From fe811537e93532e21ff4e6d77190271a032c5494 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Mon, 9 Dec 2024 14:40:49 -0500
Subject: [PATCH] refactor: remove "password" in comments

---
 src/api/users.js        | 5 ++---
 src/cli/setup.js        | 3 +--
 src/install.js          | 7 +------
 src/middleware/admin.js | 1 -
 src/socket.io/user.js   | 1 -
 src/user/data.js        | 1 -
 src/user/index.js       | 2 +-
 src/user/reset.js       | 1 -
 8 files changed, 5 insertions(+), 16 deletions(-)

diff --git a/src/api/users.js b/src/api/users.js
index 3897613342..5b7e35d254 100644
--- a/src/api/users.js
+++ b/src/api/users.js
@@ -67,8 +67,8 @@ usersAPI.update = async function (caller, data) {
 		privileges.users.canEdit(caller.uid, data.uid),
 	]);
 
-	// Changing own email/username requires password confirmation
-	if (data.hasOwnProperty('email') || data.hasOwnProperty('username')) {
+	const isChangingEmailOrUsername = data.hasOwnProperty('email') || data.hasOwnProperty('username');
+	if (isChangingEmailOrUsername) {
 		await isPrivilegedOrSelfAndPasswordMatch(caller, data);
 	}
 
@@ -547,7 +547,6 @@ async function processDeletion({ uid, method, password, caller }) {
 		throw new Error('[[error:no-privileges]]');
 	}
 
-	// Self-deletions require a password
 	const hasPassword = await user.hasPassword(uid);
 	if (isSelf && hasPassword) {
 		const ok = await user.isPasswordCorrect(uid, password, caller.ip);
diff --git a/src/cli/setup.js b/src/cli/setup.js
index 859f674a9c..67b958ed95 100644
--- a/src/cli/setup.js
+++ b/src/cli/setup.js
@@ -51,8 +51,7 @@ async function setup(initConfig) {
 	}
 	console.log('NodeBB Setup Completed. Run "./nodebb start" to manually start your NodeBB server.');
 
-	// If I am a child process, notify the parent of the returned data before exiting (useful for notifying
-	// hosts of auto-generated username/password during headless setups)
+	// If I am a child process, notify the parent of the returned data before exiting (useful for notifying hosts during headless setups)
 	if (process.send) {
 		process.send(data);
 	}
diff --git a/src/install.js b/src/install.js
index 89b40d7b39..54ea7a325f 100644
--- a/src/install.js
+++ b/src/install.js
@@ -370,26 +370,21 @@ async function createAdmin() {
 	}
 
 	async function retryPassword(originalResults) {
-		// Ask only the password questions
 		const results = await prompt.get(passwordQuestions);
 
-		// Update the original data with newly collected password
 		originalResults.password = results.password;
 		originalResults['password:confirm'] = results['password:confirm'];
 
-		// Send back to success to handle
 		return await success(originalResults);
 	}
 
-	// Add the password questions
 	questions = questions.concat(passwordQuestions);
 
 	if (!install.values) {
 		const results = await prompt.get(questions);
 		return await success(results);
 	}
-	// If automated setup did not provide a user password, generate one,
-	// it will be shown to the user upon setup completion
+
 	if (!install.values.hasOwnProperty('admin:password') && !nconf.get('admin:password')) {
 		console.log('Password was not provided during automated setup, generating one...');
 		password = utils.generateUUID().slice(0, 8);
diff --git a/src/middleware/admin.js b/src/middleware/admin.js
index bf89079103..84d34dfbd0 100644
--- a/src/middleware/admin.js
+++ b/src/middleware/admin.js
@@ -47,7 +47,6 @@ middleware.checkPrivileges = helpers.try(async (req, res, next) => {
 		}
 	}
 
-	// If user does not have password
 	const hasPassword = await user.hasPassword(req.uid);
 	if (!hasPassword) {
 		return next();
diff --git a/src/socket.io/user.js b/src/socket.io/user.js
index 51e5dc9f71..c20c545f8a 100644
--- a/src/socket.io/user.js
+++ b/src/socket.io/user.js
@@ -24,7 +24,6 @@ require('./user/status')(SocketUser);
 require('./user/picture')(SocketUser);
 require('./user/registration')(SocketUser);
 
-// Password Reset
 SocketUser.reset = {};
 
 SocketUser.reset.send = async function (socket, email) {
diff --git a/src/user/data.js b/src/user/data.js
index 47975ea99a..96ddfc51fe 100644
--- a/src/user/data.js
+++ b/src/user/data.js
@@ -82,7 +82,6 @@ module.exports = function (User) {
 		if (!fields.length) {
 			fields = results.whitelist;
 		} else {
-			// Never allow password retrieval via this method
 			fields = fields.filter(value => value !== 'password');
 		}
 
diff --git a/src/user/index.js b/src/user/index.js
index 5922fea7b7..eaba1dbb32 100644
--- a/src/user/index.js
+++ b/src/user/index.js
@@ -244,7 +244,7 @@ User.addInterstitials = function (callback) {
 	plugins.hooks.register('core', {
 		hook: 'filter:register.interstitial',
 		method: [
-			User.interstitials.email, // Email address (for password reset + digest)
+			User.interstitials.email, // Email address
 			User.interstitials.gdpr, // GDPR information collection/processing consent + email consent
 			User.interstitials.tou, // Forum Terms of Use
 		],
diff --git a/src/user/reset.js b/src/user/reset.js
index 9a6d6330ff..d2782c6dc0 100644
--- a/src/user/reset.js
+++ b/src/user/reset.js
@@ -108,7 +108,6 @@ UserReset.commit = async function (code, password) {
 		'password:shaWrapped': 1,
 	};
 
-	// don't verify email if password reset is due to expiry
 	const isPasswordExpired = userData.passwordExpiry && userData.passwordExpiry < Date.now();
 	if (!isPasswordExpired) {
 		data['email:confirmed'] = 1;