fix: various fixes to sentry-reported errors and more
This commit is contained in:
Hampus Kraft
@@ -155,7 +155,7 @@ export function mapUserToPrivateResponse(user: User): UserPrivateResponse {
|
||||
|
||||
return {
|
||||
...partialResponse,
|
||||
flags: Number((user.flags ?? 0n) & PUBLIC_USER_FLAGS_WITHOUT_STAFF),
|
||||
flags: mapUserFlagsToPublicBitfield(user),
|
||||
is_staff: isStaff,
|
||||
acls: Array.from(user.acls),
|
||||
traits,
|
||||
|
||||
@@ -127,9 +127,6 @@ export class UserDataRepository {
|
||||
|
||||
const result = await executeVersionedUpdate<UserRow, 'user_id'>(
|
||||
async () => {
|
||||
if (oldData !== undefined) {
|
||||
return oldData;
|
||||
}
|
||||
const user = await this.findUnique(userId);
|
||||
return user?.toRow() ?? null;
|
||||
},
|
||||
@@ -138,6 +135,7 @@ export class UserDataRepository {
|
||||
patch: buildPatchFromData(data, current, USER_COLUMNS, ['user_id']),
|
||||
}),
|
||||
Users,
|
||||
{initialData: oldData},
|
||||
);
|
||||
|
||||
return {finalVersion: result.finalVersion};
|
||||
@@ -146,9 +144,6 @@ export class UserDataRepository {
|
||||
async patchUser(userId: UserID, patch: UserPatch, oldData?: UserRow | null): Promise<{finalVersion: number | null}> {
|
||||
const result = await executeVersionedUpdate<UserRow, 'user_id'>(
|
||||
async () => {
|
||||
if (oldData !== undefined) {
|
||||
return oldData;
|
||||
}
|
||||
const user = await this.findUnique(userId);
|
||||
return user?.toRow() ?? null;
|
||||
},
|
||||
@@ -157,6 +152,7 @@ export class UserDataRepository {
|
||||
patch,
|
||||
}),
|
||||
Users,
|
||||
{initialData: oldData},
|
||||
);
|
||||
|
||||
return {finalVersion: result.finalVersion};
|
||||
|
||||
@@ -0,0 +1,161 @@
|
||||
/*
|
||||
* Copyright (C) 2026 Fluxer Contributors
|
||||
*
|
||||
* This file is part of Fluxer.
|
||||
*
|
||||
* Fluxer is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Fluxer is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import {createTestAccount} from '@fluxer/api/src/auth/tests/AuthTestUtils';
|
||||
import {
|
||||
acceptInvite,
|
||||
createChannel,
|
||||
createChannelInvite,
|
||||
createGuild,
|
||||
} from '@fluxer/api/src/guild/tests/GuildTestUtils';
|
||||
import {ensureSessionStarted, sendMessage} from '@fluxer/api/src/message/tests/MessageTestUtils';
|
||||
import {type ApiTestHarness, createApiTestHarness} from '@fluxer/api/src/test/ApiTestHarness';
|
||||
import {HTTP_STATUS} from '@fluxer/api/src/test/TestConstants';
|
||||
import {createBuilder, createBuilderWithoutAuth} from '@fluxer/api/src/test/TestRequestBuilder';
|
||||
import {
|
||||
deleteAccount,
|
||||
setPendingDeletionAt,
|
||||
triggerDeletionWorker,
|
||||
waitForDeletionCompletion,
|
||||
} from '@fluxer/api/src/user/tests/UserTestUtils';
|
||||
import type {MessageResponse} from '@fluxer/schema/src/domains/message/MessageResponseSchemas';
|
||||
import type {UserPartialResponse} from '@fluxer/schema/src/domains/user/UserResponseSchemas';
|
||||
import {afterEach, beforeEach, describe, expect, test} from 'vitest';
|
||||
|
||||
describe('Account Delete Mention Resolution', () => {
|
||||
let harness: ApiTestHarness;
|
||||
|
||||
beforeEach(async () => {
|
||||
harness = await createApiTestHarness();
|
||||
});
|
||||
|
||||
afterEach(async () => {
|
||||
await harness?.shutdown();
|
||||
});
|
||||
|
||||
test('messages mentioning a deleted user remain readable', async () => {
|
||||
const alice = await createTestAccount(harness);
|
||||
const bob = await createTestAccount(harness);
|
||||
|
||||
const guild = await createGuild(harness, alice.token, 'Mention Test Guild');
|
||||
let channelId = guild.system_channel_id;
|
||||
if (!channelId) {
|
||||
const channel = await createChannel(harness, alice.token, guild.id, 'general');
|
||||
channelId = channel.id;
|
||||
}
|
||||
|
||||
const invite = await createChannelInvite(harness, alice.token, channelId);
|
||||
await acceptInvite(harness, bob.token, invite.code);
|
||||
|
||||
await ensureSessionStarted(harness, alice.token);
|
||||
const mentionMessage = await sendMessage(harness, alice.token, channelId, `Hello <@${bob.userId}>`);
|
||||
expect(mentionMessage.mentions).toBeDefined();
|
||||
expect(mentionMessage.mentions!.length).toBe(1);
|
||||
|
||||
await deleteAccount(harness, bob.token, bob.password);
|
||||
const past = new Date();
|
||||
past.setMinutes(past.getMinutes() - 1);
|
||||
await setPendingDeletionAt(harness, bob.userId, past);
|
||||
await triggerDeletionWorker(harness);
|
||||
await waitForDeletionCompletion(harness, bob.userId);
|
||||
|
||||
await createBuilderWithoutAuth(harness).post('/test/cache-clear').expect(HTTP_STATUS.OK).execute();
|
||||
|
||||
const messages = await createBuilder<Array<MessageResponse>>(harness, alice.token)
|
||||
.get(`/channels/${channelId}/messages?limit=50`)
|
||||
.expect(HTTP_STATUS.OK)
|
||||
.execute();
|
||||
|
||||
const mentionMsg = messages.find((m) => m.id === mentionMessage.id);
|
||||
expect(mentionMsg).toBeDefined();
|
||||
expect(mentionMsg!.mentions).toBeDefined();
|
||||
expect(mentionMsg!.mentions!.length).toBe(1);
|
||||
|
||||
const mention = mentionMsg!.mentions![0];
|
||||
expect(mention.id).toBe(bob.userId);
|
||||
expect(mention.username).toBe('DeletedUser');
|
||||
expect(mention.discriminator).toBe('0000');
|
||||
expect(mention.global_name).toBe('Deleted User');
|
||||
expect(mention.avatar).toBeNull();
|
||||
|
||||
expect(mentionMsg!.author.id).toBe(alice.userId);
|
||||
expect(mentionMsg!.author.username).not.toBe('DeletedUser');
|
||||
}, 60_000);
|
||||
|
||||
test('message author resolution works for users with DELETED flag', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
|
||||
const guild = await createGuild(harness, account.token, 'Author Test Guild');
|
||||
let channelId = guild.system_channel_id;
|
||||
if (!channelId) {
|
||||
const channel = await createChannel(harness, account.token, guild.id, 'general');
|
||||
channelId = channel.id;
|
||||
}
|
||||
|
||||
await ensureSessionStarted(harness, account.token);
|
||||
const sentMessage = await sendMessage(harness, account.token, channelId, 'Hello world');
|
||||
|
||||
const viewer = await createTestAccount(harness);
|
||||
const invite = await createChannelInvite(harness, account.token, channelId);
|
||||
await acceptInvite(harness, viewer.token, invite.code);
|
||||
|
||||
await createBuilderWithoutAuth(harness)
|
||||
.post(`/test/users/${account.userId}/security-flags`)
|
||||
.body({set_flags: ['DELETED']})
|
||||
.expect(HTTP_STATUS.OK)
|
||||
.execute();
|
||||
|
||||
await createBuilderWithoutAuth(harness).post('/test/cache-clear').expect(HTTP_STATUS.OK).execute();
|
||||
|
||||
const messages = await createBuilder<Array<MessageResponse>>(harness, viewer.token)
|
||||
.get(`/channels/${channelId}/messages?limit=50`)
|
||||
.expect(HTTP_STATUS.OK)
|
||||
.execute();
|
||||
|
||||
const msg = messages.find((m) => m.id === sentMessage.id);
|
||||
expect(msg).toBeDefined();
|
||||
expect(msg!.author.username).toBe('DeletedUser');
|
||||
expect(msg!.author.discriminator).toBe('0000');
|
||||
expect(msg!.author.global_name).toBe('Deleted User');
|
||||
expect(msg!.author.avatar).toBeNull();
|
||||
}, 60_000);
|
||||
|
||||
test('direct user lookup returns deleted user fallback for deleted users', async () => {
|
||||
const alice = await createTestAccount(harness);
|
||||
const bob = await createTestAccount(harness);
|
||||
|
||||
await deleteAccount(harness, bob.token, bob.password);
|
||||
const past = new Date();
|
||||
past.setMinutes(past.getMinutes() - 1);
|
||||
await setPendingDeletionAt(harness, bob.userId, past);
|
||||
await triggerDeletionWorker(harness);
|
||||
await waitForDeletionCompletion(harness, bob.userId);
|
||||
|
||||
const user = await createBuilder<UserPartialResponse>(harness, alice.token)
|
||||
.get(`/users/${bob.userId}`)
|
||||
.expect(HTTP_STATUS.OK)
|
||||
.execute();
|
||||
|
||||
expect(user.id).toBe(bob.userId);
|
||||
expect(user.username).toBe('DeletedUser');
|
||||
expect(user.discriminator).toBe('0000');
|
||||
expect(user.global_name).toBe('Deleted User');
|
||||
expect(user.avatar).toBeNull();
|
||||
}, 60_000);
|
||||
});
|
||||
@@ -83,13 +83,24 @@ describe('User Account And Settings', () => {
|
||||
expect(Object.keys(preloadData).length).toBe(0);
|
||||
});
|
||||
|
||||
test('reject getting nonexistent user', async () => {
|
||||
test('nonexistent user returns deleted user fallback', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
|
||||
await createBuilder(harness, account.token)
|
||||
const user = await createBuilder<{
|
||||
id: string;
|
||||
username: string;
|
||||
discriminator: string;
|
||||
global_name: string | null;
|
||||
avatar: string | null;
|
||||
}>(harness, account.token)
|
||||
.get(`/users/${TEST_IDS.NONEXISTENT_USER}`)
|
||||
.expect(HTTP_STATUS.NOT_FOUND)
|
||||
.expect(HTTP_STATUS.OK)
|
||||
.execute();
|
||||
|
||||
expect(user.id).toBe(TEST_IDS.NONEXISTENT_USER);
|
||||
expect(user.username).toBe('DeletedUser');
|
||||
expect(user.discriminator).toBe('0000');
|
||||
expect(user.avatar).toBeNull();
|
||||
});
|
||||
|
||||
test('reject getting nonexistent user profile', async () => {
|
||||
|
||||
131
packages/api/src/user/tests/UserFlagsResponse.test.tsx
Normal file
131
packages/api/src/user/tests/UserFlagsResponse.test.tsx
Normal file
@@ -0,0 +1,131 @@
|
||||
/*
|
||||
* Copyright (C) 2026 Fluxer Contributors
|
||||
*
|
||||
* This file is part of Fluxer.
|
||||
*
|
||||
* Fluxer is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* Fluxer is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with Fluxer. If not, see <https://www.gnu.org/licenses/>.
|
||||
*/
|
||||
|
||||
import {createTestAccount} from '@fluxer/api/src/auth/tests/AuthTestUtils';
|
||||
import {type ApiTestHarness, createApiTestHarness} from '@fluxer/api/src/test/ApiTestHarness';
|
||||
import {HTTP_STATUS} from '@fluxer/api/src/test/TestConstants';
|
||||
import {createBuilder} from '@fluxer/api/src/test/TestRequestBuilder';
|
||||
import {fetchUser, fetchUserMe, updateUserProfile} from '@fluxer/api/src/user/tests/UserTestUtils';
|
||||
import {PublicUserFlags, UserFlags} from '@fluxer/constants/src/UserConstants';
|
||||
import {afterAll, beforeAll, beforeEach, describe, expect, test} from 'vitest';
|
||||
|
||||
async function setUserFlags(harness: ApiTestHarness, userId: string, flags: bigint): Promise<void> {
|
||||
await createBuilder(harness, '')
|
||||
.patch(`/test/users/${userId}/flags`)
|
||||
.body({flags: flags.toString()})
|
||||
.expect(HTTP_STATUS.OK)
|
||||
.execute();
|
||||
}
|
||||
|
||||
describe('User flags in responses', () => {
|
||||
let harness: ApiTestHarness;
|
||||
|
||||
beforeAll(async () => {
|
||||
harness = await createApiTestHarness();
|
||||
});
|
||||
|
||||
afterAll(async () => {
|
||||
await harness?.shutdown();
|
||||
});
|
||||
|
||||
beforeEach(async () => {
|
||||
await harness.reset();
|
||||
});
|
||||
|
||||
test('GET /users/@me preserves staff flag when STAFF_HIDDEN is not set', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
await setUserFlags(harness, account.userId, UserFlags.STAFF);
|
||||
|
||||
const {json} = await fetchUserMe(harness, account.token);
|
||||
expect(json.flags & PublicUserFlags.STAFF).toBe(PublicUserFlags.STAFF);
|
||||
expect(json.is_staff).toBe(true);
|
||||
});
|
||||
|
||||
test('GET /users/@me hides staff flag when STAFF_HIDDEN is set', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
await setUserFlags(harness, account.userId, UserFlags.STAFF | UserFlags.STAFF_HIDDEN);
|
||||
|
||||
const {json} = await fetchUserMe(harness, account.token);
|
||||
expect(json.flags & PublicUserFlags.STAFF).toBe(0);
|
||||
expect(json.is_staff).toBe(true);
|
||||
});
|
||||
|
||||
test('PATCH /users/@me preserves staff flag after profile update', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
await setUserFlags(harness, account.userId, UserFlags.STAFF);
|
||||
|
||||
const {json} = await updateUserProfile(harness, account.token, {
|
||||
bio: 'updated bio',
|
||||
});
|
||||
expect(json.flags & PublicUserFlags.STAFF).toBe(PublicUserFlags.STAFF);
|
||||
expect(json.is_staff).toBe(true);
|
||||
});
|
||||
|
||||
test('PATCH /users/@me preserves staff flag with STAFF_HIDDEN after profile update', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
await setUserFlags(harness, account.userId, UserFlags.STAFF | UserFlags.STAFF_HIDDEN);
|
||||
|
||||
const {json} = await updateUserProfile(harness, account.token, {
|
||||
bio: 'updated bio',
|
||||
});
|
||||
expect(json.flags & PublicUserFlags.STAFF).toBe(0);
|
||||
expect(json.is_staff).toBe(true);
|
||||
});
|
||||
|
||||
test('GET /users/:id returns staff flag in partial response', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
const viewer = await createTestAccount(harness);
|
||||
await setUserFlags(harness, account.userId, UserFlags.STAFF);
|
||||
|
||||
const {json} = await fetchUser(harness, account.userId, viewer.token);
|
||||
expect(json.flags & PublicUserFlags.STAFF).toBe(PublicUserFlags.STAFF);
|
||||
});
|
||||
|
||||
test('GET /users/:id hides staff flag when STAFF_HIDDEN is set', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
const viewer = await createTestAccount(harness);
|
||||
await setUserFlags(harness, account.userId, UserFlags.STAFF | UserFlags.STAFF_HIDDEN);
|
||||
|
||||
const {json} = await fetchUser(harness, account.userId, viewer.token);
|
||||
expect(json.flags & PublicUserFlags.STAFF).toBe(0);
|
||||
});
|
||||
|
||||
test('non-staff user has flags 0', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
|
||||
const {json} = await fetchUserMe(harness, account.token);
|
||||
expect(json.flags).toBe(0);
|
||||
expect(json.is_staff).toBe(false);
|
||||
});
|
||||
|
||||
test('PATCH /users/@me does not leak internal flags', async () => {
|
||||
const account = await createTestAccount(harness);
|
||||
await setUserFlags(harness, account.userId, UserFlags.STAFF | UserFlags.HIGH_GLOBAL_RATE_LIMIT);
|
||||
|
||||
const {json: me} = await fetchUserMe(harness, account.token);
|
||||
expect(me.flags & PublicUserFlags.STAFF).toBe(PublicUserFlags.STAFF);
|
||||
expect(me.flags & Number(UserFlags.HIGH_GLOBAL_RATE_LIMIT)).toBe(0);
|
||||
|
||||
const updated = await updateUserProfile(harness, account.token, {
|
||||
bio: 'checking internal flags',
|
||||
});
|
||||
expect(updated.json.flags & PublicUserFlags.STAFF).toBe(PublicUserFlags.STAFF);
|
||||
expect(updated.json.flags & Number(UserFlags.HIGH_GLOBAL_RATE_LIMIT)).toBe(0);
|
||||
});
|
||||
});
|
||||
Reference in New Issue
Block a user