lint fix

- Updated account suspension message from "This account, User ID..." to "Your account @[username] has been
  blocked..."
- Modified server auth middleware to pass username parameter when throwing account suspended error
-Modified auth utils loginRes function to include username in suspended account error
- Updated client bannedAccountModal component to pass username (empty string if unavailable)
- Updated login test to expect username in account suspended message

test/api/unit/middlewares/blocker.test.js

@@ -117,6 +117,15 @@ describe('Blocker middleware', () => {
 
       checkIPBlockedErrorThrown(next);
     });
+
+    it('throws when the ip is blocked', () => {
+      req.ip = '192.168.1.1';
+      sandbox.stub(nconf, 'get').withArgs('BLOCKED_IPS').returns('192.168.1.1');
+      const attachBlocker = requireAgain(pathToBlocker).default;
+      attachBlocker(req, res, next);
+
+      checkIPBlockedErrorThrown(next);
+    });
   });
 
   describe('Blocking clients', () => {

test/api/v3/integration/user/auth/POST-login-local.test.js

@@ -44,7 +44,7 @@ describe('POST /user/auth/local/login', () => {
     })).to.eventually.be.rejected.and.eql({
       code: 401,
       error: 'NotAuthorized',
-      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id }),
+      message: t('accountSuspended', { communityManagerEmail: nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL'), userId: user._id, username: user.auth.local.username }),
     });
   });
 

website/client/src/components/bannedAccountModal.vue

@@ -43,9 +43,11 @@ export default {
       const AUTH_SETTINGS = localStorage.getItem(LOCALSTORAGE_AUTH_KEY);
       const parseSettings = JSON.parse(AUTH_SETTINGS);
       const userId = parseSettings ? parseSettings.auth.apiId : '';
+      const username = this.$store?.state?.user?.data?.auth?.local?.username || '';
 
       return this.$t('accountSuspended', {
         userId,
+        username,
         communityManagerEmail: COMMUNITY_MANAGER_EMAIL,
       });
     },

website/common/locales/en/front.json

@@ -133,7 +133,7 @@
   "passwordReset": "If we have your email or username on file, instructions for setting a new password have been sent to your email.",
   "invalidLoginCredentialsLong": "Uh-oh - your email address / username or password is incorrect.\n- Make sure they are typed correctly. Your username and password are case-sensitive.\n- You may have signed up with Facebook or Google-sign-in, not email so double-check by trying them.\n- If you forgot your password, click \"Forgot Password\".",
   "invalidCredentials": "There is no account that uses those credentials.",
-  "accountSuspended": "This account, User ID \"<%= userId %>\", has been blocked for breaking the Community Guidelines (https://habitica.com/static/community-guidelines) or Terms of Service (https://habitica.com/static/terms). For details or to ask to be unblocked, please email our Community Manager at <%= communityManagerEmail %> or ask your parent or guardian to email them. Please include your @Username in the email.",
+  "accountSuspended": "Your account @<%= username %> has been blocked. For additional information, or to request an appeal, email admin@habitica.com with your Habitica username or User ID.",
   "accountSuspendedTitle": "Account has been suspended",
   "unsupportedNetwork": "This network is not currently supported.",
   "cantDetachSocial": "Account lacks another authentication method; can't detach this authentication method.",

website/server/controllers/api-v4/admin.js

@@ -187,5 +187,4 @@ api.deleteBlocker = {
     res.respond(200, savedBlocker);
   },
 };
-
 export default api;

website/server/libs/auth/utils.js

@@ -16,7 +16,11 @@ export function loginRes (user, req, res) {
   if (user.auth.blocked) {
     throw new NotAuthorized(res.t(
       'accountSuspended',
-      { communityManagerEmail: COMMUNITY_MANAGER_EMAIL, userId: user._id },
+      {
+        communityManagerEmail: COMMUNITY_MANAGER_EMAIL,
+        userId: user._id,
+        username: user.auth.local.username,
+      },
     ));
   }
   const urlPath = url.parse(req.url).pathname;

website/server/middlewares/auth.js

@@ -100,6 +100,7 @@ export function authWithHeaders (options = {}) {
           throw new NotAuthorized(common.i18n.t('accountSuspended', {
             communityManagerEmail: COMMUNITY_MANAGER_EMAIL,
             userId: user._id,
+            username: user.auth.local.username,
           }, language));
         }
 

website/server/middlewares/blocker.js

@@ -1,3 +1,4 @@
+import nconf from 'nconf';
 import {
   Forbidden,
 } from '../libs/errors';
@@ -9,7 +10,19 @@ import { model as Blocker } from '../models/blocker';
 // NOTE: it's meant to be used behind a proxy (for example a load balancer)
 // that uses the 'x-forwarded-for' header to forward the original IP addresses.
 
-const blockedIps = [];
+// A list of comma separated IPs to block
+// It works fine as long as the list is short,
+// if the list becomes too long for an env variable we'll switch to Redis.
+const BLOCKED_IPS_RAW = nconf.get('BLOCKED_IPS');
+
+const blockedIps = BLOCKED_IPS_RAW
+  ? BLOCKED_IPS_RAW
+    .trim()
+    .split(',')
+    .map(blockedIp => blockedIp.trim())
+    .filter(blockedIp => Boolean(blockedIp))
+  : [];
+
 const blockedClients = [];
 
 Blocker.watchBlockers({