feat: register server-side validation + forgot password UI

2018-12-20 23:02:17 -05:00
parent 901dbb98e0
commit 78ae137f48
6 changed files with 140 additions and 29 deletions
--- a/server/controllers/auth.js
+++ b/server/controllers/auth.js
@@ -21,8 +21,13 @@ router.get('/logout', function (req, res) {
 /**
 * Register form
 */
-router.get('/register', function (req, res, next) {
-  res.render('register')
+router.get('/register', async (req, res, next) => {
+  const localStrg = await WIKI.models.authentication.getStrategy('local')
+  if (localStrg.selfRegistration) {
+    res.render('register')
+  } else {
+    next(new WIKI.Error.AuthRegistrationDisabled())
+  }
 })

 /**
--- a/server/helpers/error.js
+++ b/server/helpers/error.js
@@ -17,6 +17,14 @@ module.exports = {
    message: 'An account already exists using this email address.',
    code: 1004
  }),
+  AuthRegistrationDisabled: CustomError('AuthRegistrationDisabled', {
+    message: 'Registration is disabled. Contact your system administrator.',
+    code: 1011
+  }),
+  AuthRegistrationDomainUnauthorized: CustomError('AuthRegistrationDomainUnauthorized', {
+    message: 'You are not authorized to register. Must use a whitelisted domain.',
+    code: 1012
+  }),
  AuthTFAFailed: CustomError('AuthTFAFailed', {
    message: 'Incorrect TFA Security Code.',
    code: 1005
@@ -33,6 +41,10 @@ module.exports = {
    message: 'Too many attempts! Try again later.',
    code: 1008
  }),
+  InputInvalid: CustomError('InputInvalid', {
+    message: 'Input data is invalid.',
+    code: 1013
+  }),
  LocaleInvalidNamespace: CustomError('LocaleInvalidNamespace', {
    message: 'Invalid locale or namespace.',
    code: 1009
--- a/server/models/authentication.js
+++ b/server/models/authentication.js
@@ -30,6 +30,10 @@ module.exports = class Authentication extends Model {
    }
  }

+  static async getStrategy(key) {
+    return WIKI.models.authentication.query().findOne({ key })
+  }
+
  static async getStrategies(isEnabled) {
    const strategies = await WIKI.models.authentication.query().where(_.isBoolean(isEnabled) ? { isEnabled } : {})
    return _.sortBy(strategies.map(str => ({
--- a/server/models/users.js
+++ b/server/models/users.js
@@ -6,6 +6,7 @@ const tfa = require('node-2fa')
 const securityHelper = require('../helpers/security')
 const jwt = require('jsonwebtoken')
 const Model = require('objection').Model
+const validate = require('validate.js')

 const bcryptRegexp = /^\$2[ayb]\$[0-9]{2}\$[A-Za-z0-9./]{53}$/

@@ -294,21 +295,70 @@ module.exports = class User extends Model {
  }

  static async register ({ email, password, name }, context) {
-    const usr = await WIKI.models.users.query().findOne({ email, providerKey: 'local' })
-    if (!usr) {
-      await WIKI.models.users.query().insert({
-        provider: 'local',
+    const localStrg = await WIKI.models.authentication.getStrategy('local')
+    // Check if self-registration is enabled
+    if (localStrg.selfRegistration) {
+      // Input validation
+      const validation = validate({
        email,
-        name,
        password,
-        locale: 'en',
-        defaultEditor: 'markdown',
-        tfaIsActive: false,
-        isSystem: false
-      })
-      return true
+        name
+      }, {
+        email: {
+          email: true,
+          length: {
+            maximum: 255
+          }
+        },
+        password: {
+          presence: {
+            allowEmpty: false
+          },
+          length: {
+            minimum: 6
+          }
+        },
+        name: {
+          presence: {
+            allowEmpty: false
+          },
+          length: {
+            minimum: 2,
+            maximum: 255
+          }
+        },
+      }, { format: 'flat' })
+      if (validation && validation.length > 0) {
+        throw new WIKI.Error.InputInvalid(validation[0])
+      }
+
+      // Check if email domain is whitelisted
+      if (_.get(localStrg, 'domainWhitelist.v', []).length > 0) {
+        const emailDomain = _.last(email.split('@'))
+        if (!_.includes(localStrg.domainWhitelist.v, emailDomain)) {
+          throw new WIKI.Error.AuthRegistrationDomainUnauthorized()
+        }
+      }
+      // Check if email already exists
+      const usr = await WIKI.models.users.query().findOne({ email, providerKey: 'local' })
+      if (!usr) {
+        // Create the account
+        await WIKI.models.users.query().insert({
+          provider: 'local',
+          email,
+          name,
+          password,
+          locale: 'en',
+          defaultEditor: 'markdown',
+          tfaIsActive: false,
+          isSystem: false
+        })
+        return true
+      } else {
+        throw new WIKI.Error.AuthAccountAlreadyExists()
+      }
    } else {
-      throw new WIKI.Error.AuthAccountAlreadyExists()
+      throw new WIKI.Error.AuthRegistrationDisabled()
    }
  }
 }