magmaus3/continuwuity
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

don't allow non-local users to have their creds modified in Deactivate admin cmds

Browse source 
Signed-off-by: strawberry <strawberry@puppygock.gay>
This commit is contained in:
strawberry 2024-01-13 21:13:45 -05:00 committed by June
parent edd74efbf2
commit c70ce49ec0
1 changed files with 20 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

20
src/service/admin/mod.rs
View file

@ -627,6 +627,14 @@ impl Service {
user_id, user_id,
} => { } => {
let user_id = Arc::<UserId>::from(user_id); let user_id = Arc::<UserId>::from(user_id);
// check if user belongs to our server
if user_id.server_name() != services().globals.server_name() {
return Ok(RoomMessageEventContent::text_plain(format!(
"User {user_id} does not belong to our server."
)));
}
if services().users.exists(&user_id)? { if services().users.exists(&user_id)? {
RoomMessageEventContent::text_plain(format!( RoomMessageEventContent::text_plain(format!(
"Making {user_id} leave all rooms before deactivation..." "Making {user_id} leave all rooms before deactivation..."
@ -660,6 +668,13 @@ impl Service {
} }
}; };
// check if user belongs to our server
if user_id.server_name() != services().globals.server_name() {
return Ok(RoomMessageEventContent::text_plain(format!(
"User {user_id} does not belong to our server."
)));
}
// Check if the specified user is valid // Check if the specified user is valid
if !services().users.exists(&user_id)? if !services().users.exists(&user_id)?
|| user_id || user_id
@ -725,6 +740,11 @@ impl Service {
} }
for &user_id in &user_ids { for &user_id in &user_ids {
// check if user belongs to our server and skips over non-local users
if user_id.server_name() != services().globals.server_name() {
continue;
}
if services().users.deactivate_account(user_id).is_ok() { if services().users.deactivate_account(user_id).is_ok() {
deactivation_count += 1 deactivation_count += 1
} }