Andreas/wekan
1
0
Fork 0
mirror of https://github.com/wekan/wekan.git synced 2026-01-21 16:56:11 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

Fix: Impersonate user can now export Excel/CSV/TSV/JSON.

Browse source 
Impersonate user and export Excel/CSV/TSV/JSON is now logged into
database table impersonatedUsers.

Thanks to xet7 !

Fixes #3827,
fixes #3284
This commit is contained in:
Lauri Ojansivu 2021-05-29 00:19:12 +03:00
parent 6be1a33093
commit 3908cd5413
5 changed files with 559 additions and 213 deletions
Download patch file Download diff file Expand all files Collapse all files

505
models/users.js
View file

@ -1,4 +1,5 @@
import { SyncedCron } from 'meteor/percolate:synced-cron';
import ImpersonatedUsers from './impersonatedUsers';
// Sandstorm context is detected using the METEOR_SETTINGS environment variable
// in the package definition.
@ -67,7 +68,9 @@ Users.attachSchema(
if (this.isInsert) {
return new Date();
} else if (this.isUpsert) {
return { $setOnInsert: new Date() };
return {
$setOnInsert: new Date(),
};
} else {
this.unset();
}
@ -350,7 +353,9 @@ Users.attachSchema(
Users.allow({
update(userId, doc) {
const user = Users.findOne({ _id: userId });
const user = Users.findOne({
_id: userId,
});
if ((user && user.isAdmin) || (Meteor.user() && Meteor.user().isAdmin))
return true;
if (!user) {
@ -359,10 +364,18 @@ Users.allow({
return doc._id === userId;
},
remove(userId, doc) {
const adminsNumber = Users.find({ isAdmin: true }).count();
const adminsNumber = Users.find({
isAdmin: true,
}).count();
const { isAdmin } = Users.findOne(
{ _id: userId },
{ fields: { isAdmin: 1 } },
{
_id: userId,
},
{
fields: {
isAdmin: 1,
},
},
);
// Prevents remove of the only one administrator
@ -440,7 +453,7 @@ if (Meteor.isClient) {
});
}
Users.parseImportUsernames = usernamesString => {
Users.parseImportUsernames = (usernamesString) => {
return usernamesString.trim().split(new RegExp('\\s*[,;]\\s*'));
};
@ -454,17 +467,30 @@ Users.helpers({
boards() {
return Boards.find(
{ 'members.userId': this._id },
{ sort: { sort: 1 /* boards default sorting */ } },
{
'members.userId': this._id,
},
{
sort: {
sort: 1 /* boards default sorting */,
},
},
);
},
starredBoards() {
const { starredBoards = [] } = this.profile || {};
return Boards.find(
{ archived: false, _id: { $in: starredBoards } },
{
sort: { sort: 1 /* boards default sorting */ },
archived: false,
_id: {
$in: starredBoards,
},
},
{
sort: {
sort: 1 /* boards default sorting */,
},
},
);
},
@ -477,9 +503,16 @@ Users.helpers({
invitedBoards() {
const { invitedBoards = [] } = this.profile || {};
return Boards.find(
{ archived: false, _id: { $in: invitedBoards } },
{
sort: { sort: 1 /* boards default sorting */ },
archived: false,
_id: {
$in: invitedBoards,
},
},
{
sort: {
sort: 1 /* boards default sorting */,
},
},
);
},
@ -611,7 +644,9 @@ Users.helpers({
},
remove() {
User.remove({ _id: this._id });
User.remove({
_id: this._id,
});
},
});
@ -714,7 +749,9 @@ Users.mutations({
addNotification(activityId) {
return {
$addToSet: {
'profile.notifications': { activity: activityId },
'profile.notifications': {
activity: activityId,
},
},
};
},
@ -722,7 +759,9 @@ Users.mutations({
removeNotification(activityId) {
return {
$pull: {
'profile.notifications': { activity: activityId },
'profile.notifications': {
activity: activityId,
},
},
};
},
@ -744,15 +783,27 @@ Users.mutations({
},
setAvatarUrl(avatarUrl) {
return { $set: { 'profile.avatarUrl': avatarUrl } };
return {
$set: {
'profile.avatarUrl': avatarUrl,
},
};
},
setShowCardsCountAt(limit) {
return { $set: { 'profile.showCardsCountAt': limit } };
return {
$set: {
'profile.showCardsCountAt': limit,
},
};
},
setStartDayOfWeek(startDay) {
return { $set: { 'profile.startDayOfWeek': startDay } };
return {
$set: {
'profile.startDayOfWeek': startDay,
},
};
},
setBoardView(view) {
@ -801,15 +852,33 @@ if (Meteor.isServer) {
if (Meteor.user() && Meteor.user().isAdmin) {
// If setting is missing, add it
Users.update(
{ 'profile.hiddenSystemMessages': { $exists: false } },
{ $set: { 'profile.hiddenSystemMessages': true } },
{ multi: true },
{
'profile.hiddenSystemMessages': {
$exists: false,
},
},
{
$set: {
'profile.hiddenSystemMessages': true,
},
},
{
multi: true,
},
);
// If setting is false, set it to true
Users.update(
{ 'profile.hiddenSystemMessages': false },
{ $set: { 'profile.hiddenSystemMessages': true } },
{ multi: true },
{
'profile.hiddenSystemMessages': false,
},
{
$set: {
'profile.hiddenSystemMessages': true,
},
},
{
multi: true,
},
);
return true;
} else {
@ -836,8 +905,12 @@ if (Meteor.isServer) {
check(email, String);
check(importUsernames, Array);
const nUsersWithUsername = Users.find({ username }).count();
const nUsersWithEmail = Users.find({ email }).count();
const nUsersWithUsername = Users.find({
username,
}).count();
const nUsersWithEmail = Users.find({
email,
}).count();
if (nUsersWithUsername > 0) {
throw new Meteor.Error('username-already-taken');
} else if (nUsersWithEmail > 0) {
@ -851,7 +924,11 @@ if (Meteor.isServer) {
email: email.toLowerCase(),
from: 'admin',
});
const user = Users.findOne(username) || Users.findOne({ username });
const user =
Users.findOne(username) ||
Users.findOne({
username,
});
if (user) {
Users.update(user._id, {
$set: {
@ -868,11 +945,17 @@ if (Meteor.isServer) {
if (Meteor.user() && Meteor.user().isAdmin) {
check(username, String);
check(userId, String);
const nUsersWithUsername = Users.find({ username }).count();
const nUsersWithUsername = Users.find({
username,
}).count();
if (nUsersWithUsername > 0) {
throw new Meteor.Error('username-already-taken');
} else {
Users.update(userId, { $set: { username } });
Users.update(userId, {
$set: {
username,
},
});
}
}
},
@ -883,8 +966,14 @@ if (Meteor.isServer) {
}
check(email, String);
const existingUser = Users.findOne(
{ 'emails.address': email },
{ fields: { _id: 1 } },
{
'emails.address': email,
},
{
fields: {
_id: 1,
},
},
);
if (existingUser) {
throw new Meteor.Error('email-already-taken');
@ -963,7 +1052,9 @@ if (Meteor.isServer) {
board &&
board.members &&
_.contains(_.pluck(board.members, 'userId'), inviter._id) &&
_.where(board.members, { userId: inviter._id })[0].isActive;
_.where(board.members, {
userId: inviter._id,
})[0].isActive;
// GitHub issue 2060
//_.where(board.members, { userId: inviter._id })[0].isAdmin;
if (!allowInvite) throw new Meteor.Error('error-board-notAMember');
@ -973,22 +1064,39 @@ if (Meteor.isServer) {
const posAt = username.indexOf('@');
let user = null;
if (posAt >= 0) {
user = Users.findOne({ emails: { $elemMatch: { address: username } } });
user = Users.findOne({
emails: {
$elemMatch: {
address: username,
},
},
});
} else {
user = Users.findOne(username) || Users.findOne({ username });
user =
Users.findOne(username) ||
Users.findOne({
username,
});
}
if (user) {
if (user._id === inviter._id)
throw new Meteor.Error('error-user-notAllowSelf');
} else {
if (posAt <= 0) throw new Meteor.Error('error-user-doesNotExist');
if (Settings.findOne({ disableRegistration: true })) {
if (
Settings.findOne({
disableRegistration: true,
})
) {
throw new Meteor.Error('error-user-notCreated');
}
// Set in lowercase email before creating account
const email = username.toLowerCase();
username = email.substring(0, posAt);
const newUserId = Accounts.createUser({ username, email });
const newUserId = Accounts.createUser({
username,
email,
});
if (!newUserId) throw new Meteor.Error('error-user-notCreated');
// assume new user speak same language with inviter
if (inviter.profile && inviter.profile.language) {
@ -1032,7 +1140,10 @@ if (Meteor.isServer) {
} catch (e) {
throw new Meteor.Error('email-fail', e.message);
}
return { username: user.username, email: user.emails[0].address };
return {
username: user.username,
email: user.emails[0].address,
};
},
impersonate(userId) {
check(userId, String);
@ -1042,8 +1153,16 @@ if (Meteor.isServer) {
if (!Meteor.user().isAdmin)
throw new Meteor.Error(403, 'Permission denied');
ImpersonatedUsers.insert({ adminId: Meteor.user()._id, userId: userId, reason: 'clickedImpersonate' });
this.setUserId(userId);
},
isImpersonated(userId) {
check(userId, String);
const isImpersonated = ImpersonatedUsers.findOne({
userId: userId,
});
return isImpersonated;
},
});
Accounts.onCreateUser((options, user) => {
const userCount = Users.find().count();
@ -1059,7 +1178,12 @@ if (Meteor.isServer) {
}
email = email.toLowerCase();
user.username = user.services.oidc.username;
user.emails = [{ address: email, verified: true }];
user.emails = [
{
address: email,
verified: true,
},
];
const initials = user.services.oidc.fullname
.split(/\s+/)
.reduce((memo, word) => {
@ -1075,7 +1199,14 @@ if (Meteor.isServer) {
// see if any existing user has this email address or username, otherwise create new
const existingUser = Meteor.users.findOne({
$or: [{ 'emails.address': email }, { username: user.username }],
$or: [
{
'emails.address': email,
},
{
username: user.username,
},
],
});
if (!existingUser) return user;
@ -1087,8 +1218,12 @@ if (Meteor.isServer) {
existingUser.profile = user.profile;
existingUser.authenticationMethod = user.authenticationMethod;
Meteor.users.remove({ _id: user._id });
Meteor.users.remove({ _id: existingUser._id }); // is going to be created again
Meteor.users.remove({
_id: user._id,
});
Meteor.users.remove({
_id: existingUser._id,
}); // is going to be created again
return existingUser;
}
@ -1127,13 +1262,17 @@ if (Meteor.isServer) {
"The invitation code doesn't exist",
);
} else {
user.profile = { icode: options.profile.invitationcode };
user.profile = {
icode: options.profile.invitationcode,
};
user.profile.boardView = 'board-view-swimlanes';
// Deletes the invitation code after the user was created successfully.
setTimeout(
Meteor.bindEnvironment(() => {
InvitationCodes.remove({ _id: invitationCode._id });
InvitationCodes.remove({
_id: invitationCode._id,
});
}),
200,
);
@ -1153,7 +1292,7 @@ const addCronJob = _.debounce(
SyncedCron.add({
name: 'notification_cleanup',
schedule: parser => parser.text('every 1 days'),
schedule: (parser) => parser.text('every 1 days'),
job: () => {
for (const user of Users.find()) {
if (!user.profile || !user.profile.notifications) continue;
@ -1178,15 +1317,19 @@ const addCronJob = _.debounce(
if (Meteor.isServer) {
// Let mongoDB ensure username unicity
Meteor.startup(() => {
allowedSortValues.forEach(value => {
allowedSortValues.forEach((value) => {
Lists._collection._ensureIndex(value);
});
Users._collection._ensureIndex({ modifiedAt: -1 });
Users._collection._ensureIndex({
modifiedAt: -1,
});
Users._collection._ensureIndex(
{
username: 1,
},
{ unique: true },
{
unique: true,
},
);
Meteor.defer(() => {
addCronJob();
@ -1215,7 +1358,7 @@ if (Meteor.isServer) {
// counter.
// We need to run this code on the server only, otherwise the incrementation
// will be done twice.
Users.after.update(function(userId, user, fieldNames) {
Users.after.update(function (userId, user, fieldNames) {
// The `starredBoards` list is hosted on the `profile` field. If this
// field hasn't been modificated we don't need to run this hook.
if (!_.contains(fieldNames, 'profile')) return;
@ -1233,8 +1376,12 @@ if (Meteor.isServer) {
// b. We use it to find deleted and newly inserted ids by using it in one
// direction and then in the other.
function incrementBoards(boardsIds, inc) {
boardsIds.forEach(boardId => {
Boards.update(boardId, { $inc: { stars: inc } });
boardsIds.forEach((boardId) => {
Boards.update(boardId, {
$inc: {
stars: inc,
},
});
});
}
@ -1258,23 +1405,23 @@ if (Meteor.isServer) {
fakeUserId.withValue(doc._id, () => {
/*
// Insert the Welcome Board
Boards.insert({
title: TAPi18n.__('welcome-board'),
permission: 'private',
}, fakeUser, (err, boardId) => {
// Insert the Welcome Board
Boards.insert({
title: TAPi18n.__('welcome-board'),
permission: 'private',
}, fakeUser, (err, boardId) => {
Swimlanes.insert({
title: TAPi18n.__('welcome-swimlane'),
boardId,
sort: 1,
}, fakeUser);
Swimlanes.insert({
title: TAPi18n.__('welcome-swimlane'),
boardId,
sort: 1,
}, fakeUser);
['welcome-list1', 'welcome-list2'].forEach((title, titleIndex) => {
Lists.insert({title: TAPi18n.__(title), boardId, sort: titleIndex}, fakeUser);
});
});
*/
['welcome-list1', 'welcome-list2'].forEach((title, titleIndex) => {
Lists.insert({title: TAPi18n.__(title), boardId, sort: titleIndex}, fakeUser);
});
});
*/
const Future = require('fibers/future');
const future1 = new Future();
@ -1290,7 +1437,9 @@ if (Meteor.isServer) {
(err, boardId) => {
// Insert the reference to our templates board
Users.update(fakeUserId.get(), {
$set: { 'profile.templatesBoardId': boardId },
$set: {
'profile.templatesBoardId': boardId,
},
});
// Insert the card templates swimlane
@ -1305,7 +1454,9 @@ if (Meteor.isServer) {
(err, swimlaneId) => {
// Insert the reference to out card templates swimlane
Users.update(fakeUserId.get(), {
$set: { 'profile.cardTemplatesSwimlaneId': swimlaneId },
$set: {
'profile.cardTemplatesSwimlaneId': swimlaneId,
},
});
future1.return();
},
@ -1323,7 +1474,9 @@ if (Meteor.isServer) {
(err, swimlaneId) => {
// Insert the reference to out list templates swimlane
Users.update(fakeUserId.get(), {
$set: { 'profile.listTemplatesSwimlaneId': swimlaneId },
$set: {
'profile.listTemplatesSwimlaneId': swimlaneId,
},
});
future2.return();
},
@ -1341,7 +1494,9 @@ if (Meteor.isServer) {
(err, swimlaneId) => {
// Insert the reference to out board templates swimlane
Users.update(fakeUserId.get(), {
$set: { 'profile.boardTemplatesSwimlaneId': swimlaneId },
$set: {
'profile.boardTemplatesSwimlaneId': swimlaneId,
},
});
future3.return();
},
@ -1358,7 +1513,9 @@ if (Meteor.isServer) {
Users.after.insert((userId, doc) => {
// HACK
doc = Users.findOne({ _id: doc._id });
doc = Users.findOne({
_id: doc._id,
});
if (doc.createdThroughApi) {
// The admin user should be able to create a user despite disabling registration because
// it is two different things (registration and creation).
@ -1366,7 +1523,11 @@ if (Meteor.isServer) {
// the disableRegistration check.
// Issue : https://github.com/wekan/wekan/issues/1232
// PR : https://github.com/wekan/wekan/pull/1251
Users.update(doc._id, { $set: { createdThroughApi: '' } });
Users.update(doc._id, {
$set: {
createdThroughApi: '',
},
});
return;
}
@ -1382,7 +1543,7 @@ if (Meteor.isServer) {
if (!invitationCode) {
throw new Meteor.Error('error-invitation-code-not-exist');
} else {
invitationCode.boardsToBeInvited.forEach(boardId => {
invitationCode.boardsToBeInvited.forEach((boardId) => {
const board = Boards.findOne(boardId);
board.addMember(doc._id);
});
@ -1390,8 +1551,16 @@ if (Meteor.isServer) {
doc.profile = {};
}
doc.profile.invitedBoards = invitationCode.boardsToBeInvited;
Users.update(doc._id, { $set: { profile: doc.profile } });
InvitationCodes.update(invitationCode._id, { $set: { valid: false } });
Users.update(doc._id, {
$set: {
profile: doc.profile,
},
});
InvitationCodes.update(invitationCode._id, {
$set: {
valid: false,
},
});
}
}
});
@ -1400,12 +1569,14 @@ if (Meteor.isServer) {
// USERS REST API
if (Meteor.isServer) {
// Middleware which checks that API is enabled.
JsonRoutes.Middleware.use(function(req, res, next) {
JsonRoutes.Middleware.use(function (req, res, next) {
const api = req.url.startsWith('/api');
if ((api === true && process.env.WITH_API === 'true') || api === false) {
return next();
} else {
res.writeHead(301, { Location: '/' });
res.writeHead(301, {
Location: '/',
});
return res.end();
}
});
@ -1416,10 +1587,12 @@ if (Meteor.isServer) {
* @summary returns the current user
* @return_type Users
*/
JsonRoutes.add('GET', '/api/user', function(req, res) {
JsonRoutes.add('GET', '/api/user', function (req, res) {
try {
Authentication.checkLoggedIn(req.userId);
const data = Meteor.users.findOne({ _id: req.userId });
const data = Meteor.users.findOne({
_id: req.userId,
});
delete data.services;
// get all boards where the user is member of
@ -1429,11 +1602,14 @@ if (Meteor.isServer) {
'members.userId': req.userId,
},
{
fields: { _id: 1, members: 1 },
fields: {
_id: 1,
members: 1,
},
},
);
boards = boards.map(b => {
const u = b.members.find(m => m.userId === req.userId);
boards = boards.map((b) => {
const u = b.members.find((m) => m.userId === req.userId);
delete u.userId;
u.boardId = b._id;
return u;
@ -1461,13 +1637,16 @@ if (Meteor.isServer) {
* @return_type [{ _id: string,
* username: string}]
*/
JsonRoutes.add('GET', '/api/users', function(req, res) {
JsonRoutes.add('GET', '/api/users', function (req, res) {
try {
Authentication.checkUserId(req.userId);
JsonRoutes.sendResult(res, {
code: 200,
data: Meteor.users.find({}).map(function(doc) {
return { _id: doc._id, username: doc.username };
data: Meteor.users.find({}).map(function (doc) {
return {
_id: doc._id,
username: doc.username,
};
}),
});
} catch (error) {
@ -1488,13 +1667,17 @@ if (Meteor.isServer) {
* @param {string} userId the user ID or username
* @return_type Users
*/
JsonRoutes.add('GET', '/api/users/:userId', function(req, res) {
JsonRoutes.add('GET', '/api/users/:userId', function (req, res) {
try {
Authentication.checkUserId(req.userId);
let id = req.params.userId;
let user = Meteor.users.findOne({ _id: id });
let user = Meteor.users.findOne({
_id: id,
});
if (!user) {
user = Meteor.users.findOne({ username: id });
user = Meteor.users.findOne({
username: id,
});
id = user._id;
}
@ -1505,11 +1688,14 @@ if (Meteor.isServer) {
'members.userId': id,
},
{
fields: { _id: 1, members: 1 },
fields: {
_id: 1,
members: 1,
},
},
);
boards = boards.map(b => {
const u = b.members.find(m => m.userId === id);
boards = boards.map((b) => {
const u = b.members.find((m) => m.userId === id);
delete u.userId;
u.boardId = b._id;
return u;
@ -1545,12 +1731,14 @@ if (Meteor.isServer) {
* @return_type {_id: string,
* title: string}
*/
JsonRoutes.add('PUT', '/api/users/:userId', function(req, res) {
JsonRoutes.add('PUT', '/api/users/:userId', function (req, res) {
try {
Authentication.checkUserId(req.userId);
const id = req.params.userId;
const action = req.body.action;
let data = Meteor.users.findOne({ _id: id });
let data = Meteor.users.findOne({
_id: id,
});
if (data !== undefined) {
if (action === 'takeOwnership') {
data = Boards.find(
@ -1558,8 +1746,12 @@ if (Meteor.isServer) {
'members.userId': id,
'members.isAdmin': true,
},
{ sort: { sort: 1 /* boards default sorting */ } },
).map(function(board) {
{
sort: {
sort: 1 /* boards default sorting */,
},
},
).map(function (board) {
if (board.hasMember(req.userId)) {
board.removeMember(req.userId);
}
@ -1572,7 +1764,9 @@ if (Meteor.isServer) {
} else {
if (action === 'disableLogin' && id !== req.userId) {
Users.update(
{ _id: id },
{
_id: id,
},
{
$set: {
loginDisabled: true,
@ -1581,9 +1775,20 @@ if (Meteor.isServer) {
},
);
} else if (action === 'enableLogin') {
Users.update({ _id: id }, { $set: { loginDisabled: '' } });
Users.update(
{
_id: id,
},
{
$set: {
loginDisabled: '',
},
},
);
}
data = Meteor.users.findOne({ _id: id });
data = Meteor.users.findOne({
_id: id,
});
}
}
JsonRoutes.sendResult(res, {
@ -1617,53 +1822,57 @@ if (Meteor.isServer) {
* @return_type {_id: string,
* title: string}
*/
JsonRoutes.add('POST', '/api/boards/:boardId/members/:userId/add', function(
req,
res,
) {
try {
Authentication.checkUserId(req.userId);
const userId = req.params.userId;
const boardId = req.params.boardId;
const action = req.body.action;
const { isAdmin, isNoComments, isCommentOnly } = req.body;
let data = Meteor.users.findOne({ _id: userId });
if (data !== undefined) {
if (action === 'add') {
data = Boards.find({
_id: boardId,
}).map(function(board) {
if (!board.hasMember(userId)) {
board.addMember(userId);
function isTrue(data) {
return data.toLowerCase() === 'true';
JsonRoutes.add(
'POST',
'/api/boards/:boardId/members/:userId/add',
function (req, res) {
try {
Authentication.checkUserId(req.userId);
const userId = req.params.userId;
const boardId = req.params.boardId;
const action = req.body.action;
const { isAdmin, isNoComments, isCommentOnly } = req.body;
let data = Meteor.users.findOne({
_id: userId,
});
if (data !== undefined) {
if (action === 'add') {
data = Boards.find({
_id: boardId,
}).map(function (board) {
if (!board.hasMember(userId)) {
board.addMember(userId);
function isTrue(data) {
return data.toLowerCase() === 'true';
}
board.setMemberPermission(
userId,
isTrue(isAdmin),
isTrue(isNoComments),
isTrue(isCommentOnly),
userId,
);
}
board.setMemberPermission(
userId,
isTrue(isAdmin),
isTrue(isNoComments),
isTrue(isCommentOnly),
userId,
);
}
return {
_id: board._id,
title: board.title,
};
});
return {
_id: board._id,
title: board.title,
};
});
}
}
JsonRoutes.sendResult(res, {
code: 200,
data: query,
});
} catch (error) {
JsonRoutes.sendResult(res, {
code: 200,
data: error,
});
}
JsonRoutes.sendResult(res, {
code: 200,
data: query,
});
} catch (error) {
JsonRoutes.sendResult(res, {
code: 200,
data: error,
});
}
});
},
);
/**
* @operation remove_board_member
@ -1682,18 +1891,20 @@ if (Meteor.isServer) {
JsonRoutes.add(
'POST',
'/api/boards/:boardId/members/:userId/remove',
function(req, res) {
function (req, res) {
try {
Authentication.checkUserId(req.userId);
const userId = req.params.userId;
const boardId = req.params.boardId;
const action = req.body.action;
let data = Meteor.users.findOne({ _id: userId });
let data = Meteor.users.findOne({
_id: userId,
});
if (data !== undefined) {
if (action === 'remove') {
data = Boards.find({
_id: boardId,
}).map(function(board) {
}).map(function (board) {
if (board.hasMember(userId)) {
board.removeMember(userId);
}
@ -1729,7 +1940,7 @@ if (Meteor.isServer) {
* @param {string} password the password of the new user
* @return_type {_id: string}
*/
JsonRoutes.add('POST', '/api/users/', function(req, res) {
JsonRoutes.add('POST', '/api/users/', function (req, res) {
try {
Authentication.checkUserId(req.userId);
const id = Accounts.createUser({
@ -1762,7 +1973,7 @@ if (Meteor.isServer) {
* @param {string} userId the ID of the user to delete
* @return_type {_id: string}
*/
JsonRoutes.add('DELETE', '/api/users/:userId', function(req, res) {
JsonRoutes.add('DELETE', '/api/users/:userId', function (req, res) {
try {
Authentication.checkUserId(req.userId);
const id = req.params.userId;
@ -1800,7 +2011,7 @@ if (Meteor.isServer) {
* @param {string} userId the ID of the user to create token for.
* @return_type {_id: string}
*/
JsonRoutes.add('POST', '/api/createtoken/:userId', function(req, res) {
JsonRoutes.add('POST', '/api/createtoken/:userId', function (req, res) {
try {
Authentication.checkUserId(req.userId);
const id = req.params.userId;