settings for user

- enable federation for users

server/api/controller/user.js

@@ -13,7 +13,12 @@ const federation = require('../../federation/helpers')
 const userController = {
   async login(req, res) {
     // find the user
-    const user = await User.findOne({ where: { email: { [Op.eq]: req.body && req.body.email } } })
+    const user = await User.findOne({ where: {
+      [Op.or]: [ 
+        { email: req.body.email },
+        { username: req.body.email }
+      ]
+    } })
     if (!user) {
       res.status(403).json({ success: false, message: 'auth.fail' })
     } else if (user) {
@@ -39,12 +44,6 @@ const userController = {
     }
   },
 
-  async setToken(req, res) {
-    req.user.mastodon_auth = req.body
-    await req.user.save()
-    res.json(req.user)
-  },
-
   async delEvent(req, res) {
     const event = await Event.findByPk(req.params.id)
     // check if event is mine (or user is admin)
@@ -222,16 +221,27 @@ const userController = {
   },
 
   async update(req, res) {
-    const user = await User.findByPk(req.body.id)
-    if (user) {
-      if (!user.is_active && req.body.is_active && user.recover_code) {
-        mail.send(user.email, 'confirm', { user, config })
-      }
-      await user.update(req.body)
-      res.json(user)
-    } else {
-      res.sendStatus(400)
+    // user to modify
+    user = await User.findByPk(req.body.id)
+
+    if (!user) return res.status(404).json({ success: false, message: 'User not found!' })
+
+    if (req.body.id !== req.user.id && !req.user.is_admin) {
+      return res.status(400).json({ succes: false, message: 'Not allowed' })
     }
+
+    // ensure username to not change if not empty
+    req.body.username = user.username ? user.username : req.body.username 
+
+    if (!req.body.password)
+      delete req.body.password
+
+    await user.update(req.body)
+
+    if (!user.is_active && req.body.is_active && user.recover_code) {
+      mail.send(user.email, 'confirm', { user, config })
+    }
+    res.json(user)
   },
 
 

server/api/index.js

@@ -44,8 +44,8 @@ api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)
 api.post('/user/register', userController.register)
 api.post('/user', jwt, isAuth, isAdmin, userController.create)
 
-// update user (disable/)
-api.put('/user', jwt, isAuth, isAdmin, userController.update)
+// update user
+api.put('/user', jwt, isAuth, userController.update)
 
 //delete user
 api.delete('/user/:id', jwt, isAuth, isAdmin, userController.remove)

server/api/models/user.js

@@ -2,6 +2,7 @@
 const bcrypt = require('bcryptjs')
 const crypto = require('crypto')
 const util = require('util')
+const debug = require('debug')('model:user')
 
 const generateKeyPair = util.promisify(crypto.generateKeyPair)
 
@@ -14,6 +15,7 @@ module.exports = (sequelize, DataTypes) => {
       allowNull: false
     },
     display_name: DataTypes.STRING,
+    settings: DataTypes.JSON,
     email: {
       type: DataTypes.STRING,
       unique:  { msg: 'error.email_taken' },
@@ -51,6 +53,7 @@ module.exports = (sequelize, DataTypes) => {
 
   user.beforeSave(async (user, options) => {
     if (user.changed('password')) {
+      debug('Password for %s modified', user.username)
       const salt = await bcrypt.genSalt(10)
       const hash = await bcrypt.hash(user.password, salt)
       user.password = hash
@@ -58,6 +61,7 @@ module.exports = (sequelize, DataTypes) => {
   })
 
   user.beforeCreate(async (user, options) => {
+    debug('Create a new user => %s', user.username)
     // generate rsa keys
     const rsa = await generateKeyPair('rsa', {
       modulusLength: 4096,