jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Protect user creation if open registration is not allowed

Browse Source
This commit is contained in:
Johannes Zellner
2017-03-20 12:00:58 +01:00
parent 661f1fce31
commit 135338786f
1 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/routes/oauth2.js
+19 -9
View File
@@ -404,8 +404,13 @@ function renderAccountCreateSite(res, req, error, success) {
}
// -> GET /api/v1/session/account/create.html
function accountCreateSite(req, res) {
renderAccountCreateSite(res, req, '', '');
function accountCreateSite(req, res, next) {
settings.getOpenRegistration(function (error, enabled) {
if (error) return next(new HttpError(500, error));
if (!enabled) return sendError(req, res, 'User creation is not allowed on this Cloudron');
renderAccountCreateSite(res, req, '', '');
});
}
// -> POST /api/v1/session/account/create
@@ -416,16 +421,21 @@ function accountCreate(req, res, next) {
debug('accountCreate: with email %s.', req.body.email);
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
var auditSource = { ip: ip, username: req.body.email, userId: null };
settings.getOpenRegistration(function (error, enabled) {
if (error) return next(new HttpError(500, error));
if (!enabled) return sendError(req, res, 'User creation is not allowed on this Cloudron');
user.create('', generatePassword(), req.body.email, '', auditSource, { sendInvite: true }, function (error, result) {
if (error && error.reason === UserError.ALREADY_EXISTS) return renderAccountCreateSite(res, req, 'User with this email address already exists');
if (error) return sendError(req, res, 'Internal Error');
var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
var auditSource = { ip: ip, username: req.body.email, userId: null };
debug('accountCreate: success for email %s now with id %s', req.body.remail, result.id);
user.create('', generatePassword(), req.body.email, '', auditSource, { sendInvite: true }, function (error, result) {
if (error && error.reason === UserError.ALREADY_EXISTS) return renderAccountCreateSite(res, req, 'User with this email address already exists');
if (error) return sendError(req, res, 'Internal Error');
renderAccountCreateSite(res, req, '', true);
debug('accountCreate: success for email %s now with id %s', req.body.remail, result.id);
renderAccountCreateSite(res, req, '', true);
});
});
}