From 0fd47815ebe94149102aaaf969b25f8b01c34e7e Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 12:53:52 +0200 Subject: :bug: fix password changing --- api/src/routes/users/@me/index.ts | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index f6bb04d7..c5f490d3 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -1,6 +1,7 @@ import { Router, Request, Response } from "express"; -import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile } from "@fosscord/util"; +import { User, PrivateUserProjection, emitEvent, UserUpdateEvent, handleFile, FieldErrors } from "@fosscord/util"; import { route } from "@fosscord/api"; +import bcrypt from "bcrypt"; const router: Router = Router(); @@ -32,10 +33,27 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string); if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string); - await new User({ ...body, id: req.user_id }).save(); - - //Need to reload user from db due to https://github.com/typeorm/typeorm/issues/3490 const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection }); + + if (body.password) { + const same_password = await bcrypt.compare(body.password, user.data.hash || ""); + if (!same_password) { + throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + } + } + + user.assign(body); + + if (body.new_password) { + if (!body.password && !user.email) { + throw FieldErrors({ + password: { code: "BASE_TYPE_REQUIRED", message: req.t("common:field.BASE_TYPE_REQUIRED") } + }); + } + user.data.hash = await bcrypt.hash(body.new_password, 12); + } + + await user.save(); // TODO: send update member list event in gateway await emitEvent({ event: "USER_UPDATE", -- cgit 1.5.1 From d1844b65d147022d1c848d368f893af3c5603f77 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 12:54:03 +0200 Subject: :sparkles: added guestsRequireInvite to config --- api/src/routes/auth/register.ts | 12 +++++++----- util/src/entities/Config.ts | 2 ++ 2 files changed, 9 insertions(+), 5 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts index 9f3b46f1..4b08e78e 100644 --- a/api/src/routes/auth/register.ts +++ b/api/src/routes/auth/register.ts @@ -154,16 +154,18 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re }); } + if (!body.invite && (register.requireInvite || (register.guestsRequireInvite && !register.email))) { + // require invite to register -> e.g. for organizations to send invites to their employees + throw FieldErrors({ + email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } + }); + } + const user = await User.register({ ...body, req }); if (body.invite) { // await to fail if the invite doesn't exist (necessary for requireInvite to work properly) (username only signups are possible) await Invite.joinGuild(user.id, body.invite); - } else if (register.requireInvite) { - // require invite to register -> e.g. for organizations to send invites to their employees - throw FieldErrors({ - email: { code: "INVITE_ONLY", message: req.t("auth:register.INVITE_ONLY") } - }); } return res.json({ token: await generateToken(user.id) }); diff --git a/util/src/entities/Config.ts b/util/src/entities/Config.ts index 921a12c2..813649ac 100644 --- a/util/src/entities/Config.ts +++ b/util/src/entities/Config.ts @@ -128,6 +128,7 @@ export interface ConfigValue { disabled: boolean; requireCaptcha: boolean; requireInvite: boolean; + guestsRequireInvite: boolean; allowNewRegistration: boolean; allowMultipleAccounts: boolean; blockProxies: boolean; @@ -277,6 +278,7 @@ export const DefaultConfigOptions: ConfigValue = { }, disabled: false, requireInvite: false, + guestsRequireInvite: true, requireCaptcha: true, allowNewRegistration: true, allowMultipleAccounts: true, -- cgit 1.5.1 From 976a8e094b5618f9e237dedeeb48864510773343 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 13:04:27 +0200 Subject: :bug: fix claim account --- api/src/routes/users/@me/index.ts | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/users/@me/index.ts b/api/src/routes/users/@me/index.ts index c5f490d3..1959704a 100644 --- a/api/src/routes/users/@me/index.ts +++ b/api/src/routes/users/@me/index.ts @@ -33,12 +33,16 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: if (body.avatar) body.avatar = await handleFile(`/avatars/${req.user_id}`, body.avatar as string); if (body.banner) body.banner = await handleFile(`/banners/${req.user_id}`, body.banner as string); - const user = await User.findOneOrFail({ where: { id: req.user_id }, select: PrivateUserProjection }); + const user = await User.findOneOrFail({ where: { id: req.user_id }, select: [...PrivateUserProjection, "data"] }); if (body.password) { - const same_password = await bcrypt.compare(body.password, user.data.hash || ""); - if (!same_password) { - throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + if (user.data?.hash) { + const same_password = await bcrypt.compare(body.password, user.data.hash || ""); + if (!same_password) { + throw FieldErrors({ password: { message: req.t("auth:login.INVALID_PASSWORD"), code: "INVALID_PASSWORD" } }); + } + } else { + user.data.hash = await bcrypt.hash(body.password, 12); } } @@ -54,6 +58,10 @@ router.patch("/", route({ body: "UserModifySchema" }), async (req: Request, res: } await user.save(); + + // @ts-ignore + delete user.data; + // TODO: send update member list event in gateway await emitEvent({ event: "USER_UPDATE", -- cgit 1.5.1 From de681188e5513359f3036138b517e42a3b78fb92 Mon Sep 17 00:00:00 2001 From: Flam3rboy <34555296+Flam3rboy@users.noreply.github.com> Date: Sat, 9 Oct 2021 14:00:28 +0200 Subject: :bug: fix typing --- api/src/routes/auth/register.ts | 3 ++- api/src/routes/channels/#channel_id/typing.ts | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) (limited to 'api/src') diff --git a/api/src/routes/auth/register.ts b/api/src/routes/auth/register.ts index 4b08e78e..cd1bcb72 100644 --- a/api/src/routes/auth/register.ts +++ b/api/src/routes/auth/register.ts @@ -98,7 +98,6 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re } } - console.log("register", body.email, body.username, ip); // TODO: gift_code_sku_id? // TODO: check password strength @@ -168,6 +167,8 @@ router.post("/", route({ body: "RegisterSchema" }), async (req: Request, res: Re await Invite.joinGuild(user.id, body.invite); } + console.log("register", body.email, body.username, ip); + return res.json({ token: await generateToken(user.id) }); }); diff --git a/api/src/routes/channels/#channel_id/typing.ts b/api/src/routes/channels/#channel_id/typing.ts index a9dcb315..45ed76db 100644 --- a/api/src/routes/channels/#channel_id/typing.ts +++ b/api/src/routes/channels/#channel_id/typing.ts @@ -9,7 +9,7 @@ router.post("/", route({ permission: "SEND_MESSAGES" }), async (req: Request, re const user_id = req.user_id; const timestamp = Date.now(); const channel = await Channel.findOneOrFail({ id: channel_id }); - const member = await Member.findOneOrFail({ where: { id: user_id }, relations: ["roles"] }); + const member = await Member.findOneOrFail({ where: { id: user_id }, relations: ["roles", "user"] }); await emitEvent({ event: "TYPING_START", -- cgit 1.5.1