refactor: socket profile update to use api lib

NodeBB · Oct 15, 2020 · 31ae8a8 · 31ae8a8
1 parent d69e503
commit 31ae8a8
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 53 deletions.
diff --git a/src/api/users.js b/src/api/users.js
@@ -27,7 +27,7 @@ usersAPI.update = async function (caller, data) {
 	]);
 
 	// Changing own email/username requires password confirmation
-	if (caller.uid === targetUid && !passwordMatch) {
+	if (['email', 'username'].some(prop => Object.keys(data).includes(prop)) && !isAdminOrGlobalMod && caller.uid === targetUid && !passwordMatch) {
 		throw new Error('[[error:invalid-password]]');
 	}
 

diff --git a/src/controllers/write/users.js b/src/controllers/write/users.js
@@ -24,7 +24,7 @@ Users.create = async (req, res) => {
 };
 
 Users.update = async (req, res) => {
-	const userObj = await api.users.update(req, req.body);
+	const userObj = await api.users.update(req, { ...req.body, ...req.params });
 	helpers.formatApiResponse(200, res, userObj);
 };
 

diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js
@@ -2,10 +2,9 @@
 
 const winston = require('winston');
 
+const api = require('../../api');
 const user = require('../../user');
-const meta = require('../../meta');
 const events = require('../../events');
-const privileges = require('../../privileges');
 const notifications = require('../../notifications');
 const db = require('../../database');
 const plugins = require('../../plugins');
@@ -98,55 +97,7 @@ module.exports = function (SocketUser) {
 
 	SocketUser.updateProfile = async function (socket, data) {
 		sockets.warnDeprecated(socket, 'PUT /api/v3/users/:uid');
-
-		if (!socket.uid) {
-			throw new Error('[[error:invalid-uid]]');
-		}
-
-		if (!data || !data.uid) {
-			throw new Error('[[error:invalid-data]]');
-		}
-
-		const oldUserData = await user.getUserFields(data.uid, ['email', 'username']);
-		if (!oldUserData || !oldUserData.username) {
-			throw new Error('[[error:invalid-data]]');
-		}
-
-		const [isAdminOrGlobalMod, canEdit] = await Promise.all([
-			user.isAdminOrGlobalMod(socket.uid),
-			privileges.users.canEdit(socket.uid, data.uid),
-		]);
-
-		if (!canEdit) {
-			throw new Error('[[error:no-privileges]]');
-		}
-
-		if (!isAdminOrGlobalMod && meta.config['username:disableEdit']) {
-			data.username = oldUserData.username;
-		}
-
-		if (!isAdminOrGlobalMod && meta.config['email:disableEdit']) {
-			data.email = oldUserData.email;
-		}
-
-		const userData = await user.updateProfile(socket.uid, data);
-
-		async function log(type, eventData) {
-			eventData.type = type;
-			eventData.uid = socket.uid;
-			eventData.targetUid = data.uid;
-			eventData.ip = socket.ip;
-			await events.log(eventData);
-		}
-
-		if (userData.email !== oldUserData.email) {
-			await log('email-change', { oldEmail: oldUserData.email, newEmail: userData.email });
-		}
-
-		if (userData.username !== oldUserData.username) {
-			await log('username-change', { oldUsername: oldUserData.username, newUsername: userData.username });
-		}
-		return userData;
+		return await api.users.update(socket, data);
 	};
 
 	SocketUser.toggleBlock = async function (socket, data) {