merge: Prevent deletion or suspension of system accounts (resolves #625) (!666)

View MR for information: https://activitypub.software/TransFem-org/Sharkey/-/merge_requests/666

Closes #625

Approved-by: dakkar <dakkar@thenautilus.net>
Approved-by: Marie <github@yuugi.dev>

1 files changed, 7 insertions, 0 deletions

diff --git a/packages/backend/src/server/api/SigninApiService.ts b/packages/backend/src/server/api/SigninApiService.ts
index 6fbcacbc11..d212e3de79 100644
--- a/packages/backend/src/server/api/SigninApiService.ts
+++ b/packages/backend/src/server/api/SigninApiService.ts
@@ -26,6 +26,7 @@ import { RateLimiterService } from './RateLimiterService.js';
 import { SigninService } from './SigninService.js';
 import type { AuthenticationResponseJSON } from '@simplewebauthn/types';
 import type { FastifyReply, FastifyRequest } from 'fastify';
+import { isSystemAccount } from '@/misc/is-system-account.js';
 
 @Injectable()
 export class SigninApiService {
@@ -125,6 +126,12 @@ export class SigninApiService {
 			});
 		}
 
+		if (isSystemAccount(user)) {
+			return error(403, {
+				id: 's8dhsj9s-a93j-493j-ja9k-kas9sj20aml2',
+			});
+		}
+
 		const profile = await this.userProfilesRepository.findOneByOrFail({ userId: user.id });
 
 		if (!user.approved && instance.approvalRequiredForSignup) {