Add missing audit log if the user deletes its account

2021-01-04 09:54:48 +01:00 · 2021-01-04 09:54:48 +01:00 · 2dbc170da3
parent afd4ee86dd
commit 2dbc170da3
3 changed files with 11 additions and 4 deletions
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@ -305,10 +305,10 @@ async function listUsers (req: express.Request, res: express.Response) {
 async function removeUser (req: express.Request, res: express.Response) {
  const user = res.locals.user

-  await user.destroy()
-
  auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))

+  await user.destroy()
+
  Hooks.runAction('action:api.user.deleted', { user })

  return res.sendStatus(HttpStatusCode.NO_CONTENT_204)
--- a/server/controllers/api/users/me.ts
+++ b/server/controllers/api/users/me.ts
@ -1,6 +1,8 @@
 import 'multer'
 import * as express from 'express'
+import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '@server/helpers/audit-logger'
 import { UserUpdateMe, UserVideoRate as FormattedUserVideoRate, VideoSortField } from '../../../../shared'
+import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
 import { UserVideoQuota } from '../../../../shared/models/users/user-video-quota.model'
 import { createReqFiles } from '../../../helpers/express-utils'
 import { getFormattedObjects } from '../../../helpers/utils'
@ -28,7 +30,8 @@ import { AccountVideoRateModel } from '../../../models/account/account-video-rat
 import { UserModel } from '../../../models/account/user'
 import { VideoModel } from '../../../models/video/video'
 import { VideoImportModel } from '../../../models/video/video-import'
-import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
+
+const auditLogger = auditLoggerFactory('users')

 const reqAvatarFile = createReqFiles([ 'avatarfile' ], MIMETYPES.IMAGE.MIMETYPE_EXT, { avatarfile: CONFIG.STORAGE.TMP_DIR })

@ -159,7 +162,9 @@ async function getUserVideoRating (req: express.Request, res: express.Response)
 }

 async function deleteMe (req: express.Request, res: express.Response) {
-  const user = res.locals.oauth.token.User
+  const user = await UserModel.loadByIdWithChannels(res.locals.oauth.token.User.id)
+
+  auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))

  await user.destroy()

--- a/server/tests/api/users/users-verification.ts
+++ b/server/tests/api/users/users-verification.ts
@ -104,6 +104,8 @@ describe('Test users account verification', function () {
  })

  it('Should be able to change the user email', async function () {
+    this.timeout(10000)
+
    let updateVerificationString: string

    {