From c0f924bb59d970d5a4d0001dcf8c2774d4f2fefa Mon Sep 17 00:00:00 2001 From: Jack Foltz Date: Tue, 24 Jul 2018 19:37:49 -0400 Subject: [PATCH] Fix username in use check and whitespace sanitization --- app/routes/auth.js | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/app/routes/auth.js b/app/routes/auth.js index f2d73da..381d972 100644 --- a/app/routes/auth.js +++ b/app/routes/auth.js @@ -31,20 +31,33 @@ function checkInvite(code, cb) { } // Validates the username, then registers the user in the database using the given invite. -function registerUser(username, password, invite, sanitizeFn, cb) { +function registerUser(username, password, invite, sanitize, cb) { async.series([ function (cb) { // Canonicalize and sanitize the username, checking for HTML var canonicalName = canonicalize(username); - var sanitizedName = sanitizeFn(canonicalName); + var sanitizedName = sanitize(canonicalName).replace(/\s/g,''); if (sanitizedName !== canonicalName) - cb('Username failed sanitization check.'); + cb('Username contains invalid characters.'); else if (canonicalName.length > 36) cb('Username too long.'); else cb(null); }, + function(cb) { + async.waterfall([ + function(cb) { + User.count({canonicalname: canonicalize(username)}, cb); + }, + function(count, cb) { + if (count !== 0) + cb('Username in use.'); + else + cb(null); + } + ], cb); + }, function (cb) { User.register(new User({ username: username,