From e1a66c38da10022e9a3260e02c68e89736c9bf28 Mon Sep 17 00:00:00 2001 From: Evert Date: Tue, 13 Feb 2018 22:32:11 +0200 Subject: [PATCH] Locking users mechanism --- server/api/admin.js | 19 +++++++++++++++++++ server/routes/admin.js | 9 +++++++++ 2 files changed, 28 insertions(+) diff --git a/server/api/admin.js b/server/api/admin.js index 25b06c8..5c48020 100644 --- a/server/api/admin.js +++ b/server/api/admin.js @@ -313,6 +313,25 @@ const API = { await Models.Ban.query().insert(banAdd) return {} + }, + lockAccount: async function (userId) { + let user = await Users.User.get(userId) + if (user.id === 1 || user.nw_privilege > 2) { + throw new Error('Cannot lock this user.') + } + + let lockId = Users.Hash(4) + let userObf = { + username: lockId, + display_name: user.username, + email: `${lockId}@icynet.eu`, + password: null, + activated: false, + locked: true, + avatar_file: null + } + + return Users.User.update(user, userObf) } } diff --git a/server/routes/admin.js b/server/routes/admin.js index 00d1933..70a0445 100644 --- a/server/routes/admin.js +++ b/server/routes/admin.js @@ -156,6 +156,15 @@ apiRouter.post('/user/reset_password', csrfVerify, wrap(async (req, res) => { res.jsonp(await API.sendPasswordEmail(id)) })) +apiRouter.post('/user/lock', csrfVerify, wrap(async (req, res) => { + let id = parseInt(req.body.user_id) + if (isNaN(id)) { + throw new Error('Invalid or missing user ID') + } + + res.jsonp(await API.lockAccount(id)) +})) + const availableScopes = ['uuid', 'email', 'username', 'display_name'] apiRouter.get('/search/users', wrap(async (req, res) => { if (!req.query.terms) throw new Error('Please specify search terms!')