feat: Guest email authentication (#1088)

* feat: API endpoints for email signin * fix: After testing * Initial signin flow working * move shared middleware * feat: Add guest signin toggle, obey on endpoints * feat: Basic email signin when enabled * Improve guest signin email Disable double signin with JWT * fix: Simple rate limiting * create placeholder users in db * fix: Give invited users default avatar add invited users to people settings * test * add transaction * tmp: test CI * derp * md5 * urgh * again * test: pass * test * fix: Remove usage of data values * guest signin page * Visually separator 'Invited' from other people tabs * fix: Edge case attempting SSO signin for guest email account * fix: Correctly set email auth method to cookie * Improve rate limit error display * lint: cleanup / comments * Improve invalid token error display * style tweaks * pass guest value to subdomain * Restore copy link option * feat: Allow invite revoke from people management * fix: Incorrect users email schema does not allow for user deletion * lint * fix: avatarUrl for deleted user failure * change default to off for guest invites * fix: Changing security settings wipes subdomain * fix: user delete permissioning * test: Add user.invite specs
2019-12-15 18:46:08 -08:00
parent 5731ff34a4
commit 6d8216c54e
45 changed files with 846 additions and 206 deletions
--- a/server/api/users.js
+++ b/server/api/users.js
@ -254,11 +254,12 @@ router.post('users.invite', auth(), async ctx => {
 });

 router.post('users.delete', auth(), async ctx => {
-  const { confirmation } = ctx.body;
+  const { confirmation, id } = ctx.body;
  ctx.assertPresent(confirmation, 'confirmation is required');

-  const user = ctx.state.user;
-  authorize(user, 'delete', user);
+  let user = ctx.state.user;
+  if (id) user = await User.findByPk(id);
+  authorize(ctx.state.user, 'delete', user);

  try {
    await user.destroy();