Massedil
@@ -133,7 +133,7 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
|
|||||||
def create_person(
|
def create_person(
|
||||||
_parent,
|
_parent,
|
||||||
%{preferred_username: _preferred_username} = args,
|
%{preferred_username: _preferred_username} = args,
|
||||||
%{context: %{current_user: user} = context} = _resolution
|
%{context: %{current_user: %{disabled: false} = user} = context} = _resolution
|
||||||
) do
|
) do
|
||||||
args = Map.put(args, :user_id, user.id)
|
args = Map.put(args, :user_id, user.id)
|
||||||
user_agent = Map.get(context, :user_agent, "")
|
user_agent = Map.get(context, :user_agent, "")
|
||||||
@@ -160,6 +160,21 @@ defmodule Mobilizon.GraphQL.Resolvers.Person do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@doc """
|
||||||
|
A logged user that is banned stays logged-in.
|
||||||
|
We need to block the person creation to prevent the user to create new content
|
||||||
|
TODO: Best should be to destroy the session but it seems hard to do with token behaviour.
|
||||||
|
Link: https://framagit.org/kaihuri/mobilizon/-/issues/1842
|
||||||
|
Link: https://framagit.org/kaihuri/mobilizon/-/issues/1842#note_2255364
|
||||||
|
"""
|
||||||
|
def create_person(
|
||||||
|
_parent,
|
||||||
|
%{preferred_username: _preferred_username} = _args,
|
||||||
|
%{context: %{current_user: %{disabled: true} = _user} = _context} = _resolution
|
||||||
|
) do
|
||||||
|
{:error, :user_disabled}
|
||||||
|
end
|
||||||
|
|
||||||
def create_person(_parent, _args, _resolution) do
|
def create_person(_parent, _args, _resolution) do
|
||||||
{:error, :unauthenticated}
|
{:error, :unauthenticated}
|
||||||
end
|
end
|
||||||
|
|||||||
@@ -232,6 +232,30 @@ defmodule Mobilizon.GraphQL.Resolvers.PersonTest do
|
|||||||
MapSet.new([actor.preferred_username, "new_identity"])
|
MapSet.new([actor.preferred_username, "new_identity"])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# Link: https://framagit.org/kaihuri/mobilizon/-/issues/1842
|
||||||
|
test "impossible to create a new identity with disabled user", %{conn: conn} do
|
||||||
|
user = insert(:user, disabled: true)
|
||||||
|
|
||||||
|
# Login by email/password is impossible for a disabled user
|
||||||
|
# But it is still possible to use a valid token obtained before the ban
|
||||||
|
app_token = insert(:auth_application_token, user: user)
|
||||||
|
|
||||||
|
res =
|
||||||
|
conn
|
||||||
|
|> auth_conn(app_token)
|
||||||
|
|> AbsintheHelpers.graphql_query(
|
||||||
|
query: @create_person_mutation,
|
||||||
|
variables: %{
|
||||||
|
preferredUsername: "new_identity",
|
||||||
|
name: "secret person",
|
||||||
|
summary: "no-one will know who I am"
|
||||||
|
}
|
||||||
|
)
|
||||||
|
|
||||||
|
assert res["data"]["createPerson"] == nil
|
||||||
|
assert hd(res["errors"])["message"] == "user_disabled"
|
||||||
|
end
|
||||||
|
|
||||||
test "with an avatar and an banner creates a new identity", %{conn: conn} do
|
test "with an avatar and an banner creates a new identity", %{conn: conn} do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
insert(:actor, user: user)
|
insert(:actor, user: user)
|
||||||
|
|||||||
Reference in New Issue
Block a user