2 files changed, 32 insertions, 41 deletions
diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts
index 07edf3727..8b8ebcd23 100644
--- a/server/controllers/api/users/index.ts
+++ b/server/controllers/api/users/index.ts
@@ -27,13 +27,17 @@ import {
  usersUpdateValidator
 } from '../../../middlewares'
 import {
-  usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator,
+  usersAskResetPasswordValidator,
-  usersAskSendVerifyEmailValidator, usersVerifyEmailValidator
+  usersAskSendVerifyEmailValidator,
+  usersBlockingValidator,
+  usersResetPasswordValidator,
+  usersVerifyEmailValidator
 } from '../../../middlewares/validators'
 import { UserModel } from '../../../models/account/user'
 import { OAuthTokenModel } from '../../../models/oauth/oauth-token'
-import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
+import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
 import { meRouter } from './me'
+import { deleteUserToken } from '../../../lib/oauth-model'
 const auditLogger = auditLoggerFactory('users')
@@ -166,7 +170,7 @@ async function createUser (req: express.Request, res: express.Response) {
  const { user, account } = await createUserAccountAndChannel(userToCreate)
-  auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+  auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
  logger.info('User %s with its channel and account created.', body.username)
  return res.json({
@@ -245,7 +249,7 @@ async function removeUser (req: express.Request, res: express.Response, next: ex
  await user.destroy()
-  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+  auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
  return res.sendStatus(204)
 }
@@ -264,15 +268,9 @@ async function updateUser (req: express.Request, res: express.Response, next: ex
  const user = await userToUpdate.save()
  // Destroy user token to refresh rights
-  if (roleChanged) {
+  if (roleChanged) await deleteUserToken(userToUpdate.id)
-    await OAuthTokenModel.deleteUserToken(userToUpdate.id)
-  }
-  auditLogger.update(
+  auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
-    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
-    new UserAuditView(user.toFormattedJSON()),
-    oldUserAuditView
-  )
  // Don't need to send this update to followers, these attributes are not propagated
@@ -333,16 +331,12 @@ async function changeUserBlock (res: express.Response, user: UserModel, block: b
  user.blockedReason = reason || null
  await sequelizeTypescript.transaction(async t => {
-    await OAuthTokenModel.deleteUserToken(user.id, t)
+    await deleteUserToken(user.id, t)
    await user.save({ transaction: t })
  })
  await Emailer.Instance.addUserBlockJob(user, block, reason)
-  auditLogger.update(
+  auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
-    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
-    new UserAuditView(user.toFormattedJSON()),
-    oldUserAuditView
-  )
 }
diff --git a/server/controllers/api/users/me.ts b/server/controllers/api/users/me.ts
index e886d4b2a..ff3a87b7f 100644
--- a/server/controllers/api/users/me.ts
+++ b/server/controllers/api/users/me.ts
@@ -5,7 +5,8 @@ import { getFormattedObjects } from '../../../helpers/utils'
 import { CONFIG, IMAGE_MIMETYPE_EXT, sequelizeTypescript } from '../../../initializers'
 import { sendUpdateActor } from '../../../lib/activitypub/send'
 import {
-  asyncMiddleware, asyncRetryTransactionMiddleware,
+  asyncMiddleware,
+  asyncRetryTransactionMiddleware,
  authenticate,
  commonVideosFiltersValidator,
  paginationValidator,
@@ -17,11 +18,11 @@ import {
  usersVideoRatingValidator
 } from '../../../middlewares'
 import {
+  areSubscriptionsExistValidator,
  deleteMeValidator,
  userSubscriptionsSortValidator,
  videoImportsSortValidator,
-  videosSortValidator,
+  videosSortValidator
-  areSubscriptionsExistValidator
 } from '../../../middlewares/validators'
 import { AccountVideoRateModel } from '../../../models/account/account-video-rate'
 import { UserModel } from '../../../models/account/user'
@@ -31,12 +32,13 @@ import { buildNSFWFilter, createReqFiles } from '../../../helpers/express-utils'
 import { UserVideoQuota } from '../../../../shared/models/users/user-video-quota.model'
 import { updateAvatarValidator } from '../../../middlewares/validators/avatar'
 import { updateActorAvatarFile } from '../../../lib/avatar'
-import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'
+import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
 import { VideoImportModel } from '../../../models/video/video-import'
 import { VideoFilter } from '../../../../shared/models/videos/video-query.type'
 import { ActorFollowModel } from '../../../models/activitypub/actor-follow'
 import { JobQueue } from '../../../lib/job-queue'
 import { logger } from '../../../helpers/logger'
+import { AccountModel } from '../../../models/account/account'
 const auditLogger = auditLoggerFactory('users-me')
@@ -293,7 +295,7 @@ async function getUserVideoQuotaUsed (req: express.Request, res: express.Respons
 }
 async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
-  const videoId = +req.params.videoId
+  const videoId = res.locals.video.id
  const accountId = +res.locals.oauth.token.User.Account.id
  const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
@@ -311,7 +313,7 @@ async function deleteMe (req: express.Request, res: express.Response) {
  await user.destroy()
-  auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))
+  auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
  return res.sendStatus(204)
 }
@@ -328,19 +330,17 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
  if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo
  await sequelizeTypescript.transaction(async t => {
+    const userAccount = await AccountModel.load(user.Account.id)
    await user.save({ transaction: t })
-    if (body.displayName !== undefined) user.Account.name = body.displayName
+    if (body.displayName !== undefined) userAccount.name = body.displayName
-    if (body.description !== undefined) user.Account.description = body.description
+    if (body.description !== undefined) userAccount.description = body.description
-    await user.Account.save({ transaction: t })
+    await userAccount.save({ transaction: t })
-    await sendUpdateActor(user.Account, t)
+    await sendUpdateActor(userAccount, t)
-    auditLogger.update(
+    auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
-      res.locals.oauth.token.User.Account.Actor.getIdentifier(),
-      new UserAuditView(user.toFormattedJSON()),
-      oldUserAuditView
-    )
  })
  return res.sendStatus(204)
@@ -350,15 +350,12 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next
  const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
  const user: UserModel = res.locals.oauth.token.user
  const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
-  const account = user.Account
-  const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)
+  const userAccount = await AccountModel.load(user.Account.id)
-  auditLogger.update(
+  const avatar = await updateActorAvatarFile(avatarPhysicalFile, userAccount)
-    res.locals.oauth.token.User.Account.Actor.getIdentifier(),
-    new UserAuditView(user.toFormattedJSON()),
+  auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
-    oldUserAuditView
-  )
  return res.json({ avatar: avatar.toFormattedJSON() })
 }

diff --git a/server/controllers/api/users/index.ts b/server/controllers/api/users/index.ts index 07edf3727..8b8ebcd23 100644 --- a/server/controllers/api/users/index.ts +++ b/server/controllers/api/users/index.ts
@@ -27,13 +27,17 @@ import {
27	usersUpdateValidator	27	usersUpdateValidator
28	} from '../../../middlewares'	28	} from '../../../middlewares'
29	import {	29	import {
30	usersAskResetPasswordValidator, usersBlockingValidator, usersResetPasswordValidator,	30	usersAskResetPasswordValidator,
31	usersAskSendVerifyEmailValidator, usersVerifyEmailValidator	31	usersAskSendVerifyEmailValidator,
		32	usersBlockingValidator,
		33	usersResetPasswordValidator,
		34	usersVerifyEmailValidator
32	} from '../../../middlewares/validators'	35	} from '../../../middlewares/validators'
33	import { UserModel } from '../../../models/account/user'	36	import { UserModel } from '../../../models/account/user'
34	import { OAuthTokenModel } from '../../../models/oauth/oauth-token'	37	import { OAuthTokenModel } from '../../../models/oauth/oauth-token'
35	import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'	38	import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
36	import { meRouter } from './me'	39	import { meRouter } from './me'
		40	import { deleteUserToken } from '../../../lib/oauth-model'
37		41
38	const auditLogger = auditLoggerFactory('users')	42	const auditLogger = auditLoggerFactory('users')
39		43
@@ -166,7 +170,7 @@ async function createUser (req: express.Request, res: express.Response) {
166		170
167	const { user, account } = await createUserAccountAndChannel(userToCreate)	171	const { user, account } = await createUserAccountAndChannel(userToCreate)
168		172
169	auditLogger.create(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))	173	auditLogger.create(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
170	logger.info('User %s with its channel and account created.', body.username)	174	logger.info('User %s with its channel and account created.', body.username)
171		175
172	return res.json({	176	return res.json({
@@ -245,7 +249,7 @@ async function removeUser (req: express.Request, res: express.Response, next: ex
245		249
246	await user.destroy()	250	await user.destroy()
247		251
248	auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))	252	auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
249		253
250	return res.sendStatus(204)	254	return res.sendStatus(204)
251	}	255	}
@@ -264,15 +268,9 @@ async function updateUser (req: express.Request, res: express.Response, next: ex
264	const user = await userToUpdate.save()	268	const user = await userToUpdate.save()
265		269
266	// Destroy user token to refresh rights	270	// Destroy user token to refresh rights
267	if (roleChanged) {	271	if (roleChanged) await deleteUserToken(userToUpdate.id)
268	await OAuthTokenModel.deleteUserToken(userToUpdate.id)
269	}
270		272
271	auditLogger.update(	273	auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
272	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
273	new UserAuditView(user.toFormattedJSON()),
274	oldUserAuditView
275	)
276		274
277	// Don't need to send this update to followers, these attributes are not propagated	275	// Don't need to send this update to followers, these attributes are not propagated
278		276
@@ -333,16 +331,12 @@ async function changeUserBlock (res: express.Response, user: UserModel, block: b
333	user.blockedReason = reason \|\| null	331	user.blockedReason = reason \|\| null
334		332
335	await sequelizeTypescript.transaction(async t => {	333	await sequelizeTypescript.transaction(async t => {
336	await OAuthTokenModel.deleteUserToken(user.id, t)	334	await deleteUserToken(user.id, t)
337		335
338	await user.save({ transaction: t })	336	await user.save({ transaction: t })
339	})	337	})
340		338
341	await Emailer.Instance.addUserBlockJob(user, block, reason)	339	await Emailer.Instance.addUserBlockJob(user, block, reason)
342		340
343	auditLogger.update(	341	auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
344	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
345	new UserAuditView(user.toFormattedJSON()),
346	oldUserAuditView
347	)
348	}	342	}


diff --git a/server/controllers/api/users/me.ts b/server/controllers/api/users/me.ts index e886d4b2a..ff3a87b7f 100644 --- a/server/controllers/api/users/me.ts +++ b/server/controllers/api/users/me.ts
@@ -5,7 +5,8 @@ import { getFormattedObjects } from '../../../helpers/utils'
5	import { CONFIG, IMAGE_MIMETYPE_EXT, sequelizeTypescript } from '../../../initializers'	5	import { CONFIG, IMAGE_MIMETYPE_EXT, sequelizeTypescript } from '../../../initializers'
6	import { sendUpdateActor } from '../../../lib/activitypub/send'	6	import { sendUpdateActor } from '../../../lib/activitypub/send'
7	import {	7	import {
8	asyncMiddleware, asyncRetryTransactionMiddleware,	8	asyncMiddleware,
		9	asyncRetryTransactionMiddleware,
9	authenticate,	10	authenticate,
10	commonVideosFiltersValidator,	11	commonVideosFiltersValidator,
11	paginationValidator,	12	paginationValidator,
@@ -17,11 +18,11 @@ import {
17	usersVideoRatingValidator	18	usersVideoRatingValidator
18	} from '../../../middlewares'	19	} from '../../../middlewares'
19	import {	20	import {
		21	areSubscriptionsExistValidator,
20	deleteMeValidator,	22	deleteMeValidator,
21	userSubscriptionsSortValidator,	23	userSubscriptionsSortValidator,
22	videoImportsSortValidator,	24	videoImportsSortValidator,
23	videosSortValidator,	25	videosSortValidator
24	areSubscriptionsExistValidator
25	} from '../../../middlewares/validators'	26	} from '../../../middlewares/validators'
26	import { AccountVideoRateModel } from '../../../models/account/account-video-rate'	27	import { AccountVideoRateModel } from '../../../models/account/account-video-rate'
27	import { UserModel } from '../../../models/account/user'	28	import { UserModel } from '../../../models/account/user'
@@ -31,12 +32,13 @@ import { buildNSFWFilter, createReqFiles } from '../../../helpers/express-utils'
31	import { UserVideoQuota } from '../../../../shared/models/users/user-video-quota.model'	32	import { UserVideoQuota } from '../../../../shared/models/users/user-video-quota.model'
32	import { updateAvatarValidator } from '../../../middlewares/validators/avatar'	33	import { updateAvatarValidator } from '../../../middlewares/validators/avatar'
33	import { updateActorAvatarFile } from '../../../lib/avatar'	34	import { updateActorAvatarFile } from '../../../lib/avatar'
34	import { auditLoggerFactory, UserAuditView } from '../../../helpers/audit-logger'	35	import { auditLoggerFactory, getAuditIdFromRes, UserAuditView } from '../../../helpers/audit-logger'
35	import { VideoImportModel } from '../../../models/video/video-import'	36	import { VideoImportModel } from '../../../models/video/video-import'
36	import { VideoFilter } from '../../../../shared/models/videos/video-query.type'	37	import { VideoFilter } from '../../../../shared/models/videos/video-query.type'
37	import { ActorFollowModel } from '../../../models/activitypub/actor-follow'	38	import { ActorFollowModel } from '../../../models/activitypub/actor-follow'
38	import { JobQueue } from '../../../lib/job-queue'	39	import { JobQueue } from '../../../lib/job-queue'
39	import { logger } from '../../../helpers/logger'	40	import { logger } from '../../../helpers/logger'
		41	import { AccountModel } from '../../../models/account/account'
40		42
41	const auditLogger = auditLoggerFactory('users-me')	43	const auditLogger = auditLoggerFactory('users-me')
42		44
@@ -293,7 +295,7 @@ async function getUserVideoQuotaUsed (req: express.Request, res: express.Respons
293	}	295	}
294		296
295	async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {	297	async function getUserVideoRating (req: express.Request, res: express.Response, next: express.NextFunction) {
296	const videoId = +req.params.videoId	298	const videoId = res.locals.video.id
297	const accountId = +res.locals.oauth.token.User.Account.id	299	const accountId = +res.locals.oauth.token.User.Account.id
298		300
299	const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)	301	const ratingObj = await AccountVideoRateModel.load(accountId, videoId, null)
@@ -311,7 +313,7 @@ async function deleteMe (req: express.Request, res: express.Response) {
311		313
312	await user.destroy()	314	await user.destroy()
313		315
314	auditLogger.delete(res.locals.oauth.token.User.Account.Actor.getIdentifier(), new UserAuditView(user.toFormattedJSON()))	316	auditLogger.delete(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()))
315		317
316	return res.sendStatus(204)	318	return res.sendStatus(204)
317	}	319	}
@@ -328,19 +330,17 @@ async function updateMe (req: express.Request, res: express.Response, next: expr
328	if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo	330	if (body.autoPlayVideo !== undefined) user.autoPlayVideo = body.autoPlayVideo
329		331
330	await sequelizeTypescript.transaction(async t => {	332	await sequelizeTypescript.transaction(async t => {
		333	const userAccount = await AccountModel.load(user.Account.id)
		334
331	await user.save({ transaction: t })	335	await user.save({ transaction: t })
332		336
333	if (body.displayName !== undefined) user.Account.name = body.displayName	337	if (body.displayName !== undefined) userAccount.name = body.displayName
334	if (body.description !== undefined) user.Account.description = body.description	338	if (body.description !== undefined) userAccount.description = body.description
335	await user.Account.save({ transaction: t })	339	await userAccount.save({ transaction: t })
336		340
337	await sendUpdateActor(user.Account, t)	341	await sendUpdateActor(userAccount, t)
338		342
339	auditLogger.update(	343	auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
340	res.locals.oauth.token.User.Account.Actor.getIdentifier(),
341	new UserAuditView(user.toFormattedJSON()),
342	oldUserAuditView
343	)
344	})	344	})
345		345
346	return res.sendStatus(204)	346	return res.sendStatus(204)
@@ -350,15 +350,12 @@ async function updateMyAvatar (req: express.Request, res: express.Response, next
350	const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]	350	const avatarPhysicalFile = req.files[ 'avatarfile' ][ 0 ]
351	const user: UserModel = res.locals.oauth.token.user	351	const user: UserModel = res.locals.oauth.token.user
352	const oldUserAuditView = new UserAuditView(user.toFormattedJSON())	352	const oldUserAuditView = new UserAuditView(user.toFormattedJSON())
353	const account = user.Account
354		353
355	const avatar = await updateActorAvatarFile(avatarPhysicalFile, account.Actor, account)	354	const userAccount = await AccountModel.load(user.Account.id)
356		355
357	auditLogger.update(	356	const avatar = await updateActorAvatarFile(avatarPhysicalFile, userAccount)
358	res.locals.oauth.token.User.Account.Actor.getIdentifier(),	357
359	new UserAuditView(user.toFormattedJSON()),	358	auditLogger.update(getAuditIdFromRes(res), new UserAuditView(user.toFormattedJSON()), oldUserAuditView)
360	oldUserAuditView
361	)
362		359
363	return res.json({ avatar: avatar.toFormattedJSON() })	360	return res.json({ avatar: avatar.toFormattedJSON() })
364	}	361	}