julianlam
commented
5 years ago I think the best spot would be inside verifyUser itself, since that's actually the intention of the method. It just so happens that all it does right now is check local ban state (which, if they're a newly created user, would return false).
A static hook could be added in that method, either before or after the ban check. Not entirely sure where your cookie reading strategy fits in here, though.
Currently we have this workflow around banning and deleting an account.
A user has a Website Account (WA) which for the most part is a third party account. This is then auto logged in to the forum using this plugin. If they get banned, they can delete their WA which will remove them from our site and delete them from the forum. They can in theory then log back in and recreate their account using the third party account and create a new forum user bypassing the ban. To fix this in our custom version of session sharing we store any ban/moderation data when an account is deleted in another datastore and check that info via an API call when they recreate their account and reapply any ban/ban history to their new forum account.
In my attempt to bring our version of this plugin inline with the official version would it be possible to add a post processing hook (before or after verifyUser maybe?) so when a new user is created we can check our API for ban history.
I would have used the action:user.create hook to do this but our API requires the same cookie this plugin uses to be sent with it and action:user.create hook doesn't have access to req.cookies.
If there's an existing way to achieve this let me know, otherwise if you let me know where the best place would be to add a hook, I can create a PR for this?