fix: improve user deletion process and session handling

2026-03-20 13:53:07 -04:00
parent ea537ff293
commit b7f3394448
3 changed files with 9 additions and 5 deletions
--- a/src/models/index.js
+++ b/src/models/index.js
@@ -143,8 +143,11 @@ const Users = {
  },

  deleteUser(userId) {
-    db.prepare('UPDATE users SET display_name = ?, password_hash = ?, is_admin = 0, is_organizer = 0 WHERE id = ?')
-      .run('[deleted]', '', userId);
+    // get username from userId before scrambling
+    const user = this.findById(userId);
+    const scrambled = `_deleted_${user.username}_${Date.now()}`;
+    db.prepare('UPDATE users SET username = ?, display_name = ?, password_hash = ?, is_admin = 0, is_organizer = 0 WHERE id = ?')
+      .run(scrambled, '[deleted]', '', userId);
    db.prepare('UPDATE password_reset_tokens SET used = 1 WHERE user_id = ?').run(userId);
    db.prepare("DELETE FROM sessions WHERE sess LIKE ?").run('%"userId":' + userId + '%');
  }
--- a/src/routes/admin.js
+++ b/src/routes/admin.js
@@ -186,7 +186,7 @@ router.post('/users/:id/delete', requireAdmin, (req, res) => {
  }

  Users.deleteUser(userId);
-  req.session.flash = { type: 'success', message: `Account "${user.username}" has been deleted.` };
+  req.session.flash = { type: 'success', message: `Account "${user.display_name || user.username}" has been deleted.` };
  res.redirect('/admin');
 });

--- a/src/routes/hunts.js
+++ b/src/routes/hunts.js
@@ -167,8 +167,9 @@ router.post('/player/:username/delete', requireAuth, (req, res) => {
  }

  Users.deleteUser(user.id);
-  req.session.destroy();
-  res.redirect('/');
+  req.session.destroy(() => {
+    res.redirect('/');
+  });
 });

 // ─── Browse all hunts ─────────────────────────────────────