Co-authored-by: Nan Yu <thenanyu@users.noreply.github.com>

2022-10-22 23:29:39 -04:00
parent c108a91195 c0a86753bd
commit f6ae32deef
2 changed files with 6 additions and 5 deletions
--- a/package.json
+++ b/package.json
@@ -354,5 +354,5 @@
    "js-yaml": "^3.14.1",
    "jpeg-js": "0.4.4"
  },
-  "version": "0.66.0"
+  "version": "0.66.2"
 }
--- a/server/routes/api/users.ts
+++ b/server/routes/api/users.ts
@@ -416,6 +416,7 @@ router.post(
  rateLimiter(RateLimiterStrategy.TenPerHour),
  async (ctx) => {
    const { id, code = "" } = ctx.request.body;
+    const actor = ctx.state.user;
    let user: User;

    if (id) {
@@ -424,13 +425,13 @@ router.post(
        rejectOnEmpty: true,
      });
    } else {
-      user = ctx.state.user;
+      user = actor;
    }
-    authorize(user, "delete", user);
+    authorize(actor, "delete", user);

    // If we're attempting to delete our own account then a confirmation code
    // is required. This acts as CSRF protection.
-    if ((!id || id === ctx.state.user.id) && emailEnabled) {
+    if ((!id || id === actor.id) && emailEnabled) {
      const deleteConfirmationCode = user.deleteConfirmationCode;

      if (
@@ -447,7 +448,7 @@ router.post(

    await userDestroyer({
      user,
-      actor: user,
+      actor,
      ip: ctx.request.ip,
    });