fix(api): exempt bots from being considered unclaimed users (#45)

fluxer_api/src/user/controllers/UserAccountController.ts

@@ -90,7 +90,7 @@ const requiresSensitiveUserVerification = (
 	data: UserUpdateRequest,
 	emailTokenProvided: boolean,
 ): boolean => {
-	const isUnclaimed = !user.passwordHash;
+	const isUnclaimed = user.isUnclaimedAccount();
 	const usernameChanged = data.username !== undefined && data.username !== user.username;
 	const discriminatorChanged = data.discriminator !== undefined && data.discriminator !== user.discriminator;
 	const emailChanged = data.email !== undefined && data.email !== user.email;
@@ -204,7 +204,7 @@ export const UserAccountController = (app: HonoApp) => {
 				throw InputValidationError.create('email', 'Email must be changed via email_token');
 			}
 			const emailTokenProvided = emailToken !== undefined;
-			const isUnclaimed = !user.passwordHash;
+			const isUnclaimed = user.isUnclaimedAccount();
 			if (isUnclaimed) {
 				const {username: _ignoredUsername, discriminator: _ignoredDiscriminator, ...rest} = userUpdateData;
 				userUpdateData = rest;

fluxer_api/src/user/services/EmailChangeService.ts

@@ -60,7 +60,7 @@ export class EmailChangeService {
 	) {}
 
 	async start(user: User): Promise<StartEmailChangeResult> {
-		const isUnclaimed = !user.passwordHash;
+		const isUnclaimed = user.isUnclaimedAccount();
 		const hasEmail = !!user.email;
 		if (!hasEmail && !isUnclaimed) {
 			throw InputValidationError.create('email', 'You must have an email to change it.');

fluxer_api/src/user/services/UserAccountSecurityService.ts

@@ -60,7 +60,7 @@ export class UserAccountSecurityService {
 			invalidateAuthSessions: false,
 		};
 
-		const isUnclaimedAccount = !user.passwordHash;
+		const isUnclaimedAccount = user.isUnclaimedAccount();
 		const identityVerifiedViaSudo = sudoContext?.method === 'mfa' || sudoContext?.method === 'sudo_token';
 		const identityVerifiedViaPassword = sudoContext?.method === 'password';
 		const hasMfa = userHasMfa(user);

fluxer_api/src/user/services/UserChannelService.ts

@@ -480,17 +480,12 @@ export class UserChannelService {
 		}
 	}
 
-	private async validateDmPermission(userId: UserID, recipientId: UserID, recipientUser?: User | null): Promise<void> {
+	private async validateDmPermission(userId: UserID, recipientId: UserID, _recipientUser?: User | null): Promise<void> {
 		const senderUser = await this.userAccountRepository.findUnique(userId);
-		if (senderUser && !senderUser.passwordHash && !senderUser.isBot) {
+		if (senderUser && senderUser.isUnclaimedAccount()) {
 			throw new UnclaimedAccountRestrictedError('send direct messages');
 		}
 
-		const resolvedRecipient = recipientUser ?? (await this.userAccountRepository.findUnique(recipientId));
-		if (resolvedRecipient && !resolvedRecipient.passwordHash && !resolvedRecipient.isBot) {
-			throw new UnclaimedAccountRestrictedError('receive direct messages');
-		}
-
 		const userBlockedRecipient = await this.userRelationshipRepository.getRelationship(
 			userId,
 			recipientId,

fluxer_api/src/user/services/UserContentService.ts

@@ -121,7 +121,7 @@ export class UserContentService {
 			throw new UnknownUserError();
 		}
 
-		if (!user.passwordHash && !user.isBot) {
+		if (user.isUnclaimedAccount()) {
 			throw new UnclaimedAccountRestrictedError('create beta codes');
 		}
 

fluxer_api/src/user/services/UserRelationshipService.ts

@@ -137,7 +137,7 @@ export class UserRelationshipService {
 		requestCache: RequestCache;
 	}): Promise<Relationship> {
 		const user = await this.userAccountRepository.findUnique(userId);
-		if (user && !user.passwordHash) {
+		if (user && user.isUnclaimedAccount()) {
 			throw new UnclaimedAccountRestrictedError('accept friend requests');
 		}
 
@@ -341,7 +341,7 @@ export class UserRelationshipService {
 		}
 
 		const requesterUser = await this.userAccountRepository.findUnique(userId);
-		if (requesterUser && !requesterUser.passwordHash) {
+		if (requesterUser && requesterUser.isUnclaimedAccount()) {
 			throw new UnclaimedAccountRestrictedError('send friend requests');
 		}