From 907374b1c1ac83a91b94323359d722ca2046acb0 Mon Sep 17 00:00:00 2001
From: Hugo Renard <hugo.renard@protonmail.com>
Date: Thu, 17 Mar 2022 11:33:31 +0100
Subject: [PATCH] protect admin user from deletion

---
 src/endpoints/UserEndpoint.ts | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/endpoints/UserEndpoint.ts b/src/endpoints/UserEndpoint.ts
index a5096e5..21c4909 100644
--- a/src/endpoints/UserEndpoint.ts
+++ b/src/endpoints/UserEndpoint.ts
@@ -44,6 +44,12 @@ export class UserEndpoint extends ScimEndpoint implements IScimEndpoint {
     }
 
     public async _delete(ctx: Context): Promise<IApiResponse> {
+        if (ctx.id() === (await ctx.rc.getUserId())) {
+            throw new SCIMError()
+                .setStatus(HttpStatusCode.FORBIDDEN)
+                .setScimType(SCIMErrorType.MUTABILITY)
+                .setDetail("The admin user can't be deleted");
+        }
         const o = await ctx.rc.user.delete({
             userId: ctx.id(),
             confirmRelinquish: true,