Locking users mechanism

This commit is contained in:
Evert Prants 2018-02-13 22:32:11 +02:00
parent a6f8819a47
commit e1a66c38da
Signed by: evert
GPG Key ID: 1688DA83D222D0B5
2 changed files with 28 additions and 0 deletions

View File

@ -313,6 +313,25 @@ const API = {
await Models.Ban.query().insert(banAdd) await Models.Ban.query().insert(banAdd)
return {} return {}
},
lockAccount: async function (userId) {
let user = await Users.User.get(userId)
if (user.id === 1 || user.nw_privilege > 2) {
throw new Error('Cannot lock this user.')
}
let lockId = Users.Hash(4)
let userObf = {
username: lockId,
display_name: user.username,
email: `${lockId}@icynet.eu`,
password: null,
activated: false,
locked: true,
avatar_file: null
}
return Users.User.update(user, userObf)
} }
} }

View File

@ -156,6 +156,15 @@ apiRouter.post('/user/reset_password', csrfVerify, wrap(async (req, res) => {
res.jsonp(await API.sendPasswordEmail(id)) res.jsonp(await API.sendPasswordEmail(id))
})) }))
apiRouter.post('/user/lock', csrfVerify, wrap(async (req, res) => {
let id = parseInt(req.body.user_id)
if (isNaN(id)) {
throw new Error('Invalid or missing user ID')
}
res.jsonp(await API.lockAccount(id))
}))
const availableScopes = ['uuid', 'email', 'username', 'display_name'] const availableScopes = ['uuid', 'email', 'username', 'display_name']
apiRouter.get('/search/users', wrap(async (req, res) => { apiRouter.get('/search/users', wrap(async (req, res) => {
if (!req.query.terms) throw new Error('Please specify search terms!') if (!req.query.terms) throw new Error('Please specify search terms!')