|
|
@ -114,6 +114,32 @@ class UserService { |
|
|
|
} |
|
|
|
|
|
|
|
async update (user, userDefinition) { |
|
|
|
if (!user.flags.canLogin) { |
|
|
|
throw SiteError(403, 'Invalid user account operation'); |
|
|
|
} |
|
|
|
|
|
|
|
// strip characters we don't want to allow in username
|
|
|
|
userDefinition.username = striptags(userDefinition.username.trim().replace(/[^A-Za-z0-9\-_]/gi, '')); |
|
|
|
const username_lc = userDefinition.username.toLowerCase(); |
|
|
|
|
|
|
|
userDefinition.displayName = striptags(userDefinition.displayName.trim()); |
|
|
|
userDefinition.bio = striptags(userDefinition.bio.trim()); |
|
|
|
|
|
|
|
this.log.info('updating user', { userDefinition }); |
|
|
|
await User.updateOne( |
|
|
|
{ _id: user._id }, |
|
|
|
{ |
|
|
|
$set: { |
|
|
|
username: userDefinition.username, |
|
|
|
username_lc, |
|
|
|
displayName: userDefinition.displayName, |
|
|
|
bio: userDefinition.bio, |
|
|
|
}, |
|
|
|
}, |
|
|
|
); |
|
|
|
} |
|
|
|
|
|
|
|
async updateForAdmin (user, userDefinition) { |
|
|
|
// strip characters we don't want to allow in username
|
|
|
|
userDefinition.username = striptags(userDefinition.username.trim().replace(/[^A-Za-z0-9\-_]/gi, '')); |
|
|
|
const username_lc = userDefinition.username.toLowerCase(); |
|
|
|