Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 16:46:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: #11906, remove retrieval of SSO data in getAllData internal method, only retrieve for calling user or admins, and only on edit page

Browse Source
This commit is contained in:
Julian Lam
2023-08-21 15:26:22 -04:00
parent 271cf81e6c
commit a6c98de631
2 changed files with 7 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/controllers/accounts/edit.js
View File

@@ -5,6 +5,7 @@ const meta = require('../../meta');
const helpers = require('../helpers'); const helpers = require('../helpers');
const groups = require('../../groups'); const groups = require('../../groups');
const privileges = require('../../privileges'); const privileges = require('../../privileges');
const plugins = require('../../plugins');
const accountHelpers = require('./helpers'); const accountHelpers = require('./helpers');
const file = require('../../file'); const file = require('../../file');
@@ -19,9 +20,10 @@ editController.get = async function (req, res) {
groups: _groups, groups: _groups,
groupTitleArray, groupTitleArray,
allowMultipleBadges, allowMultipleBadges,
}, canUseSignature] = await Promise.all([ }, canUseSignature, canManageUsers] = await Promise.all([
accountHelpers.getUserDataByUserSlug(req.params.userslug, req.uid, req.query), accountHelpers.getUserDataByUserSlug(req.params.userslug, req.uid, req.query),
privileges.global.can('signature', req.uid), privileges.global.can('signature', req.uid),
privileges.admin.can('admin:users', req.uid),
]); ]);
const payload = {}; const payload = {};
@@ -38,6 +40,10 @@ editController.get = async function (req, res) {
payload.groups = _groups.filter(g => g && g.userTitleEnabled && !groups.isPrivilegeGroup(g.name) && g.name !== 'registered-users'); payload.groups = _groups.filter(g => g && g.userTitleEnabled && !groups.isPrivilegeGroup(g.name) && g.name !== 'registered-users');
if (req.uid === res.locals.uid || canManageUsers) {
payload.sso = await plugins.hooks.fire('filter:auth.list', { uid: res.locals.uid, associations: [] });
}
if (!allowMultipleBadges) { if (!allowMultipleBadges) {
payload.groupTitle = groupTitleArray[0]; payload.groupTitle = groupTitleArray[0];
} }

11
src/controllers/accounts/helpers.js
View File

@@ -104,16 +104,6 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
canViewInfo: canViewInfo, canViewInfo: canViewInfo,
}); });
userData.sso = results.sso.associations.map((association) => {
if (!isSelf) {
delete association.deauthUrl;
if (!association.associated) {
delete association.url;
}
}
return association;
});
userData.banned = Boolean(userData.banned); userData.banned = Boolean(userData.banned);
userData.muted = parseInt(userData.mutedUntil, 10) > Date.now(); userData.muted = parseInt(userData.mutedUntil, 10) > Date.now();
userData.website = escape(userData.website); userData.website = escape(userData.website);
@@ -162,7 +152,6 @@ async function getAllData(uid, callerUID) {
ips: user.getIPs(uid, 4), ips: user.getIPs(uid, 4),
profile_menu: getProfileMenu(uid, callerUID), profile_menu: getProfileMenu(uid, callerUID),
groups: groups.getUserGroups([uid]), groups: groups.getUserGroups([uid]),
sso: plugins.hooks.fire('filter:auth.list', { uid: uid, associations: [] }),
canEdit: privileges.users.canEdit(callerUID, uid), canEdit: privileges.users.canEdit(callerUID, uid),
canBanUser: privileges.users.canBanUser(callerUID, uid), canBanUser: privileges.users.canBanUser(callerUID, uid),
canMuteUser: privileges.users.canMuteUser(callerUID, uid), canMuteUser: privileges.users.canMuteUser(callerUID, uid),