yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Server error when code is passed as null to users.delete, closes #4070

Browse Source
This commit is contained in:
Tom Moor
2022-09-09 22:10:32 +01:00
parent 54dc0521e5
commit 876803362f
1 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
server/routes/api/users.ts
View File

@@ -416,16 +416,16 @@ router.post(
// If we're attempting to delete our own account then a confirmation code
// is required. This acts as CSRF protection.
if (!id || id === ctx.state.user.id) {
if ((!id || id === ctx.state.user.id) && emailEnabled) {
const deleteConfirmationCode = user.deleteConfirmationCode;
if (
emailEnabled &&
(code.length !== deleteConfirmationCode.length ||
!crypto.timingSafeEqual(
Buffer.from(code),
Buffer.from(deleteConfirmationCode)
))
!code ||
code.length !== deleteConfirmationCode.length ||
!crypto.timingSafeEqual(
Buffer.from(code),
Buffer.from(deleteConfirmationCode)
)
) {
throw ValidationError("The confirmation code was incorrect");
}