From 016f6bf91a515272de01792a508d23314e6d7548 Mon Sep 17 00:00:00 2001
From: HF <hf@pixelplanet.fun>
Date: Sat, 18 Mar 2023 18:14:49 +0100
Subject: [PATCH] temporarily disallow muted users from deleting their accounts
 or changing mail

---
 src/routes/api/auth/change_mail.js    | 10 ++++++++++
 src/routes/api/auth/delete_account.js | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/src/routes/api/auth/change_mail.js b/src/routes/api/auth/change_mail.js
index 7f0a0d3..d2ef171 100644
--- a/src/routes/api/auth/change_mail.js
+++ b/src/routes/api/auth/change_mail.js
@@ -7,6 +7,7 @@ import mailProvider from '../../../core/MailProvider';
 import { validatePassword, validateEMail } from '../../../utils/validation';
 import { getHostFromRequest } from '../../../utils/ip';
 import { compareToHash } from '../../../utils/hash';
+import { checkIfMuted } from '../../../data/redis/chat';
 import { checkIfMailDisposable } from '../../../core/isAllowed';
 
 async function validate(email, password, t, gettext) {
@@ -54,6 +55,15 @@ export default async (req, res) => {
     return;
   }
 
+  const mutedTtl = await checkIfMuted(user.id);
+  if (mutedTtl !== -2) {
+    res.status(403);
+    res.json({
+      errors: [t`Muted users can not do this.`],
+    });
+    return;
+  }
+
   await user.regUser.update({
     email,
     mailVerified: false,
diff --git a/src/routes/api/auth/delete_account.js b/src/routes/api/auth/delete_account.js
index af86b30..6e871b1 100644
--- a/src/routes/api/auth/delete_account.js
+++ b/src/routes/api/auth/delete_account.js
@@ -5,6 +5,7 @@
 import socketEvents from '../../../socket/socketEvents';
 import { RegUser } from '../../../data/sql';
 import { validatePassword } from '../../../utils/validation';
+import { checkIfMuted } from '../../../data/redis/chat';
 import { compareToHash } from '../../../utils/hash';
 
 function validate(password, gettext) {
@@ -38,6 +39,15 @@ export default async (req, res) => {
   }
   const { id, name } = user;
 
+  const mutedTtl = await checkIfMuted(id);
+  if (mutedTtl !== -2) {
+    res.status(403);
+    res.json({
+      errors: [t`Muted users can not delete their account.`],
+    });
+    return;
+  }
+
   const currentPassword = user.regUser.password;
   if (!currentPassword || !compareToHash(password, currentPassword)) {
     res.status(400);