mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-01-01 13:20:41 +01:00
fix: #7316
This commit is contained in:
Barış Soner Uşaklı
@@ -9,7 +9,7 @@ define('admin/manage/registration', function () {
|
||||
var parent = $(this).parents('[data-username]');
|
||||
var action = $(this).attr('data-action');
|
||||
var username = parent.attr('data-username');
|
||||
var method = action === 'accept' ? 'admin.user.acceptRegistration' : 'admin.user.rejectRegistration';
|
||||
var method = action === 'accept' ? 'user.acceptRegistration' : 'user.rejectRegistration';
|
||||
|
||||
socket.emit(method, { username: username }, function (err) {
|
||||
if (err) {
|
||||
@@ -25,7 +25,7 @@ define('admin/manage/registration', function () {
|
||||
var email = parent.attr('data-invitation-mail');
|
||||
var invitedBy = parent.attr('data-invited-by');
|
||||
var action = $(this).attr('data-action');
|
||||
var method = 'admin.user.deleteInvitation';
|
||||
var method = 'user.deleteInvitation';
|
||||
|
||||
var removeRow = function () {
|
||||
var nextRow = parent.next();
|
||||
|
||||
@@ -4,6 +4,7 @@ var async = require('async');
|
||||
|
||||
var user = require('../user');
|
||||
var adminBlacklistController = require('./admin/blacklist');
|
||||
var usersController = require('./admin/users');
|
||||
|
||||
var globalModsController = module.exports;
|
||||
|
||||
@@ -20,3 +21,18 @@ globalModsController.ipBlacklist = function (req, res, next) {
|
||||
},
|
||||
], next);
|
||||
};
|
||||
|
||||
|
||||
globalModsController.registrationQueue = function (req, res, next) {
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.isAdminOrGlobalMod(req.uid, next);
|
||||
},
|
||||
function (isAdminOrGlobalMod, next) {
|
||||
if (!isAdminOrGlobalMod) {
|
||||
return next();
|
||||
}
|
||||
usersController.registrationQueue(req, res, next);
|
||||
},
|
||||
], next);
|
||||
};
|
||||
|
||||
@@ -46,6 +46,7 @@ function modRoutes(app, middleware, controllers) {
|
||||
|
||||
function globalModRoutes(app, middleware, controllers) {
|
||||
setupPageRoute(app, '/ip-blacklist', middleware, [], controllers.globalMods.ipBlacklist);
|
||||
setupPageRoute(app, '/registration-queue', middleware, [], controllers.globalMods.registrationQueue);
|
||||
}
|
||||
|
||||
function topicRoutes(app, middleware, controllers) {
|
||||
|
||||
@@ -221,44 +221,6 @@ User.search = function (socket, data, callback) {
|
||||
], callback);
|
||||
};
|
||||
|
||||
User.deleteInvitation = function (socket, data, callback) {
|
||||
user.deleteInvitation(data.invitedBy, data.email, callback);
|
||||
};
|
||||
|
||||
User.acceptRegistration = function (socket, data, callback) {
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.acceptRegistration(data.username, next);
|
||||
},
|
||||
function (uid, next) {
|
||||
events.log({
|
||||
type: 'registration-approved',
|
||||
uid: socket.uid,
|
||||
ip: socket.ip,
|
||||
targetUid: uid,
|
||||
});
|
||||
next(null, uid);
|
||||
},
|
||||
], callback);
|
||||
};
|
||||
|
||||
User.rejectRegistration = function (socket, data, callback) {
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.rejectRegistration(data.username, next);
|
||||
},
|
||||
function (next) {
|
||||
events.log({
|
||||
type: 'registration-rejected',
|
||||
uid: socket.uid,
|
||||
ip: socket.ip,
|
||||
username: data.username,
|
||||
});
|
||||
next();
|
||||
},
|
||||
], callback);
|
||||
};
|
||||
|
||||
User.restartJobs = function (socket, data, callback) {
|
||||
user.startJobs(callback);
|
||||
};
|
||||
|
||||
@@ -22,6 +22,7 @@ require('./user/search')(SocketUser);
|
||||
require('./user/status')(SocketUser);
|
||||
require('./user/picture')(SocketUser);
|
||||
require('./user/ban')(SocketUser);
|
||||
require('./user/registration')(SocketUser);
|
||||
|
||||
SocketUser.exists = function (socket, data, callback) {
|
||||
if (!data || !data.username) {
|
||||
|
||||
70
src/socket.io/user/registration.js
Normal file
70
src/socket.io/user/registration.js
Normal file
@@ -0,0 +1,70 @@
|
||||
'use strict';
|
||||
|
||||
var async = require('async');
|
||||
var user = require('../../user');
|
||||
var events = require('../../events');
|
||||
|
||||
module.exports = function (SocketUser) {
|
||||
SocketUser.acceptRegistration = function (socket, data, callback) {
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.isAdminOrGlobalMod(socket.uid, next);
|
||||
},
|
||||
function (isAdminOrGlobalMod, next) {
|
||||
if (!isAdminOrGlobalMod) {
|
||||
return next(new Error('[[error:no-privileges]]'));
|
||||
}
|
||||
|
||||
user.acceptRegistration(data.username, next);
|
||||
},
|
||||
function (uid, next) {
|
||||
events.log({
|
||||
type: 'registration-approved',
|
||||
uid: socket.uid,
|
||||
ip: socket.ip,
|
||||
targetUid: uid,
|
||||
});
|
||||
next(null, uid);
|
||||
},
|
||||
], callback);
|
||||
};
|
||||
|
||||
SocketUser.rejectRegistration = function (socket, data, callback) {
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.isAdminOrGlobalMod(socket.uid, next);
|
||||
},
|
||||
function (isAdminOrGlobalMod, next) {
|
||||
if (!isAdminOrGlobalMod) {
|
||||
return next(new Error('[[error:no-privileges]]'));
|
||||
}
|
||||
|
||||
user.rejectRegistration(data.username, next);
|
||||
},
|
||||
function (next) {
|
||||
events.log({
|
||||
type: 'registration-rejected',
|
||||
uid: socket.uid,
|
||||
ip: socket.ip,
|
||||
username: data.username,
|
||||
});
|
||||
next();
|
||||
},
|
||||
], callback);
|
||||
};
|
||||
|
||||
SocketUser.deleteInvitation = function (socket, data, callback) {
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
user.isAdminOrGlobalMod(socket.uid, next);
|
||||
},
|
||||
function (isAdminOrGlobalMod, next) {
|
||||
if (!isAdminOrGlobalMod) {
|
||||
return next(new Error('[[error:no-privileges]]'));
|
||||
}
|
||||
|
||||
user.deleteInvitation(data.invitedBy, data.email, next);
|
||||
},
|
||||
], callback);
|
||||
};
|
||||
};
|
||||
@@ -300,6 +300,24 @@ describe('Admin Controllers', function () {
|
||||
});
|
||||
});
|
||||
|
||||
it('should 404 if users is not privileged', function (done) {
|
||||
request(nconf.get('url') + '/api/registration-queue', { json: true }, function (err, res, body) {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 404);
|
||||
assert(body);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should load /api/registration-queue', function (done) {
|
||||
request(nconf.get('url') + '/api/registration-queue', { jar: jar, json: true }, function (err, res, body) {
|
||||
assert.ifError(err);
|
||||
assert.equal(res.statusCode, 200);
|
||||
assert(body);
|
||||
done();
|
||||
});
|
||||
});
|
||||
|
||||
it('should load /admin/manage/admins-mods', function (done) {
|
||||
request(nconf.get('url') + '/api/admin/manage/admins-mods', { jar: jar, json: true }, function (err, res, body) {
|
||||
assert.ifError(err);
|
||||
|
||||
22
test/user.js
22
test/user.js
@@ -1638,7 +1638,7 @@ describe('User', function () {
|
||||
});
|
||||
|
||||
it('should reject user registration', function (done) {
|
||||
socketAdmin.user.rejectRegistration({ uid: adminUid }, { username: 'rejectme' }, function (err) {
|
||||
socketUser.rejectRegistration({ uid: adminUid }, { username: 'rejectme' }, function (err) {
|
||||
assert.ifError(err);
|
||||
User.getRegistrationQueue(0, -1, function (err, users) {
|
||||
assert.ifError(err);
|
||||
@@ -1657,7 +1657,7 @@ describe('User', function () {
|
||||
gdpr_consent: true,
|
||||
}, function (err) {
|
||||
assert.ifError(err);
|
||||
socketAdmin.user.acceptRegistration({ uid: adminUid }, { username: 'acceptme' }, function (err, uid) {
|
||||
socketUser.acceptRegistration({ uid: adminUid }, { username: 'acceptme' }, function (err, uid) {
|
||||
assert.ifError(err);
|
||||
User.exists(uid, function (err, exists) {
|
||||
assert.ifError(err);
|
||||
@@ -1676,15 +1676,17 @@ describe('User', function () {
|
||||
describe('invites', function () {
|
||||
var socketUser = require('../src/socket.io/user');
|
||||
var inviterUid;
|
||||
var adminUid;
|
||||
|
||||
before(function (done) {
|
||||
User.create({
|
||||
username: 'inviter',
|
||||
email: 'inviter@nodebb.org',
|
||||
}, function (err, uid) {
|
||||
async.parallel({
|
||||
inviter: async.apply(User.create, { username: 'inviter', email: 'inviter@nodebb.org' }),
|
||||
admin: async.apply(User.create, { username: 'adminInvite' }),
|
||||
}, function (err, results) {
|
||||
assert.ifError(err);
|
||||
inviterUid = uid;
|
||||
done();
|
||||
inviterUid = results.inviter;
|
||||
adminUid = results.admin;
|
||||
groups.join('administrators', adminUid, done);
|
||||
});
|
||||
});
|
||||
|
||||
@@ -1793,8 +1795,8 @@ describe('User', function () {
|
||||
});
|
||||
|
||||
it('should delete invitation', function (done) {
|
||||
var socketAdmin = require('../src/socket.io/admin');
|
||||
socketAdmin.user.deleteInvitation({ uid: inviterUid }, { invitedBy: 'inviter', email: 'invite1@test.com' }, function (err) {
|
||||
var socketUser = require('../src/socket.io/user');
|
||||
socketUser.deleteInvitation({ uid: adminUid }, { invitedBy: 'inviter', email: 'invite1@test.com' }, function (err) {
|
||||
assert.ifError(err);
|
||||
db.isSetMember('invitation:uid:' + inviterUid, 'invite1@test.com', function (err, isMember) {
|
||||
assert.ifError(err);
|
||||
|
||||
Reference in New Issue
Block a user