Locking users mechanism

2018-02-13 22:32:11 +02:00 · 2018-02-13 22:32:11 +02:00 · e1a66c38da
commit e1a66c38da
parent a6f8819a47
2 changed files with 28 additions and 0 deletions
--- a/server/api/admin.js
+++ b/server/api/admin.js
@ -313,6 +313,25 @@ const API = {

    await Models.Ban.query().insert(banAdd)
    return {}
+  },
+  lockAccount: async function (userId) {
+    let user = await Users.User.get(userId)
+    if (user.id === 1 || user.nw_privilege > 2) {
+      throw new Error('Cannot lock this user.')
+    }
+
+    let lockId = Users.Hash(4)
+    let userObf = {
+      username: lockId,
+      display_name: user.username,
+      email: `${lockId}@icynet.eu`,
+      password: null,
+      activated: false,
+      locked: true,
+      avatar_file: null
+    }
+
+    return Users.User.update(user, userObf)
  }
 }

--- a/server/routes/admin.js
+++ b/server/routes/admin.js
@ -156,6 +156,15 @@ apiRouter.post('/user/reset_password', csrfVerify, wrap(async (req, res) => {
  res.jsonp(await API.sendPasswordEmail(id))
 }))

+apiRouter.post('/user/lock', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.user_id)
+  if (isNaN(id)) {
+    throw new Error('Invalid or missing user ID')
+  }
+
+  res.jsonp(await API.lockAccount(id))
+}))
+
 const availableScopes = ['uuid', 'email', 'username', 'display_name']
 apiRouter.get('/search/users', wrap(async (req, res) => {
  if (!req.query.terms) throw new Error('Please specify search terms!')