summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--locales/en/auth.json3
-rw-r--r--src/routes/auth/login.ts20
-rw-r--r--src/routes/users/@me/disable.ts16
3 files changed, 29 insertions, 10 deletions
diff --git a/locales/en/auth.json b/locales/en/auth.json
index bcf6fca5..e19547a0 100644
--- a/locales/en/auth.json
+++ b/locales/en/auth.json
@@ -1,7 +1,8 @@
 {
 	"login": {
 		"INVALID_LOGIN": "E-Mail or Phone not found",
-		"INVALID_PASSWORD": "Invalid Password"
+		"INVALID_PASSWORD": "Invalid Password",
+		"ACCOUNT_DISABLED": "This account is disabled"
 	},
 	"register": {
 		"REGISTRATION_DISABLED": "New user registration is disabled",
diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts
index af00a46d..c92ddccc 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -9,7 +9,8 @@ import RateLimit from "../../middlewares/RateLimit";
 const router: Router = Router();
 export default router;
 
-// TODO: check if user is deleted/restricted
+// TODO: check if user is deleted --> prohibit login
+
 router.post(
 	"/",
 	RateLimit({ count: 5, window: 60, onylIp: true }),
@@ -22,7 +23,7 @@ router.post(
 		$gift_code_sku_id: String
 	}),
 	async (req: Request, res: Response) => {
-		const { login, password, captcha_key } = req.body;
+		const { login, password, captcha_key, undelete } = req.body;
 		const email = adjustEmail(login);
 		const query: any[] = [{ phone: login }];
 		if (email) query.push({ email });
@@ -62,6 +63,13 @@ router.post(
 				throw FieldErrors({ login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" } });
 			});
 
+		if (user.disabled && undelete) {
+			// undelete refers to un'disable' here
+			await UserModel.updateOne({ id: req.user_id }, { disabled: false }).exec();
+		} else if (user.disabled) {
+			return res.status(400).json({ message: req.t("auth:login.ACCOUNT_DISABLED"), code: 20013 });
+		}
+
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(password, user.user_data.hash || "");
 		if (!same_password) {
@@ -100,14 +108,14 @@ export async function generateToken(id: string) {
 /**
  * POST /auth/login
  * @argument { login: "email@gmail.com", password: "cleartextpassword", undelete: false, captcha_key: null, login_source: null, gift_code_sku_id: null, }
- 
+
  * MFA required:
  * @returns {"token": null, "mfa": true, "sms": true, "ticket": "SOME TICKET JWT TOKEN"}
- 
+
  * Captcha required:
  * @returns {"captcha_key": ["captcha-required"], "captcha_sitekey": null, "captcha_service": "recaptcha"}
- 
+
  * Sucess:
  * @returns {"token": "USERTOKEN", "user_settings": {"locale": "en", "theme": "dark"}}
- 
+
  */
diff --git a/src/routes/users/@me/disable.ts b/src/routes/users/@me/disable.ts
index b16ef783..0e5b734e 100644
--- a/src/routes/users/@me/disable.ts
+++ b/src/routes/users/@me/disable.ts
@@ -1,10 +1,20 @@
+import { UserModel } from "@fosscord/server-util";
 import { Router, Response, Request } from "express";
+import bcrypt from "bcrypt";
 
 const router = Router();
 
-router.post("/", (req: Request, res: Response) => {
-	// TODO:
-	res.sendStatus(204);
+router.post("/", async (req: Request, res: Response) => {
+	const user = await UserModel.findOne({ id: req.user_id }).exec(); //User object
+
+	let correctpass = await bcrypt.compare(req.body.password, user!.user_data.hash); //Not sure if user typed right password :/
+	if (correctpass) {
+		await UserModel.updateOne({ id: req.user_id }, { disabled: true }).exec();
+
+		res.sendStatus(204);
+	} else {
+		res.status(400).json({ message: "Password does not match", code: 50018 });
+	}
 });
 
 export default router;