fix: don't crash in flags.validate if user blocked target

6 years ago · 81aa3a0b8a
parent 5b41969816
commit 81aa3a0b8a
2 changed files with 53 additions and 8 deletions
--- a/src/flags.js
+++ b/src/flags.js
@ -236,7 +236,6 @@ Flags.list = function (filters, uid, callback) {

 Flags.validate = function (payload, callback) {
 	async.parallel({
-		targetExists: async.apply(Flags.targetExists, payload.type, payload.id),
 		target: async.apply(Flags.getTarget, payload.type, payload.id, payload.uid),
 		reporter: async.apply(user.getUserData, payload.uid),
 	}, function (err, data) {
@ -244,8 +243,12 @@ Flags.validate = function (payload, callback) {
 			return callback(err);
 		}

-		if (data.target.deleted) {
+		if (!data.target) {
+			return callback(new Error('[[error:invalid-data]]'));
+		} else if (data.target.deleted) {
 			return callback(new Error('[[error:post-deleted]]'));
+		} else if (!data.reporter || !data.reporter.userslug) {
+			return callback(new Error('[[error:no-user]]'));
 		} else if (data.reporter.banned) {
 			return callback(new Error('[[error:user-banned]]'));
 		}
@ -422,13 +425,18 @@ Flags.getTarget = function (type, id, uid, callback) {
 				switch (type) {
 				case 'post':
 					async.waterfall([
-						async.apply(posts.getPostsByPids, [id], uid),
-						function (posts, next) {
-							topics.addPostData(posts, uid, next);
+						async.apply(posts.getPostsData, [id]),
+						function (postData, next) {
+							async.map(postData, posts.parsePost, next);
 						},
-					], function (err, posts) {
-						next(err, posts[0]);
-					});
+						function (postData, next) {
+							postData = postData.filter(Boolean);
+							topics.addPostData(postData, uid, next);
+						},
+						function (postData, next) {
+							next(null, postData[0]);
+						},
+					], callback);
 					break;

 				case 'user':
--- a/test/flags.js
+++ b/test/flags.js
@ -401,6 +401,43 @@ describe('Flags', function () {
 				});
 			});
 		});
+
+		it('should not error if user blocked target', function (done) {
+			var SocketFlags = require('../src/socket.io/flags.js');
+			var reporterUid;
+			var reporteeUid;
+			async.waterfall([
+				function (next) {
+					User.create({ username: 'reporter' }, next);
+				},
+				function (uid, next) {
+					reporterUid = uid;
+					User.create({ username: 'reportee' }, next);
+				},
+				function (uid, next) {
+					reporteeUid = uid;
+					User.blocks.add(reporteeUid, reporterUid, next);
+				},
+				function (next) {
+					Topics.post({
+						cid: 1,
+						uid: reporteeUid,
+						title: 'Another topic',
+						content: 'This is flaggable content',
+					}, next);
+				},
+				function (data, next) {
+					SocketFlags.create({ uid: reporterUid }, { type: 'post', id: data.postData.pid, reason: 'spam' }, next);
+				},
+			], done);
+		});
+
+		it('should send back error if reporter does not exist', function (done) {
+			Flags.validate({ uid: 123123123, id: 1, type: 'post' }, function (err) {
+				assert.equal(err.message, '[[error:no-user]]');
+				done();
+			});
+		});
 	});

 	describe('.appendNote()', function () {