socket.uid) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`return 0;`
checks in socket.io/user reset doesnt need socket 2014-11-01 16:55:50 -04:00			`}`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`return await topics.getTotalUnread(socket.uid, '');`
so far so good... user, meta, notifications, categories 2014-01-09 22:46:51 -05:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.getUnreadChatCount = async function (socket) {`
checks in socket.io/user reset doesnt need socket 2014-11-01 16:55:50 -04:00			`if (!socket.uid) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`return 0;`
checks in socket.io/user reset doesnt need socket 2014-11-01 16:55:50 -04:00			`}`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`return await messaging.getUnreadCount(socket.uid);`
closes #1825, closes #1674 2014-07-19 10:33:27 -04:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.getUnreadCounts = async function (socket) {`
make one socket call to load unread counts 2015-10-20 19:19:50 -04:00			`if (!socket.uid) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`return {};`
make one socket call to load unread counts 2015-10-20 19:19:50 -04:00			`}`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`const results = await utils.promiseParallel({`
			`unreadCounts: topics.getUnreadTids({ uid: socket.uid, count: true }),`
			`unreadChatCount: messaging.getUnreadCount(socket.uid),`
			`unreadNotificationCount: user.notifications.getUnreadCount(socket.uid),`
Unread changes closes #6781 (#6783) * WIP * more unread work * faster teaser block handling if user doesn't have anyone blocked don't check * much faster filtering of blocked posts * add missing uid * add tidsByFilter to return * dont load all pids to find previous non-blocked teaser * fix unread filters they no longer use unread/new unread/watched etc they are query strings now * shorter nav item code * add unreplied to filters fix icons not clearing to 0 dont increment unread counters if there is a reply in a topic where you ignored the topic creator 2018-09-24 12:58:59 -04:00			`});`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`results.unreadTopicCount = results.unreadCounts[''];`
			`results.unreadNewTopicCount = results.unreadCounts.new;`
			`results.unreadWatchedTopicCount = results.unreadCounts.watched;`
			`results.unreadUnrepliedTopicCount = results.unreadCounts.unreplied;`
			`return results;`
make one socket call to load unread counts 2015-10-20 19:19:50 -04:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.getUserByUID = async function (socket, uid) {`
			`return await userController.getUserDataByField(socket.uid, 'uid', uid);`
added socket methods 2016-03-08 11:24:32 +02:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.getUserByUsername = async function (socket, username) {`
			`return await userController.getUserDataByField(socket.uid, 'username', username);`
added socket methods 2016-03-08 11:24:32 +02:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.getUserByEmail = async function (socket, email) {`
			`return await userController.getUserDataByField(socket.uid, 'email', email);`
added socket methods 2016-03-08 11:24:32 +02:00			`};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.setModerationNote = async function (socket, data) {`
closes #5542 2017-03-23 10:58:17 +03:00			`if (!socket.uid \|\| !data \|\| !data.uid \|\| !data.note) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`throw new Error('[[error:invalid-data]]');`
ability to set moderation note on users 2016-09-21 12:55:44 +03:00			`}`
fix: #7519 2019-04-05 13:44:15 -04:00			`const noteData = {`
			`uid: socket.uid,`
			`note: data.note,`
			`timestamp: Date.now(),`
			`};`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`let canEdit = await privileges.users.canEdit(socket.uid, data.uid);`
			`if (!canEdit) {`
			`canEdit = await user.isModeratorOfAnyCategory(socket.uid);`
			`}`
			`if (!canEdit) {`
			`throw new Error('[[error:no-privileges]]');`
			`}`
refactor: expose new method for appending moderation note 2020-09-14 10:16:35 -04:00
fix: tests, because redis is TOO FAST 2020-09-14 11:07:46 -04:00			`await user.appendModerationNote({ uid: data.uid, noteData });`
feat: parse moderation notes as markdown https://github.com/NodeBB/NodeBB/issues/12477 2024-04-23 13:00:47 -04:00			`return await user.getModerationNotes(data.uid, 0, 0);`
ability to set moderation note on users 2016-09-21 12:55:44 +03:00			`};`
Added user consent pages (#6430) - "Your Rights & Consent" user settings page 2018-04-09 12:22:44 -04:00
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.deleteUpload = async function (socket, data) {`
change upload storage 2018-04-12 12:35:05 -04:00			`if (!data \|\| !data.name \|\| !data.uid) {`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`throw new Error('[[error:invalid-data]]');`
ability to delete uploads from account page #6431 2018-04-09 20:03:33 -04:00			`}`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`await user.deleteUpload(socket.uid, data.uid, data.name);`
ability to delete uploads from account page #6431 2018-04-09 20:03:33 -04:00			`};`

Added user consent pages (#6430) - "Your Rights & Consent" user settings page 2018-04-09 12:22:44 -04:00			`SocketUser.gdpr = {};`

refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.gdpr.consent = async function (socket) {`
			`await user.setUserField(socket.uid, 'gdpr_consent', 1);`
Added user consent pages (#6430) - "Your Rights & Consent" user settings page 2018-04-09 12:22:44 -04:00			`};`
added gdpr check socket method 2018-05-11 12:18:51 -04:00
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00			`SocketUser.gdpr.check = async function (socket, data) {`
			`const isAdmin = await user.isAdministrator(socket.uid);`
			`if (!isAdmin) {`
			`data.uid = socket.uid;`
			`}`
chore: eslint prefer-template 2021-02-03 23:59:08 -07:00			return await db.getObjectField(`user:${data.uid}`, 'gdpr_consent');
added gdpr check socket method 2018-05-11 12:18:51 -04:00			`};`
refactor: async/await socket.io 2019-09-15 02:14:51 -04:00
			`require('../promisify')(SocketUser);`