From e1a66c38da10022e9a3260e02c68e89736c9bf28 Mon Sep 17 00:00:00 2001
From: Evert <imsonotsleepy@gmail.com>
Date: Tue, 13 Feb 2018 22:32:11 +0200
Subject: [PATCH] Locking users mechanism

---
 server/api/admin.js    | 19 +++++++++++++++++++
 server/routes/admin.js |  9 +++++++++
 2 files changed, 28 insertions(+)

diff --git a/server/api/admin.js b/server/api/admin.js
index 25b06c8..5c48020 100644
--- a/server/api/admin.js
+++ b/server/api/admin.js
@@ -313,6 +313,25 @@ const API = {
 
     await Models.Ban.query().insert(banAdd)
     return {}
+  },
+  lockAccount: async function (userId) {
+    let user = await Users.User.get(userId)
+    if (user.id === 1 || user.nw_privilege > 2) {
+      throw new Error('Cannot lock this user.')
+    }
+
+    let lockId = Users.Hash(4)
+    let userObf = {
+      username: lockId,
+      display_name: user.username,
+      email: `${lockId}@icynet.eu`,
+      password: null,
+      activated: false,
+      locked: true,
+      avatar_file: null
+    }
+
+    return Users.User.update(user, userObf)
   }
 }
 
diff --git a/server/routes/admin.js b/server/routes/admin.js
index 00d1933..70a0445 100644
--- a/server/routes/admin.js
+++ b/server/routes/admin.js
@@ -156,6 +156,15 @@ apiRouter.post('/user/reset_password', csrfVerify, wrap(async (req, res) => {
   res.jsonp(await API.sendPasswordEmail(id))
 }))
 
+apiRouter.post('/user/lock', csrfVerify, wrap(async (req, res) => {
+  let id = parseInt(req.body.user_id)
+  if (isNaN(id)) {
+    throw new Error('Invalid or missing user ID')
+  }
+
+  res.jsonp(await API.lockAccount(id))
+}))
+
 const availableScopes = ['uuid', 'email', 'username', 'display_name']
 apiRouter.get('/search/users', wrap(async (req, res) => {
   if (!req.query.terms) throw new Error('Please specify search terms!')