hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

closes #5804

Browse Source
v1.18.x
Baris Usakli 7 years ago
parent 2ec54166f7
commit eeedba697b
3 changed files with 65 additions and 18 deletions
Show Stats Download Patch File Download Diff File

9
src/user.js
Unescape Escape View File

@ -102,10 +102,11 @@ User.getUsersWithFields = function (uids, fields, uid, callback) {
}; };
User.getUsers = function (uids, uid, callback) { User.getUsers = function (uids, uid, callback) {
var fields = ['uid', 'username', 'userslug', 'picture', 'status', 'flags', User.getUsersWithFields(uids, [
'banned', 'banned:expire', 'joindate', 'postcount', 'reputation', 'email:confirmed', 'lastonline']; 'uid', 'username', 'userslug', 'picture', 'status',
'postcount', 'reputation', 'email:confirmed', 'lastonline',
User.getUsersWithFields(uids, fields, uid, callback); 'flags', 'banned', 'banned:expire', 'joindate',
], uid, callback);
}; };
User.getStatus = function (userData) { User.getStatus = function (userData) {

36
src/user/data.js
Unescape Escape View File

@ -11,8 +11,20 @@ var plugins = require('../plugins');
var utils = require('../utils'); var utils = require('../utils');
module.exports = function (User) { module.exports = function (User) {
var iconBackgrounds = ['#f44336', '#e91e63', '#9c27b0', '#673ab7', '#3f51b5', '#2196f3', var iconBackgrounds = [
'#009688', '#1b5e20', '#33691e', '#827717', '#e65100', '#ff5722', '#795548', '#607d8b']; '#f44336', '#e91e63', '#9c27b0', '#673ab7', '#3f51b5', '#2196f3',
'#009688', '#1b5e20', '#33691e', '#827717', '#e65100', '#ff5722',
'#795548', '#607d8b',
];
var fieldWhitelist = [
'uid', 'username', 'userslug', 'email', 'email:confirmed', 'joindate',
'lastonline', 'picture', 'fullname', 'location', 'birthday', 'website',
'aboutme', 'signature', 'uploadedpicture', 'profileviews', 'reputation',
'postcount', 'topiccount', 'lastposttime', 'banned', 'banned:expire',
'status', 'flags', 'followerCount', 'followingCount', 'cover:url',
'cover:position', 'groupTitle',
];
User.getUserField = function (uid, field, callback) { User.getUserField = function (uid, field, callback) {
User.getUserFields(uid, [field], function (err, user) { User.getUserFields(uid, [field], function (err, user) {
@ -48,7 +60,6 @@ module.exports = function (User) {
} }
if (fields.indexOf('picture') !== -1) { if (fields.indexOf('picture') !== -1) {
addField('email');
addField('uploadedpicture'); addField('uploadedpicture');
} }
@ -62,11 +73,18 @@ module.exports = function (User) {
async.waterfall([ async.waterfall([
function (next) { function (next) {
plugins.fireHook('filter:user.whitelistFields', { uids: uids, whitelist: fieldWhitelist.slice() }, next);
},
function (results, next) {
if (fields.length) { if (fields.length) {
db.getObjectsFields(uidsToUserKeys(uniqueUids), fields, next); fields = fields.filter(function (field) {
return field && results.whitelist.includes(field);
});
} else { } else {
db.getObjects(uidsToUserKeys(uniqueUids), next); fields = results.whitelist;
} }
db.getObjectsFields(uidsToUserKeys(uniqueUids), fields, next);
}, },
function (users, next) { function (users, next) {
users = uidsToUsers(uids, uniqueUids, users); users = uidsToUsers(uids, uniqueUids, users);
@ -118,14 +136,6 @@ module.exports = function (User) {
user.username = validator.escape(user.username ? user.username.toString() : ''); user.username = validator.escape(user.username ? user.username.toString() : '');
} }
if (user.password) {
user.password = undefined;
}
if (user.rss_token) {
user.rss_token = undefined;
}
if (!parseInt(user.uid, 10)) { if (!parseInt(user.uid, 10)) {
user.uid = 0; user.uid = 0;
user.username = '[[global:guest]]'; user.username = '[[global:guest]]';

38
test/user.js
Unescape Escape View File

@ -490,12 +490,48 @@ describe('User', function () {
it('should get user data even if one uid is NaN', function (done) { it('should get user data even if one uid is NaN', function (done) {
User.getUsersData([NaN, testUid], function (err, data) { User.getUsersData([NaN, testUid], function (err, data) {
assert.ifError(err); assert.ifError(err);
assert.equal(data[0], null); assert(data[0]);
assert.equal(data[0].username, '[[global:guest]]');
assert(data[1]); assert(data[1]);
assert.equal(data[1].username, userData.username); assert.equal(data[1].username, userData.username);
done(); done();
}); });
}); });
it('should not return private user data', function (done) {
User.setUserFields(testUid, {
fb_token: '123123123',
another_secret: 'abcde',
postcount: '123',
}, function (err) {
assert.ifError(err);
User.getUserData(testUid, function (err, userData) {
assert.ifError(err);
assert(!userData.hasOwnProperty('fb_token'));
assert(!userData.hasOwnProperty('another_secret'));
assert(!userData.hasOwnProperty('password'));
assert(!userData.hasOwnProperty('rss_token'));
assert.equal(userData.postcount, '123');
done();
});
});
});
it('should return private data if field is whitelisted', function (done) {
function filterMethod(data, callback) {
data.whitelist.push('another_secret');
callback(null, data);
}
plugins.registerHook('test-plugin', { hook: 'filter:user.whitelistFields', method: filterMethod });
User.getUserData(testUid, function (err, userData) {
assert.ifError(err);
assert(!userData.hasOwnProperty('fb_token'));
assert.equal(userData.another_secret, 'abcde');
plugins.unregisterHook('test-plugin', 'filter:user.whitelistFields', filterMethod);
done();
});
});
}); });
describe('not logged in', function () { describe('not logged in', function () {

Write Preview
Loading…
Cancel
Save