1
0
mirror of https://github.com/Foltik/Shimapan synced 2024-11-30 14:31:42 -05:00

Strip tags from usernames and update tests

This commit is contained in:
Jack 2017-10-14 15:15:27 -04:00
parent 5ffc93b147
commit f14fac18ec
Signed by: foltik
GPG Key ID: 303F88F996E95541
3 changed files with 14 additions and 6 deletions

View File

@ -10,10 +10,15 @@ var Invite = require('../models/Invite.js');
var passport = require('passport');
var striptags = require('striptags');
function checkUsername(username, callback) {
if (username.length > 30) return callback(null, false);
if (striptags(username) !== username) return callback(null, false);
User.find({username: username}).limit(1).count(function(err, count) {
if (err) return callback(err);
count === 0 ? callback(null, true) : callback(null, false);
(count === 0) ? callback(null, true) : callback(null, false);
});
}
@ -48,7 +53,7 @@ router.post('/register', function(req, res) {
}
}, function(err, result) {
if (!result.userCheck) {
res.status(401).json({'message': 'Username in use.'});
res.status(401).json({'message': 'Invalid username.'});
} else if (!result.inviteCheck.valid) {
res.status(401).json({'message': 'Invalid invite code.'});
} else {

View File

@ -28,7 +28,7 @@ before(function (done) {
code: 'TestCode2'
}, {
code: 'TestCode3',
exp: new Date() - 1
exp: new Date()
}
], cb);
}

View File

@ -14,6 +14,9 @@ var app = require('../server');
var server = app.server;
var db = app.db;
var should = chai.should;
var expect = chai.expect;
chai.use(http);
//---------------- DATABASE UTIL ----------------//
@ -80,7 +83,7 @@ var verifyFailedUserRegister = function(user, done) {
register(user, function (err, res) {
res.should.have.status(401);
res.body.should.be.a('object');
res.body.should.have.property('message').eql('Username in use.');
res.body.should.have.property('message').eql('Invalid username.');
done();
});
};
@ -160,9 +163,9 @@ var verifySuccessfulUpload = function(user, done) {
loginUpload(user, function(err, res) {
res.should.have.status(200);
res.body.should.have.be.a('object');
res.body.should.have.property('url');
res.body.should.have.property('name');
res.body.should.have.property('oname');
res.body.should.have.property('created');
expect(res.body.name).to.match(/^[a-z]{6}$/);
done();
});
};