Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-30 18:46:01 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #8163, prevent account deletion

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-02-13 11:31:20 -05:00
parent f4ed35c998
commit 4d0636f847
2 changed files with 15 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/socket.io/user.js
View File

@@ -49,6 +49,9 @@ SocketUser.deleteAccount = async function (socket, data) {
if (isAdmin) { if (isAdmin) {
throw new Error('[[error:cant-delete-admin]]'); throw new Error('[[error:cant-delete-admin]]');
} }
if (meta.config.allowAccountDelete !== 1) {
throw new Error('[[error:no-privileges]]');
}
const userData = await user.deleteAccount(socket.uid); const userData = await user.deleteAccount(socket.uid);
require('./index').server.sockets.emit('event:user_status_change', { uid: socket.uid, status: 'offline' }); require('./index').server.sockets.emit('event:user_status_change', { uid: socket.uid, status: 'offline' });

12
test/user.js
View File

@@ -1446,6 +1446,18 @@ describe('User', function () {
}); });
}); });
it('should fail to delete user if account deletion is not allowed', async function () {
const oldValue = meta.config.allowAccountDeletion;
meta.config.allowAccountDeletion = 0;
const uid = await User.create({ username: 'tobedeleted' });
try {
await socketUser.deleteAccount({ uid: uid }, {});
} catch (err) {
assert.equal(err.message, '[[error:no-privileges]]');
}
meta.config.allowAccountDeletion = oldValue;
});
it('should fail if data is invalid', function (done) { it('should fail if data is invalid', function (done) {
socketUser.emailExists({ uid: testUid }, null, function (err) { socketUser.emailExists({ uid: testUid }, null, function (err) {
assert.equal(err.message, '[[error:invalid-data]]'); assert.equal(err.message, '[[error:invalid-data]]');