forked from DebaucheryLibrarian/traxxx
Curating usernames in sign-up and stash load tool.
This commit is contained in:
DebaucheryLibrarian
parent
1fc441670b
commit
914838e367
|
|
@ -37,6 +37,8 @@ module.exports = {
|
|||
auth: {
|
||||
login: true,
|
||||
signup: true,
|
||||
usernameLength: [2, 24],
|
||||
usernamePattern: /^[a-zA-Z0-9_-]$/,
|
||||
},
|
||||
exclude: {
|
||||
channels: [
|
||||
|
|
|
|||
22
src/auth.js
22
src/auth.js
|
|
@ -26,7 +26,7 @@ async function login(credentials) {
|
|||
throw new HttpError('Authentication is disabled', 405);
|
||||
}
|
||||
|
||||
const user = await fetchUser(credentials.username, true);
|
||||
const user = await fetchUser(credentials.username.trim(), true);
|
||||
|
||||
if (!user) {
|
||||
throw new HttpError('Username or password incorrect', 401);
|
||||
|
|
@ -46,10 +46,24 @@ async function signup(credentials) {
|
|||
throw new HttpError('Authentication is disabled', 405);
|
||||
}
|
||||
|
||||
if (!credentials.username) {
|
||||
const curatedUsername = credentials.username.trim();
|
||||
|
||||
if (!curatedUsername) {
|
||||
throw new HttpError('Username required', 400);
|
||||
}
|
||||
|
||||
if (curatedUsername.length < config.auth.usernameLength[0]) {
|
||||
throw new HttpError('Username is too short', 400);
|
||||
}
|
||||
|
||||
if (curatedUsername.length > config.auth.usernameLength[1]) {
|
||||
throw new HttpError('Username is too long', 400);
|
||||
}
|
||||
|
||||
if (!config.auth.usernamePattern.test(curatedUsername)) {
|
||||
throw new HttpError('Username contains invalid characters', 400);
|
||||
}
|
||||
|
||||
if (!credentials.email) {
|
||||
throw new HttpError('E-mail required', 400);
|
||||
}
|
||||
|
|
@ -59,7 +73,7 @@ async function signup(credentials) {
|
|||
}
|
||||
|
||||
const existingUser = await knex('users')
|
||||
.where('username', credentials.username)
|
||||
.where('username', curatedUsername)
|
||||
.orWhere('email', credentials.email)
|
||||
.first();
|
||||
|
||||
|
|
@ -73,7 +87,7 @@ async function signup(credentials) {
|
|||
|
||||
const [userId] = await knex('users')
|
||||
.insert({
|
||||
username: credentials.username,
|
||||
username: curatedUsername,
|
||||
email: credentials.email,
|
||||
password: storedPassword,
|
||||
})
|
||||
|
|
|
|||
|
|
@ -120,7 +120,7 @@ async function load() {
|
|||
|
||||
const user = await knex('users')
|
||||
.select('id')
|
||||
.where('username', stash.username)
|
||||
.where('username', stash.username.trim())
|
||||
.first();
|
||||
|
||||
if (!user) {
|
||||
|
|
|
|||
Loading…
Reference in New Issue