From 7d115c8ef2fd7a94ea0841cbe0b68305b23ee94b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 5 Jul 2021 14:00:48 -0400
Subject: [PATCH] fix(emails): dont allow retrieving user data if showemail is
 false @julianlam

---
 src/controllers/user.js | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/controllers/user.js b/src/controllers/user.js
index acd018ce67..1692c618fb 100644
--- a/src/controllers/user.js
+++ b/src/controllers/user.js
@@ -46,6 +46,12 @@ userController.getUserDataByField = async function (callerUid, field, fieldValue
 		uid = await user.getUidByUsername(fieldValue);
 	} else if (field === 'email') {
 		uid = await user.getUidByEmail(fieldValue);
+		if (uid) {
+			const settings = await user.getSettings(uid);
+			if (settings && !settings.showemail) {
+				uid = 0;
+			}
+		}
 	}
 	if (!uid) {
 		return null;