From b8d498439281ca2515c5a3219318e97727e21b60 Mon Sep 17 00:00:00 2001 From: Cassie Tarakajian Date: Tue, 5 Oct 2021 14:52:25 -0400 Subject: [PATCH 1/3] Add banned attribute to user model --- server/config/passport.js | 23 ++++++++++++++++++++++- server/models/user.js | 3 ++- 2 files changed, 24 insertions(+), 2 deletions(-) diff --git a/server/config/passport.js b/server/config/passport.js index 63b90e6fc6..fd5a029867 100644 --- a/server/config/passport.js +++ b/server/config/passport.js @@ -38,6 +38,11 @@ passport.use( if (!user) { done(null, false, { msg: `Email ${email} not found.` }); return; + } else if (user.banned) { + const msg = + 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; + done(null, false, { msg }); + return; } user.comparePassword(password, (innerErr, isMatch) => { if (isMatch) { @@ -65,6 +70,12 @@ passport.use( done(null, false); return; } + if (user.banned) { + const msg = + 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; + done(null, false, { msg }); + return; + } user.findMatchingKey(key, (innerErr, isMatch, keyDocument) => { if (isMatch) { keyDocument.lastUsedAt = Date.now(); @@ -116,6 +127,11 @@ passport.use( new Error('GitHub account is already linked to another account.') ); return; + } else if (existingUser.banned) { + const msg = + 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; + done(new Error(msg)); + return; } done(null, existingUser); return; @@ -123,6 +139,7 @@ passport.use( const emails = getVerifiedEmails(profile.emails); const primaryEmail = getPrimaryEmail(profile.emails); + console.log(profile); if (req.user) { if (!req.user.github) { @@ -196,11 +213,15 @@ passport.use( ) ); return; + } else if (existingUser.banned) { + const msg = + 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; + done(new Error(msg)); + return; } done(null, existingUser); return; } - const primaryEmail = profile._json.emails[0].value; if (req.user) { diff --git a/server/models/user.js b/server/models/user.js index 0ffe79c6c5..8e03edaf50 100644 --- a/server/models/user.js +++ b/server/models/user.js @@ -81,7 +81,8 @@ const userSchema = new Schema( type: String, enum: ['none', 'essential', 'all'], default: 'none' - } + }, + banned: { type: Boolean, default: false } }, { timestamps: true, usePushEach: true } ); From d58ca8f1c96cfe3c05a1f3e6688dc30358109322 Mon Sep 17 00:00:00 2001 From: Cassie Tarakajian Date: Tue, 5 Oct 2021 16:06:02 -0400 Subject: [PATCH 2/3] Update account ban code to work with OAuth logins --- server/config/passport.js | 28 +++++++++++++++------------- 1 file changed, 15 insertions(+), 13 deletions(-) diff --git a/server/config/passport.js b/server/config/passport.js index 20286f9575..617d0d0275 100644 --- a/server/config/passport.js +++ b/server/config/passport.js @@ -10,6 +10,9 @@ import { BasicStrategy } from 'passport-http'; import User from '../models/user'; +const accountSuspensionMessage = + 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; + function generateUniqueUsername(username) { const adj = friendlyWords.predicates[ @@ -39,9 +42,7 @@ passport.use( done(null, false, { msg: `Email ${email} not found.` }); return; } else if (user.banned) { - const msg = - 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; - done(null, false, { msg }); + done(null, false, { msg: accountSuspensionMessage }); return; } user.comparePassword(password, (innerErr, isMatch) => { @@ -71,9 +72,7 @@ passport.use( return; } if (user.banned) { - const msg = - 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; - done(null, false, { msg }); + done(null, false, { msg: accountSuspensionMessage }); return; } user.findMatchingKey(key, (innerErr, isMatch, keyDocument) => { @@ -129,9 +128,7 @@ passport.use( ); return; } else if (existingUser.banned) { - const msg = - 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; - done(new Error(msg)); + done(new Error(accountSuspensionMessage)); return; } done(null, existingUser); @@ -140,7 +137,6 @@ passport.use( const emails = getVerifiedEmails(profile.emails); const primaryEmail = getPrimaryEmail(profile.emails); - console.log(profile); if (req.user) { if (!req.user.github) { @@ -162,6 +158,10 @@ passport.use( } else { [existingEmailUser] = existingEmailUsers; } + if (existingEmailUser.banned) { + done(new Error(accountSuspensionMessage)); + return; + } existingEmailUser.email = existingEmailUser.email || primaryEmail; existingEmailUser.github = profile.id; existingEmailUser.username = @@ -225,9 +225,7 @@ passport.use( ); return; } else if (existingUser.banned) { - const msg = - 'Account has been suspended. Please contact privacy@p5js.org if you believe this is an error.'; - done(new Error(msg)); + done(new Error(accountSuspensionMessage)); return; } done(null, existingUser); @@ -257,6 +255,10 @@ passport.use( // what if a username is already taken from the display name too? // then, append a random friendly word? if (existingEmailUser) { + if (existingEmailUser.banned) { + done(new Error(accountSuspensionMessage)); + return; + } existingEmailUser.email = existingEmailUser.email || primaryEmail; existingEmailUser.google = profile._json.emails[0].value; From 90eb9d14c6554ac658394c91f2b7dd7f100a0e19 Mon Sep 17 00:00:00 2001 From: Cassie Tarakajian Date: Tue, 5 Oct 2021 16:38:36 -0400 Subject: [PATCH 3/3] Ban user if they are already logged in --- server/controllers/session.controller.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/server/controllers/session.controller.js b/server/controllers/session.controller.js index c08c8cc124..5306f86806 100644 --- a/server/controllers/session.controller.js +++ b/server/controllers/session.controller.js @@ -24,7 +24,7 @@ export function createSession(req, res, next) { } export function getSession(req, res) { - if (req.user) { + if (req.user && !req.user.banned) { return res.json(userResponse(req.user)); } return res.status(404).send({ message: 'Session does not exist' });