Massedil
@@ -133,7 +133,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
|
||||
def create_person(
|
||||
_parent,
|
||||
%{preferred_username: _preferred_username} = args,
|
||||
%{context: %{current_user: user} = context} = _resolution
|
||||
%{context: %{current_user: %{disabled: false} = user} = context} = _resolution
|
||||
) do
|
||||
args = Map.put(args, :user_id, user.id)
|
||||
user_agent = Map.get(context, :user_agent, "")
|
||||
@@ -160,6 +160,21 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
|
||||
end
|
||||
end
|
||||
|
||||
@doc """
|
||||
A logged user that is banned stays logged-in.
|
||||
We need to block the person creation to prevent the user to create new content
|
||||
TODO: Best should be to destroy the session but it seems hard to do with token behaviour.
|
||||
Link: https://framagit.org/kaihuri/mobilizon/-/issues/1842
|
||||
Link: https://framagit.org/kaihuri/mobilizon/-/issues/1842#note_2255364
|
||||
"""
|
||||
def create_person(
|
||||
_parent,
|
||||
%{preferred_username: _preferred_username} = _args,
|
||||
%{context: %{current_user: %{disabled: true} = _user} = _context} = _resolution
|
||||
) do
|
||||
{:error, :user_disabled}
|
||||
end
|
||||
|
||||
def create_person(_parent, _args, _resolution) do
|
||||
{:error, :unauthenticated}
|
||||
end
|
||||
|
||||
@@ -232,6 +232,30 @@ defmodule Mobilizon.GraphQL.Resolvers.PersonTest do
|
||||
MapSet.new([actor.preferred_username, "new_identity"])
|
||||
end
|
||||
|
||||
# Link: https://framagit.org/kaihuri/mobilizon/-/issues/1842
|
||||
test "impossible to create a new identity with disabled user", %{conn: conn} do
|
||||
user = insert(:user, disabled: true)
|
||||
|
||||
# Login by email/password is impossible for a disabled user
|
||||
# But it is still possible to use a valid token obtained before the ban
|
||||
app_token = insert(:auth_application_token, user: user)
|
||||
|
||||
res =
|
||||
conn
|
||||
|> auth_conn(app_token)
|
||||
|> AbsintheHelpers.graphql_query(
|
||||
query: @create_person_mutation,
|
||||
variables: %{
|
||||
preferredUsername: "new_identity",
|
||||
name: "secret person",
|
||||
summary: "no-one will know who I am"
|
||||
}
|
||||
)
|
||||
|
||||
assert res["data"]["createPerson"] == nil
|
||||
assert hd(res["errors"])["message"] == "user_disabled"
|
||||
end
|
||||
|
||||
test "with an avatar and an banner creates a new identity", %{conn: conn} do
|
||||
user = insert(:user)
|
||||
insert(:actor, user: user)
|
||||
|
||||
Reference in New Issue
Block a user