From 6790000d1aec8a6babfe96aebb8ac57dafbe719e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Tue, 28 Nov 2023 20:58:07 -0500
Subject: [PATCH 1/3] fix: closes #12185, fix cli user password reset

refactor session get/destroy
---
 src/api/users.js       |  7 +------
 src/cli/user.js        |  1 +
 src/database/index.js  | 22 ++++++++++++++++++++++
 src/socket.io/index.js |  8 ++------
 src/user/auth.js       | 18 +++++-------------
 5 files changed, 31 insertions(+), 25 deletions(-)

diff --git a/src/api/users.js b/src/api/users.js
index f7c4edc2d2..f09aa782c8 100644
--- a/src/api/users.js
+++ b/src/api/users.js
@@ -1,6 +1,5 @@
 'use strict';
 
-const util = require('util');
 const path = require('path');
 const fs = require('fs').promises;
 
@@ -330,10 +329,6 @@ usersAPI.deleteToken = async (caller, { uid, token }) => {
 	return true;
 };
 
-const getSessionAsync = util.promisify((sid, callback) => {
-	db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null));
-});
-
 usersAPI.revokeSession = async (caller, { uid, uuid }) => {
 	// Only admins or global mods (besides the user themselves) can revoke sessions
 	if (parseInt(uid, 10) !== caller.uid && !await user.isAdminOrGlobalMod(caller.uid)) {
@@ -344,7 +339,7 @@ usersAPI.revokeSession = async (caller, { uid, uuid }) => {
 	let _id;
 	for (const sid of sids) {
 		/* eslint-disable no-await-in-loop */
-		const sessionObj = await getSessionAsync(sid);
+		const sessionObj = await db.sessionStoreGet(sid);
 		if (sessionObj && sessionObj.meta && sessionObj.meta.uuid === uuid) {
 			_id = sid;
 			break;
diff --git a/src/cli/user.js b/src/cli/user.js
index bbd747865f..f2db7e4a58 100644
--- a/src/cli/user.js
+++ b/src/cli/user.js
@@ -77,6 +77,7 @@ let winston;
 async function init() {
 	db = require('../database');
 	await db.init();
+	await db.initSessionStore();
 
 	user = require('../user');
 	groups = require('../groups');
diff --git a/src/database/index.js b/src/database/index.js
index 51febea19d..2366ae3671 100644
--- a/src/database/index.js
+++ b/src/database/index.js
@@ -34,4 +34,26 @@ primaryDB.initSessionStore = async function () {
 	primaryDB.sessionStore = await sessionStoreDB.createSessionStore(sessionStoreConfig);
 };
 
+function promisifySessionStoreMethod(method, sid) {
+	return new Promise((resolve, reject) => {
+		if (!primaryDB.sessionStore) {
+			resolve(method === 'get' ? null : undefined);
+			return;
+		}
+
+		primaryDB.sessionStore[method](sid, (err, result) => {
+			if (err) reject(err);
+			else resolve(method === 'get' ? result || null : undefined);
+		});
+	});
+}
+
+primaryDB.sessionStoreGet = function (sid) {
+	return promisifySessionStoreMethod('get', sid);
+};
+
+primaryDB.sessionStoreDestroy = function (sid) {
+	return promisifySessionStoreMethod('destroy', sid);
+};
+
 module.exports = primaryDB;
diff --git a/src/socket.io/index.js b/src/socket.io/index.js
index 8f03eb2a9d..2348caadf7 100644
--- a/src/socket.io/index.js
+++ b/src/socket.io/index.js
@@ -241,10 +241,6 @@ async function checkMaintenance(socket) {
 	throw new Error(`[[pages:maintenance.text, ${validator.escape(String(meta.config.title || 'NodeBB'))}]]`);
 }
 
-const getSessionAsync = util.promisify(
-	(sid, callback) => db.sessionStore.get(sid, (err, sessionObj) => callback(err, sessionObj || null))
-);
-
 async function validateSession(socket, errorMsg) {
 	const req = socket.request;
 	const { sessionId } = await plugins.hooks.fire('filter:sockets.sessionId', {
@@ -256,7 +252,7 @@ async function validateSession(socket, errorMsg) {
 		return;
 	}
 
-	const sessionData = await getSessionAsync(sessionId);
+	const sessionData = await db.sessionStoreGet(sessionId);
 	if (!sessionData) {
 		throw new Error(errorMsg);
 	}
@@ -282,7 +278,7 @@ async function authorize(request, callback) {
 		request: request,
 	});
 
-	const sessionData = await getSessionAsync(sessionId);
+	const sessionData = await db.sessionStoreGet(sessionId);
 	request.session = sessionData;
 	let uid = 0;
 	if (sessionData && sessionData.passport && sessionData.passport.user) {
diff --git a/src/user/auth.js b/src/user/auth.js
index 5330903a15..954d00a0c5 100644
--- a/src/user/auth.js
+++ b/src/user/auth.js
@@ -2,7 +2,6 @@
 
 const winston = require('winston');
 const validator = require('validator');
-const util = require('util');
 const _ = require('lodash');
 const db = require('../database');
 const meta = require('../meta');
@@ -62,17 +61,10 @@ module.exports = function (User) {
 		]);
 	};
 
-	const getSessionFromStore = util.promisify(
-		(sid, callback) => db.sessionStore.get(sid, (err, sessObj) => callback(err, sessObj || null))
-	);
-	const sessionStoreDestroy = util.promisify(
-		(sid, callback) => db.sessionStore.destroy(sid, err => callback(err))
-	);
-
 	User.auth.getSessions = async function (uid, curSessionId) {
 		await cleanExpiredSessions(uid);
 		const sids = await db.getSortedSetRevRange(`uid:${uid}:sessions`, 0, 19);
-		let sessions = await Promise.all(sids.map(sid => getSessionFromStore(sid)));
+		let sessions = await Promise.all(sids.map(sid => db.sessionStoreGet(sid)));
 		sessions = sessions.map((sessObj, idx) => {
 			if (sessObj && sessObj.meta) {
 				sessObj.meta.current = curSessionId === sids[idx];
@@ -93,7 +85,7 @@ module.exports = function (User) {
 		const expiredSids = [];
 		await Promise.all(Object.keys(uuidMapping).map(async (uuid) => {
 			const sid = uuidMapping[uuid];
-			const sessionObj = await getSessionFromStore(sid);
+			const sessionObj = await db.sessionStoreGet(sid);
 			const expired = !sessionObj || !sessionObj.hasOwnProperty('passport') ||
 				!sessionObj.passport.hasOwnProperty('user') ||
 				parseInt(sessionObj.passport.user, 10) !== parseInt(uid, 10);
@@ -128,13 +120,13 @@ module.exports = function (User) {
 
 	User.auth.revokeSession = async function (sessionId, uid) {
 		winston.verbose(`[user.auth] Revoking session ${sessionId} for user ${uid}`);
-		const sessionObj = await getSessionFromStore(sessionId);
+		const sessionObj = await db.sessionStoreGet(sessionId);
 		if (sessionObj && sessionObj.meta && sessionObj.meta.uuid) {
 			await db.deleteObjectField(`uid:${uid}:sessionUUID:sessionId`, sessionObj.meta.uuid);
 		}
 		await Promise.all([
 			db.sortedSetRemove(`uid:${uid}:sessions`, sessionId),
-			sessionStoreDestroy(sessionId),
+			db.sessionStoreDestroy(sessionId),
 		]);
 	};
 
@@ -159,7 +151,7 @@ module.exports = function (User) {
 
 			await Promise.all([
 				db.deleteAll(sessionKeys.concat(sessionUUIDKeys)),
-				...sids.map(sid => sessionStoreDestroy(sid)),
+				...sids.map(sid => db.sessionStoreDestroy(sid)),
 			]);
 		}, { batch: 1000 });
 	};

From f31faa457d1f11aa97d4f2b6276b615313eda47b Mon Sep 17 00:00:00 2001
From: Misty Release Bot <deploy@nodebb.org>
Date: Wed, 29 Nov 2023 17:21:39 +0000
Subject: [PATCH 2/3] chore: incrementing version number - v3.5.2

---
 install/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/install/package.json b/install/package.json
index 93af7416b7..5ef77abd22 100644
--- a/install/package.json
+++ b/install/package.json
@@ -2,7 +2,7 @@
     "name": "nodebb",
     "license": "GPL-3.0",
     "description": "NodeBB Forum",
-    "version": "3.5.1",
+    "version": "3.5.2",
     "homepage": "https://www.nodebb.org",
     "repository": {
         "type": "git",

From e2e85053a6bb2988aa9f4f1f10b36e0c4a0f1025 Mon Sep 17 00:00:00 2001
From: Misty Release Bot <deploy@nodebb.org>
Date: Wed, 29 Nov 2023 17:21:40 +0000
Subject: [PATCH 3/3] chore: update changelog for v3.5.2

---
 CHANGELOG.md | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 84078cf370..0a0993f03d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,44 @@
+#### v3.5.2 (2023-11-29)
+
+##### Chores
+
+*  up composer (49013f81)
+*  incrementing version number - v3.5.1 (4c543488)
+*  update changelog for v3.5.1 (48f7ae99)
+*  incrementing version number - v3.5.0 (d06fb4f0)
+*  incrementing version number - v3.4.3 (5c984250)
+*  incrementing version number - v3.4.2 (3f0dac38)
+*  incrementing version number - v3.4.1 (01e69574)
+*  incrementing version number - v3.4.0 (fd9247c5)
+*  incrementing version number - v3.3.9 (5805e770)
+*  incrementing version number - v3.3.8 (a5603565)
+*  incrementing version number - v3.3.7 (b26f1744)
+*  incrementing version number - v3.3.6 (7fb38792)
+*  incrementing version number - v3.3.4 (a67f84ea)
+*  incrementing version number - v3.3.3 (f94d239b)
+*  incrementing version number - v3.3.2 (ec9dac97)
+*  incrementing version number - v3.3.1 (151cc68f)
+*  incrementing version number - v3.3.0 (fc1ad70f)
+*  incrementing version number - v3.2.3 (b06d3e63)
+*  incrementing version number - v3.2.2 (758ecfcd)
+*  incrementing version number - v3.2.1 (20145074)
+*  incrementing version number - v3.2.0 (9ecac38e)
+*  incrementing version number - v3.1.7 (0b4e81ab)
+*  incrementing version number - v3.1.6 (b3a3b130)
+*  incrementing version number - v3.1.5 (ec19343a)
+*  incrementing version number - v3.1.4 (2452783c)
+*  incrementing version number - v3.1.3 (3b4e9d3f)
+*  incrementing version number - v3.1.2 (40fa3489)
+*  incrementing version number - v3.1.1 (40250733)
+*  incrementing version number - v3.1.0 (0cb386bd)
+*  incrementing version number - v3.0.1 (26f6ea49)
+*  incrementing version number - v3.0.0 (224e08cd)
+
+##### Bug Fixes
+
+*  closes #12185, fix cli user password reset (6790000d)
+*  thumb width (a9ef58a5)
+
 #### v3.5.1 (2023-11-14)
 
 ##### Chores