From f2bb42c076ea90e73e7bfba65282388d3c51f03e Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 6 Nov 2020 11:53:56 -0500
Subject: [PATCH] fix: user exist route needs no authentication

---
 src/routes/write/users.js | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/routes/write/users.js b/src/routes/write/users.js
index 3863f75ee9..4538c20213 100644
--- a/src/routes/write/users.js
+++ b/src/routes/write/users.js
@@ -18,6 +18,7 @@ function authenticatedRoutes() {
 	setupApiRoute(router, 'post', '/', [...middlewares, middleware.checkRequired.bind(null, ['username'])], controllers.write.users.create);
 	setupApiRoute(router, 'delete', '/', [...middlewares, middleware.checkRequired.bind(null, ['uids'])], controllers.write.users.deleteMany);
 
+	setupApiRoute(router, 'head', '/:uid', [middleware.assert.user], controllers.write.users.exists);
 	setupApiRoute(router, 'put', '/:uid', [...middlewares, middleware.assert.user], controllers.write.users.update);
 	setupApiRoute(router, 'delete', '/:uid', [...middlewares, middleware.assert.user, middleware.exposePrivileges], controllers.write.users.delete);
 
@@ -35,7 +36,7 @@ function authenticatedRoutes() {
 	setupApiRoute(router, 'delete', '/:uid/tokens/:token', [...middlewares, middleware.assert.user], controllers.write.users.deleteToken);
 
 	// Shorthand route to access user routes by userslug
-	router.all('/+bySlug/:userslug*?', [...middlewares], controllers.write.users.redirectBySlug);
+	router.all('/+bySlug/:userslug*?', [], controllers.write.users.redirectBySlug);
 }
 
 module.exports = function () {