Fixing user search leaking emails.

This commit is contained in:
Dessalines 2020-09-03 08:48:26 -05:00
parent 7101ac1b4b
commit 4a4629763e
2 changed files with 24 additions and 2 deletions

View file

@ -125,6 +125,7 @@ impl<'a> UserQueryBuilder<'a> {
pub fn list(self) -> Result<Vec<UserView>, Error> {
use super::user_view::user_fast::dsl::*;
use diesel::sql_types::{Nullable, Text};
let mut query = self.query;
@ -154,6 +155,28 @@ impl<'a> UserQueryBuilder<'a> {
let (limit, offset) = limit_and_offset(self.page, self.limit);
query = query.limit(limit).offset(offset);
// The select is necessary here to not get back emails
query = query.select((
id,
actor_id,
name,
preferred_username,
avatar,
banner,
"".into_sql::<Nullable<Text>>(),
matrix_user_id,
bio,
local,
admin,
banned,
show_avatars,
send_notifications_to_email,
published,
number_of_posts,
post_score,
number_of_comments,
comment_score,
));
query.load::<UserView>(self.conn)
}
}

View file

@ -311,7 +311,6 @@ export class Search extends Component<any, SearchState> {
{i.type_ == 'users' && (
<div>
<span>
@
<UserListing
user={{
name: (i.data as UserView).name,
@ -398,11 +397,11 @@ export class Search extends Component<any, SearchState> {
<div class="row">
<div class="col-12">
<span>
@
<UserListing
user={{
name: user.name,
avatar: user.avatar,
preferred_username: user.preferred_username,
}}
/>
</span>