foltik/shimapan
1
0
Fork 0
mirror of https://github.com/Foltik/Shimapan synced 2024-12-03 10:59:13 -05:00
Code Issues Releases Wiki Activity

Strip tags from usernames and update tests

Browse Source
This commit is contained in:
Jack 2017-10-14 15:15:27 -04:00
parent 5ffc93b147
commit f14fac18ec
Signed by: foltik
GPG Key ID: 303F88F996E95541
3 changed files with 14 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
app/routes/auth.js
View File

@ -10,10 +10,15 @@ var Invite = require('../models/Invite.js');
var passport = require('passport'); var passport = require('passport');
var striptags = require('striptags');
function checkUsername(username, callback) { function checkUsername(username, callback) {
if (username.length > 30) return callback(null, false);
if (striptags(username) !== username) return callback(null, false);
User.find({username: username}).limit(1).count(function(err, count) { User.find({username: username}).limit(1).count(function(err, count) {
if (err) return callback(err); if (err) return callback(err);
count === 0 ? callback(null, true) : callback(null, false); (count === 0) ? callback(null, true) : callback(null, false);
}); });
} }
@ -48,7 +53,7 @@ router.post('/register', function(req, res) {
} }
}, function(err, result) { }, function(err, result) {
if (!result.userCheck) { if (!result.userCheck) {
res.status(401).json({'message': 'Username in use.'}); res.status(401).json({'message': 'Invalid username.'});
} else if (!result.inviteCheck.valid) { } else if (!result.inviteCheck.valid) {
res.status(401).json({'message': 'Invalid invite code.'}); res.status(401).json({'message': 'Invalid invite code.'});
} else { } else {

2
test/api.js
View File

@ -28,7 +28,7 @@ before(function (done) {
code: 'TestCode2' code: 'TestCode2'
}, { }, {
code: 'TestCode3', code: 'TestCode3',
exp: new Date() - 1 exp: new Date()
} }
], cb); ], cb);
} }

9
test/testUtil.js
View File

@ -14,6 +14,9 @@ var app = require('../server');
var server = app.server; var server = app.server;
var db = app.db; var db = app.db;
var should = chai.should;
var expect = chai.expect;
chai.use(http); chai.use(http);
//---------------- DATABASE UTIL ----------------// //---------------- DATABASE UTIL ----------------//
@ -80,7 +83,7 @@ var verifyFailedUserRegister = function(user, done) {
register(user, function (err, res) { register(user, function (err, res) {
res.should.have.status(401); res.should.have.status(401);
res.body.should.be.a('object'); res.body.should.be.a('object');
res.body.should.have.property('message').eql('Username in use.'); res.body.should.have.property('message').eql('Invalid username.');
done(); done();
}); });
}; };
@ -160,9 +163,9 @@ var verifySuccessfulUpload = function(user, done) {
loginUpload(user, function(err, res) { loginUpload(user, function(err, res) {
res.should.have.status(200); res.should.have.status(200);
res.body.should.have.be.a('object'); res.body.should.have.be.a('object');
res.body.should.have.property('url');
res.body.should.have.property('name'); res.body.should.have.property('name');
res.body.should.have.property('oname'); expect(res.body.name).to.match(/^[a-z]{6}$/);
res.body.should.have.property('created');
done(); done();
}); });
}; };