updated register verification

Baspla · Jan 28, 2024 · 9f1871b · 9f1871b
1 parent 854d9ee
commit 9f1871b
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 7 deletions.
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sso",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "",
   "main": "index.js",
   "scripts": {

diff --git a/src/controller.js b/src/controller.js
@@ -79,12 +79,15 @@ export function registerUser(req, res) {
 }
 
 export function doRegisterUser(req, res, next) {
-    const {username, password, passwordRepeat, displayname} = req.body;
+    const {username, password, passwordRepeat, displayname,secret} = req.body;
     const {returnURL} = req.query;
     let suffix = "";
     if (returnURL != null) {
         suffix = "&returnURL=" + returnURL;
     }
+    if (secret !== process.env.REGISTER_SECRET) {
+        return res.redirect('/register?error=12' + suffix);
+    }
     if (password !== passwordRepeat) {
         return res.redirect('/register?error=5' + suffix);
     }
@@ -139,11 +142,27 @@ export function sso(req, res) {
             return res.status(400).json({error: "GUARDTOKEN ist ungültig.", code: 400})
         }
         getDisplayname(uuid).then((displayname) => {
+            if (displayname == null) {
+                return res.status(400).json({error: "UUID ist ungültig.", code: 400})
+            }
             res.status(200).json({uuid: uuid, displayname: displayname})
         })
     })
 }
 
+export function getInformation(req, res) {
+    const {uuid} = req.query;
+    if (uuid == null) {
+        return res.status(400).json({error: "UUID fehlt.", code: 400})
+    }
+    getDisplayname(uuid).then((displayname) => {
+        if (displayname == null) {
+            return res.status(400).json({error: "UUID ist ungültig.", code: 400})
+        }
+        res.status(200).json({uuid: uuid, displayname: displayname})
+    })
+}
+
 function isLoggedIn(req) {
     return req.session.uuid != null;
 }

diff --git a/src/webapp.js b/src/webapp.js
@@ -15,7 +15,7 @@ import {
     displaynamechange,
     registerUser,
     sso,
-    doDisplaynamechange, doUsernamechange, doPasswordchange
+    doDisplaynamechange, doUsernamechange, doPasswordchange, getInformation
 } from "./controller.js";
 import * as bodyParser from "express";
 
@@ -50,6 +50,8 @@ webapp.use(bodyParser.urlencoded({extended: true}));
 
 webapp.get('/', dashboard)
 
+webapp.get('/info', getInformation)
+
 webapp.get('/register', registerUser)
 
 webapp.post('/register', doRegisterUser)

diff --git a/views/errorWarning.pug b/views/errorWarning.pug
@@ -20,4 +20,6 @@
     else if error === "10"
         | Das Passwort ist nicht zulässig
     else if error === "11"
-        | Falsches Passwort
+        | Falsches Passwort
+    else if error === "12"
+        | Datenbank nicht erreichbar
diff --git a/views/register.pug b/views/register.pug
@@ -10,7 +10,5 @@ block content
             input.form-control.mb-3#username(placeholder="Nutzername", name="username", type="text")
             input.form-control.mb-3#password(placeholder="Passwort", name="password", type="password")
             input.form-control.mb-3#passwordRepeat(placeholder="Passwort wiederholen", name="passwordRepeat", type="password")
-            div
-                input.form-check-input.mb-3#check(name="check", type="checkbox", required="required")
-                label.form-check-label.mb-3.limited(for="check") Ich bestätige hiermit, dass ich ein Freund oder Bekannter bin, der persönlich eingeladen wurde, sich bei GUARD SSO zu registrieren.
+            input.form-control.mb-3#secret(placeholder="Gotteslachs Geheimphrase", name="secret", type="text")
             button.btn.btn-primary#btn(type="submit") Registrieren