Curating usernames in sign-up and stash load tool.
This commit is contained in:
parent
1fc441670b
commit
914838e367
|
@ -37,6 +37,8 @@ module.exports = {
|
||||||
auth: {
|
auth: {
|
||||||
login: true,
|
login: true,
|
||||||
signup: true,
|
signup: true,
|
||||||
|
usernameLength: [2, 24],
|
||||||
|
usernamePattern: /^[a-zA-Z0-9_-]$/,
|
||||||
},
|
},
|
||||||
exclude: {
|
exclude: {
|
||||||
channels: [
|
channels: [
|
||||||
|
|
22
src/auth.js
22
src/auth.js
|
@ -26,7 +26,7 @@ async function login(credentials) {
|
||||||
throw new HttpError('Authentication is disabled', 405);
|
throw new HttpError('Authentication is disabled', 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
const user = await fetchUser(credentials.username, true);
|
const user = await fetchUser(credentials.username.trim(), true);
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
throw new HttpError('Username or password incorrect', 401);
|
throw new HttpError('Username or password incorrect', 401);
|
||||||
|
@ -46,10 +46,24 @@ async function signup(credentials) {
|
||||||
throw new HttpError('Authentication is disabled', 405);
|
throw new HttpError('Authentication is disabled', 405);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!credentials.username) {
|
const curatedUsername = credentials.username.trim();
|
||||||
|
|
||||||
|
if (!curatedUsername) {
|
||||||
throw new HttpError('Username required', 400);
|
throw new HttpError('Username required', 400);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (curatedUsername.length < config.auth.usernameLength[0]) {
|
||||||
|
throw new HttpError('Username is too short', 400);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (curatedUsername.length > config.auth.usernameLength[1]) {
|
||||||
|
throw new HttpError('Username is too long', 400);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (!config.auth.usernamePattern.test(curatedUsername)) {
|
||||||
|
throw new HttpError('Username contains invalid characters', 400);
|
||||||
|
}
|
||||||
|
|
||||||
if (!credentials.email) {
|
if (!credentials.email) {
|
||||||
throw new HttpError('E-mail required', 400);
|
throw new HttpError('E-mail required', 400);
|
||||||
}
|
}
|
||||||
|
@ -59,7 +73,7 @@ async function signup(credentials) {
|
||||||
}
|
}
|
||||||
|
|
||||||
const existingUser = await knex('users')
|
const existingUser = await knex('users')
|
||||||
.where('username', credentials.username)
|
.where('username', curatedUsername)
|
||||||
.orWhere('email', credentials.email)
|
.orWhere('email', credentials.email)
|
||||||
.first();
|
.first();
|
||||||
|
|
||||||
|
@ -73,7 +87,7 @@ async function signup(credentials) {
|
||||||
|
|
||||||
const [userId] = await knex('users')
|
const [userId] = await knex('users')
|
||||||
.insert({
|
.insert({
|
||||||
username: credentials.username,
|
username: curatedUsername,
|
||||||
email: credentials.email,
|
email: credentials.email,
|
||||||
password: storedPassword,
|
password: storedPassword,
|
||||||
})
|
})
|
||||||
|
|
|
@ -120,7 +120,7 @@ async function load() {
|
||||||
|
|
||||||
const user = await knex('users')
|
const user = await knex('users')
|
||||||
.select('id')
|
.select('id')
|
||||||
.where('username', stash.username)
|
.where('username', stash.username.trim())
|
||||||
.first();
|
.first();
|
||||||
|
|
||||||
if (!user) {
|
if (!user) {
|
||||||
|
|
Loading…
Reference in New Issue