temporarily disallow muted users from deleting their accounts or

changing mail

src/routes/api/auth/change_mail.js

@@ -7,6 +7,7 @@ import mailProvider from '../../../core/MailProvider';
 import { validatePassword, validateEMail } from '../../../utils/validation';
 import { getHostFromRequest } from '../../../utils/ip';
 import { compareToHash } from '../../../utils/hash';
+import { checkIfMuted } from '../../../data/redis/chat';
 import { checkIfMailDisposable } from '../../../core/isAllowed';
 
 async function validate(email, password, t, gettext) {
@@ -54,6 +55,15 @@ export default async (req, res) => {
     return;
   }
 
+  const mutedTtl = await checkIfMuted(user.id);
+  if (mutedTtl !== -2) {
+    res.status(403);
+    res.json({
+      errors: [t`Muted users can not do this.`],
+    });
+    return;
+  }
+
   await user.regUser.update({
     email,
     mailVerified: false,

src/routes/api/auth/delete_account.js

@@ -5,6 +5,7 @@
 import socketEvents from '../../../socket/socketEvents';
 import { RegUser } from '../../../data/sql';
 import { validatePassword } from '../../../utils/validation';
+import { checkIfMuted } from '../../../data/redis/chat';
 import { compareToHash } from '../../../utils/hash';
 
 function validate(password, gettext) {
@@ -38,6 +39,15 @@ export default async (req, res) => {
   }
   const { id, name } = user;
 
+  const mutedTtl = await checkIfMuted(id);
+  if (mutedTtl !== -2) {
+    res.status(403);
+    res.json({
+      errors: [t`Muted users can not delete their account.`],
+    });
+    return;
+  }
+
   const currentPassword = user.regUser.password;
   if (!currentPassword || !compareToHash(password, currentPassword)) {
     res.status(400);