jjkiers/cloudron-box
1
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Validate user account input during account setup

Browse Source
This commit is contained in:
Johannes Zellner
2025-08-08 10:07:14 +02:00
parent 6a5cd698a4
commit 3ea9192f79
1 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/users.js
View File

@@ -887,19 +887,33 @@ async function setupAccount(user, data, auditSource) {
assert.strictEqual(typeof data, 'object');
assert(auditSource && typeof auditSource === 'object');
const profileConfig = await userDirectory.getProfileConfig();
const tmp = { inviteToken: '' };
if (profileConfig.lockUserProfiles) {
if (!user.username) throw new BoxError(BoxError.CONFLICT, 'Account cannot be setup without a username'); // error out if admin has not provided a username
} else {
if (data.username) tmp.username = data.username;
if (data.displayName) tmp.displayName = data.displayName;
if (data.username) {
const error = validateUsername(data.username);
if (error) throw error;
tmp.username = data.username;
}
if (data.displayName) {
const error = validateDisplayName(data.displayName);
if (error) throw error;
tmp.displayName = data.displayName;
}
const error = validatePassword(data.password);
if (error) throw error;
const profileConfig = await userDirectory.getProfileConfig();
// error out if admin has not provided a username
if (profileConfig.lockUserProfiles && !user.username) {
throw new BoxError(BoxError.CONFLICT, 'Account cannot be setup without a username');
}
await update(user, tmp, auditSource);
await setPassword(user, data.password, auditSource);
const token = { clientId: oidcClients.ID_WEBADMIN, identifier: user.id, expires: Date.now() + constants.DEFAULT_TOKEN_EXPIRATION_MSECS, allowedIpRanges: '' };