Skip to content

Commit

Permalink
feat: track uid for email/username changes, closes #12454
Browse files Browse the repository at this point in the history
  • Loading branch information
@barisusakli
barisusakli committed Apr 29, 2024
1 parent c036786 commit 325d00e
Show file tree
Hide file tree
Showing 6 changed files with 25 additions and 13 deletions.
4 changes: 2 additions & 2 deletions install/package.json
View file
Expand Up @@ -103,10 +103,10 @@
"nodebb-plugin-ntfy": "1.7.4",
"nodebb-plugin-spam-be-gone": "2.2.2",
"nodebb-rewards-essentials": "1.0.0",
"nodebb-theme-harmony": "1.2.53",
"nodebb-theme-harmony": "1.2.54",
"nodebb-theme-lavender": "7.1.8",
"nodebb-theme-peace": "2.2.4",
"nodebb-theme-persona": "13.3.18",
"nodebb-theme-persona": "13.3.19",
"nodebb-widget-essentials": "7.0.16",
"nodemailer": "6.9.13",
"nprogress": "0.2.0",
Expand Down
4 changes: 2 additions & 2 deletions src/api/users.js
View file
Expand Up @@ -454,7 +454,7 @@ usersAPI.addEmail = async (caller, { email, skipConfirmation, uid }) => {
throw new Error('[[error:email-taken]]');
}
await user.setUserField(uid, 'email', email);
await user.email.confirmByUid(uid);
await user.email.confirmByUid(uid, caller.uid);
}
} else {
await usersAPI.update(caller, { uid, email });
Expand Down Expand Up @@ -504,7 +504,7 @@ usersAPI.confirmEmail = async (caller, { uid, email, sessionId }) => {
await user.email.confirmByCode(code, sessionId);
return true;
} else if (current && current === email) { // i.e. old account w/ unconf. email in user hash
await user.email.confirmByUid(uid);
await user.email.confirmByUid(uid, caller.uid);
return true;
}

Expand Down
2 changes: 1 addition & 1 deletion src/socket.io/admin/user.js
View file
Expand Up @@ -70,7 +70,7 @@ User.validateEmail = async function (socket, uids) {
if (email) {
await user.setUserField(uid, 'email', email);
}
await user.email.confirmByUid(uid);
await user.email.confirmByUid(uid, socket.uid);
}
};

Expand Down
5 changes: 3 additions & 2 deletions src/user/email.js
View file
Expand Up @@ -214,10 +214,11 @@ UserEmail.confirmByCode = async function (code, sessionId) {
};

// confirm uid's email via ACP
UserEmail.confirmByUid = async function (uid) {
UserEmail.confirmByUid = async function (uid, callerUid = 0) {
if (!(parseInt(uid, 10) > 0)) {
throw new Error('[[error:invalid-uid]]');
}
callerUid = callerUid || uid;
const currentEmail = await user.getUserField(uid, 'email');
if (!currentEmail) {
throw new Error('[[error:invalid-email]]');
Expand All @@ -241,7 +242,7 @@ UserEmail.confirmByUid = async function (uid) {
db.sortedSetAddBulk([
['email:uid', uid, currentEmail.toLowerCase()],
['email:sorted', 0, `${currentEmail.toLowerCase()}:${uid}`],
[`user:${uid}:emails`, Date.now(), `${currentEmail}:${Date.now()}`],
[`user:${uid}:emails`, Date.now(), `${currentEmail}:${Date.now()}:${callerUid}`],
]),
user.setUserField(uid, 'email:confirmed', 1),
groups.join('verified-users', uid),
Expand Down
17 changes: 14 additions & 3 deletions src/user/info.js
View file
Expand Up @@ -60,13 +60,24 @@ module.exports = function (User) {

User.getHistory = async function (set) {
const data = await db.getSortedSetRevRangeWithScores(set, 0, -1);
return data.map((set) => {
data.forEach((set) => {
set.timestamp = set.score;
set.timestampISO = utils.toISOString(set.score);
set.value = validator.escape(String(set.value.split(':')[0]));
const parts = set.value.split(':');
set.value = validator.escape(String(parts[0]));
set.byUid = validator.escape(String(parts[2] || ''));
delete set.score;
return set;
});

const uids = _.uniq(data.map(d => d && d.byUid).filter(Boolean));
const usersData = await User.getUsersFields(uids, ['uid', 'username', 'userslug', 'picture']);
const uidToUser = _.zipObject(uids, usersData);
data.forEach((d) => {
if (d.byUid) {
d.byUser = uidToUser[d.byUid];
}
});
return data;
};

async function getFlagMetadata(flags) {
Expand Down
6 changes: 3 additions & 3 deletions src/user/profile.js
View file
Expand Up @@ -48,7 +48,7 @@ module.exports = function (User) {
if (field === 'email') {
return await updateEmail(updateUid, data.email);
} else if (field === 'username') {
return await updateUsername(updateUid, data.username);
return await updateUsername(updateUid, data.username, uid);
} else if (field === 'fullname') {
return await updateFullname(updateUid, data.fullname);
}
Expand Down Expand Up @@ -247,7 +247,7 @@ module.exports = function (User) {
}
}

async function updateUsername(uid, newUsername) {
async function updateUsername(uid, newUsername, callerUid) {
if (!newUsername) {
return;
}
Expand All @@ -260,7 +260,7 @@ module.exports = function (User) {
await Promise.all([
updateUidMapping('username', uid, newUsername, userData.username),
updateUidMapping('userslug', uid, newUserslug, userData.userslug),
db.sortedSetAdd(`user:${uid}:usernames`, now, `${newUsername}:${now}`),
db.sortedSetAdd(`user:${uid}:usernames`, now, `${newUsername}:${now}:${callerUid}`),
]);
await db.sortedSetRemove('username:sorted', `${userData.username.toLowerCase()}:${uid}`);
await db.sortedSetAdd('username:sorted', 0, `${newUsername.toLowerCase()}:${uid}`);
Expand Down

0 comments on commit 325d00e

Please sign in to comment.