From d07f0081b7e84b7914a8e44834520d51d86f8e87 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Thu, 15 Oct 2020 15:52:07 -0400 Subject: [PATCH] fix: add missing file --- src/api/users.js | 65 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 src/api/users.js diff --git a/src/api/users.js b/src/api/users.js new file mode 100644 index 0000000000..2062846981 --- /dev/null +++ b/src/api/users.js @@ -0,0 +1,65 @@ +'use strict'; + +const user = require('../user'); +const meta = require('../meta'); +const privileges = require('../privileges'); +const events = require('../events'); + +const usersAPI = module.exports; + +usersAPI.create = async function (caller, data) { + const uid = await user.create(data); + return await user.getUserData(uid); +}; + +usersAPI.update = async function (caller, data) { + const targetUid = caller.params ? caller.params.uid : data.uid; + + const oldUserData = await user.getUserFields(targetUid, ['email', 'username']); + if (!oldUserData || !oldUserData.username) { + throw new Error('[[error:invalid-data]]'); + } + + const [isAdminOrGlobalMod, canEdit, passwordMatch] = await Promise.all([ + user.isAdminOrGlobalMod(caller.uid), + privileges.users.canEdit(caller.uid, targetUid), + data.password ? user.isPasswordCorrect(targetUid, data.password, caller.ip) : false, + ]); + + // Changing own email/username requires password confirmation + if (caller.uid === targetUid && !passwordMatch) { + throw new Error('[[error:invalid-password]]'); + } + + if (!canEdit) { + throw new Error('[[error:no-privileges]]'); + } + + if (!isAdminOrGlobalMod && meta.config['username:disableEdit']) { + data.username = oldUserData.username; + } + + if (!isAdminOrGlobalMod && meta.config['email:disableEdit']) { + data.email = oldUserData.email; + } + + data.uid = targetUid; // The `uid` argument in `updateProfile` refers to calling user, not target user + await user.updateProfile(caller.uid, data); + const userData = await user.getUserData(data.uid); + + async function log(type, eventData) { + eventData.type = type; + eventData.uid = caller.uid; + eventData.targetUid = targetUid; + eventData.ip = caller.ip; + await events.log(eventData); + } + + if (userData.email !== oldUserData.email) { + await log('email-change', { oldEmail: oldUserData.email, newEmail: userData.email }); + } + + if (userData.username !== oldUserData.username) { + await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username }); + } +};