From 19e047e2d3929ba41e854d2f775493f59c4cbceb Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Thu, 17 Aug 2023 17:18:30 -0400
Subject: [PATCH] =?UTF-8?q?fix:=20#11906,=20userData.sso=20=E2=80=94=20don?=
 =?UTF-8?q?'t=20serve=20deauthUrl=20or=20non-associated=20url=20if=20calle?=
 =?UTF-8?q?r=20uid=20is=20not=20same=20as=20target=20uid?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/controllers/accounts/helpers.js | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/controllers/accounts/helpers.js b/src/controllers/accounts/helpers.js
index 0d2b08eee8..4ac8042eba 100644
--- a/src/controllers/accounts/helpers.js
+++ b/src/controllers/accounts/helpers.js
@@ -104,7 +104,16 @@ helpers.getUserDataByUserSlug = async function (userslug, callerUID, query = {})
 		canViewInfo: canViewInfo,
 	});
 
-	userData.sso = results.sso.associations;
+	userData.sso = results.sso.associations.map((association) => {
+		if (!isSelf) {
+			delete association.deauthUrl;
+			if (!association.associated) {
+				delete association.url;
+			}
+		}
+
+		return association;
+	});
 	userData.banned = Boolean(userData.banned);
 	userData.muted = parseInt(userData.mutedUntil, 10) > Date.now();
 	userData.website = escape(userData.website);