From 31ae8a83234c6177a9715683793e83b56ace943a Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Thu, 15 Oct 2020 16:21:45 -0400 Subject: [PATCH] refactor: socket profile update to use api lib --- src/api/users.js | 2 +- src/controllers/write/users.js | 2 +- src/socket.io/user/profile.js | 53 ++-------------------------------- 3 files changed, 4 insertions(+), 53 deletions(-) diff --git a/src/api/users.js b/src/api/users.js index 2062846981..89c0fa7e2b 100644 --- a/src/api/users.js +++ b/src/api/users.js @@ -27,7 +27,7 @@ usersAPI.update = async function (caller, data) { ]); // Changing own email/username requires password confirmation - if (caller.uid === targetUid && !passwordMatch) { + if (['email', 'username'].some(prop => Object.keys(data).includes(prop)) && !isAdminOrGlobalMod && caller.uid === targetUid && !passwordMatch) { throw new Error('[[error:invalid-password]]'); } diff --git a/src/controllers/write/users.js b/src/controllers/write/users.js index 362a8035e4..7102f42a33 100644 --- a/src/controllers/write/users.js +++ b/src/controllers/write/users.js @@ -24,7 +24,7 @@ Users.create = async (req, res) => { }; Users.update = async (req, res) => { - const userObj = await api.users.update(req, req.body); + const userObj = await api.users.update(req, { ...req.body, ...req.params }); helpers.formatApiResponse(200, res, userObj); }; diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js index 18f079e133..0345faf215 100644 --- a/src/socket.io/user/profile.js +++ b/src/socket.io/user/profile.js @@ -2,10 +2,9 @@ const winston = require('winston'); +const api = require('../../api'); const user = require('../../user'); -const meta = require('../../meta'); const events = require('../../events'); -const privileges = require('../../privileges'); const notifications = require('../../notifications'); const db = require('../../database'); const plugins = require('../../plugins'); @@ -98,55 +97,7 @@ module.exports = function (SocketUser) { SocketUser.updateProfile = async function (socket, data) { sockets.warnDeprecated(socket, 'PUT /api/v3/users/:uid'); - - if (!socket.uid) { - throw new Error('[[error:invalid-uid]]'); - } - - if (!data || !data.uid) { - throw new Error('[[error:invalid-data]]'); - } - - const oldUserData = await user.getUserFields(data.uid, ['email', 'username']); - if (!oldUserData || !oldUserData.username) { - throw new Error('[[error:invalid-data]]'); - } - - const [isAdminOrGlobalMod, canEdit] = await Promise.all([ - user.isAdminOrGlobalMod(socket.uid), - privileges.users.canEdit(socket.uid, data.uid), - ]); - - if (!canEdit) { - throw new Error('[[error:no-privileges]]'); - } - - if (!isAdminOrGlobalMod && meta.config['username:disableEdit']) { - data.username = oldUserData.username; - } - - if (!isAdminOrGlobalMod && meta.config['email:disableEdit']) { - data.email = oldUserData.email; - } - - const userData = await user.updateProfile(socket.uid, data); - - async function log(type, eventData) { - eventData.type = type; - eventData.uid = socket.uid; - eventData.targetUid = data.uid; - eventData.ip = socket.ip; - await events.log(eventData); - } - - if (userData.email !== oldUserData.email) { - await log('email-change', { oldEmail: oldUserData.email, newEmail: userData.email }); - } - - if (userData.username !== oldUserData.username) { - await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username }); - } - return userData; + return await api.users.update(socket, data); }; SocketUser.toggleBlock = async function (socket, data) {