From 9f1871b811b12e8093029b9edc018d5dd873d7d4 Mon Sep 17 00:00:00 2001
From: Tim Morgner <tim@timmorgner.de>
Date: Sun, 28 Jan 2024 22:18:20 +0100
Subject: [PATCH] updated register verification

---
 package.json           |  2 +-
 src/controller.js      | 21 ++++++++++++++++++++-
 src/webapp.js          |  4 +++-
 views/errorWarning.pug |  4 +++-
 views/register.pug     |  4 +---
 5 files changed, 28 insertions(+), 7 deletions(-)

diff --git a/package.json b/package.json
index 585e01a..d1cf5ad 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "sso",
-  "version": "1.0.0",
+  "version": "1.0.1",
   "description": "",
   "main": "index.js",
   "scripts": {
diff --git a/src/controller.js b/src/controller.js
index 7f90a80..1af09c0 100644
--- a/src/controller.js
+++ b/src/controller.js
@@ -79,12 +79,15 @@ export function registerUser(req, res) {
 }
 
 export function doRegisterUser(req, res, next) {
-    const {username, password, passwordRepeat, displayname} = req.body;
+    const {username, password, passwordRepeat, displayname,secret} = req.body;
     const {returnURL} = req.query;
     let suffix = "";
     if (returnURL != null) {
         suffix = "&returnURL=" + returnURL;
     }
+    if (secret !== process.env.REGISTER_SECRET) {
+        return res.redirect('/register?error=12' + suffix);
+    }
     if (password !== passwordRepeat) {
         return res.redirect('/register?error=5' + suffix);
     }
@@ -139,11 +142,27 @@ export function sso(req, res) {
             return res.status(400).json({error: "GUARDTOKEN ist ungültig.", code: 400})
         }
         getDisplayname(uuid).then((displayname) => {
+            if (displayname == null) {
+                return res.status(400).json({error: "UUID ist ungültig.", code: 400})
+            }
             res.status(200).json({uuid: uuid, displayname: displayname})
         })
     })
 }
 
+export function getInformation(req, res) {
+    const {uuid} = req.query;
+    if (uuid == null) {
+        return res.status(400).json({error: "UUID fehlt.", code: 400})
+    }
+    getDisplayname(uuid).then((displayname) => {
+        if (displayname == null) {
+            return res.status(400).json({error: "UUID ist ungültig.", code: 400})
+        }
+        res.status(200).json({uuid: uuid, displayname: displayname})
+    })
+}
+
 function isLoggedIn(req) {
     return req.session.uuid != null;
 }
diff --git a/src/webapp.js b/src/webapp.js
index 7a84162..e7bd506 100644
--- a/src/webapp.js
+++ b/src/webapp.js
@@ -15,7 +15,7 @@ import {
     displaynamechange,
     registerUser,
     sso,
-    doDisplaynamechange, doUsernamechange, doPasswordchange
+    doDisplaynamechange, doUsernamechange, doPasswordchange, getInformation
 } from "./controller.js";
 import * as bodyParser from "express";
 
@@ -50,6 +50,8 @@ webapp.use(bodyParser.urlencoded({extended: true}));
 
 webapp.get('/', dashboard)
 
+webapp.get('/info', getInformation)
+
 webapp.get('/register', registerUser)
 
 webapp.post('/register', doRegisterUser)
diff --git a/views/errorWarning.pug b/views/errorWarning.pug
index 562bab9..1b2f770 100644
--- a/views/errorWarning.pug
+++ b/views/errorWarning.pug
@@ -20,4 +20,6 @@
     else if error === "10"
         | Das Passwort ist nicht zulässig
     else if error === "11"
-        | Falsches Passwort
\ No newline at end of file
+        | Falsches Passwort
+    else if error === "12"
+        | Datenbank nicht erreichbar
\ No newline at end of file
diff --git a/views/register.pug b/views/register.pug
index ac39f98..4a470e0 100644
--- a/views/register.pug
+++ b/views/register.pug
@@ -10,7 +10,5 @@ block content
             input.form-control.mb-3#username(placeholder="Nutzername", name="username", type="text")
             input.form-control.mb-3#password(placeholder="Passwort", name="password", type="password")
             input.form-control.mb-3#passwordRepeat(placeholder="Passwort wiederholen", name="passwordRepeat", type="password")
-            div
-                input.form-check-input.mb-3#check(name="check", type="checkbox", required="required")
-                label.form-check-label.mb-3.limited(for="check") Ich bestätige hiermit, dass ich ein Freund oder Bekannter bin, der persönlich eingeladen wurde, sich bei GUARD SSO zu registrieren.
+            input.form-control.mb-3#secret(placeholder="Gotteslachs Geheimphrase", name="secret", type="text")
             button.btn.btn-primary#btn(type="submit") Registrieren
\ No newline at end of file