fix(profile): prevent profile XP updates on other user profile (@Majestic-Fire) (#6897)

### Description - Fixed a visual bug in the updateXp() function where claiming rewards would update any visible profile - Added same user check when updating XP from alerts modal - Check uid or displayname, when sameUserCheck is true and the activePage is "profile". https://github.com/user-attachments/assets/bd6ec3ca-14ea-4021-a889-7c1931ed6888 ### Checks - [ ] Adding quotes? - [ ] Make sure to include translations for the quotes in the description (or another comment) so we can verify their content. - [ ] Adding a language? - Make sure to follow the [languages documentation](https://github.com/monkeytypegame/monkeytype/blob/master/docs/LANGUAGES.md) - [ ] Add language to `packages/schemas/src/languages.ts` - [ ] Add language to exactly one group in `frontend/src/ts/constants/languages.ts` - [ ] Add language json file to `frontend/static/languages` - [ ] Adding a theme? - Make sure to follow the [themes documentation](https://github.com/monkeytypegame/monkeytype/blob/master/docs/THEMES.md) - [ ] Add theme to `packages/schemas/src/themes.ts` - [ ] Add theme to `frontend/src/ts/constants/themes.ts` - [ ] Add theme css file to `frontend/static/themes` - [ ] Add some screenshot of the theme, especially with different test settings (colorful, flip colors) to your pull request - [ ] Adding a layout? - [ ] Make sure to follow the [layouts documentation](https://github.com/monkeytypegame/monkeytype/blob/master/docs/LAYOUTS.md) - [ ] Add layout to `packages/schemas/src/layouts.ts` - [ ] Add layout json file to `frontend/static/layouts` - [ ] Adding a font? - Make sure to follow the [themes documentation](https://github.com/monkeytypegame/monkeytype/blob/master/docs/FONTS.md) - [ ] Add font file to `frontend/static/webfonts` - [ ] Add font to `packages/schemas/src/fonts.ts` - [ ] Add font to `frontend/src/ts/constants/fonts.ts` - [x] Check if any open issues are related to this PR; if so, be sure to tag them below. - [x] Make sure the PR title follows the Conventional Commits standard. (https://www.conventionalcommits.org for more info) - [x] Make sure to include your GitHub username prefixed with @ inside parentheses at the end of the PR title. --------- Co-authored-by: Miodec <jack@monkeytype.com>
2025-09-10 08:37:24 +08:00 · 2025-09-01 17:51:07 +08:00 · 2025-09-01 17:51:07 +08:00 · 177eb590fd
commit 177eb590fd
parent 88bb7a081f
2 changed files with 23 additions and 4 deletions
--- a/frontend/src/ts/elements/alerts.ts
+++ b/frontend/src/ts/elements/alerts.ts
@ -12,6 +12,7 @@ import { updateXp as accountPageUpdateProfile } from "./profile";
 import { MonkeyMail } from "@monkeytype/schemas/users";
 import * as XPBar from "../elements/xp-bar";
 import * as AuthEvent from "../observables/auth-event";
+import * as ActivePage from "../states/active-page";

 let accountAlerts: MonkeyMail[] = [];
 let maxMail = 0;
@ -94,7 +95,12 @@ function hide(): void {
      if (totalXpClaimed > 0) {
        const snapxp = DB.getSnapshot()?.xp ?? 0;
        void XPBar.update(snapxp, totalXpClaimed);
-        accountPageUpdateProfile(snapxp + totalXpClaimed);
+
+        const activePage = ActivePage.get();
+        if (activePage === "account" || activePage === "profile") {
+          accountPageUpdateProfile(activePage, snapxp + totalXpClaimed, true);
+        }
+
        DB.addXp(totalXpClaimed);
      }
    },
--- a/frontend/src/ts/elements/profile.ts
+++ b/frontend/src/ts/elements/profile.ts
@ -285,7 +285,7 @@ export async function update(
    }
  }

-  updateXp(profile.xp ?? 0);
+  updateXp(where, profile.xp ?? 0);
  //lbs

  if (banned) {
@ -373,9 +373,22 @@ export async function update(
  }
 }

-export function updateXp(xp: number): void {
-  const details = $(" .profile .details .levelAndBar");
+export function updateXp(
+  where: ProfileViewPaths,
+  xp: number,
+  sameUserCheck = false
+): void {
+  const elementClass = where.charAt(0).toUpperCase() + where.slice(1);
+  const profileElement = $(`.page${elementClass} .profile`);
+  const details = $(`.page${elementClass} .profile .details .levelAndBar`);
+
  if (details === undefined || details === null) return;
+
+  if (sameUserCheck && where === "profile") {
+    const authedUserUid = getAuthenticatedUser()?.uid;
+    if (authedUserUid !== profileElement.attr("uid")) return;
+  }
+
  const xpDetails = Levels.getXpDetails(xp);
  const xpForLevel = xpDetails.levelMaxXp;
  const xpToDisplay = xpDetails.levelCurrentXp;