Fix issue where register page sends username and password as GET parameters.

2025-09-25 10:49:01 +00:00 · 2021-12-03 21:36:00 -05:00 · 2021-12-03 21:36:00 -05:00 · 868308c574
commit 868308c574
parent a40e9ea140
2 changed files with 66 additions and 26 deletions
--- a/ProjectLighthouse/Pages/RegisterForm.cshtml
+++ b/ProjectLighthouse/Pages/RegisterForm.cshtml
@ -20,8 +20,20 @@
    }
 </script>

-<form onsubmit="return onSubmit(this)">
+@if (!string.IsNullOrWhiteSpace(Model.Error))
+{
+    <div class="ui negative message">
+        <div class="header">
+            Uh oh!
+        </div>    
+        <p>@Model.Error</p>
+    </div>
+}
+
+<form onsubmit="return onSubmit(this)" method="post">
    <div class="ui left labeled input">
+        @Html.AntiForgeryToken()
+
        <label for="text" class="ui blue label">Username: </label>
        <input type="text" name="username" id="text">
    </div><br><br>
--- a/ProjectLighthouse/Pages/RegisterForm.cshtml.cs
+++ b/ProjectLighthouse/Pages/RegisterForm.cshtml.cs
@ -14,40 +14,68 @@ namespace LBPUnion.ProjectLighthouse.Pages
    {
        public RegisterForm(Database database) : base(database)
        {}
-
+        
+        public string Error { get; private set; }
        public bool WasRegisterRequest { get; private set; }

        [UsedImplicitly]
-        [SuppressMessage("ReSharper", "SpecifyStringComparison")]
-        public async Task<IActionResult> OnGet([FromQuery] string username, [FromQuery] string password, [FromQuery] string confirmPassword)
+        [SuppressMessage("ReSharper",
+            "SpecifyStringComparison")]
+        public async Task<IActionResult> OnPost(string username, string password, string confirmPassword)
        {
            if (!ServerSettings.Instance.RegistrationEnabled) return this.NotFound();

-            this.WasRegisterRequest = !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(confirmPassword);
-
-            if (this.WasRegisterRequest)
+            if (string.IsNullOrWhiteSpace(username))
            {
-                if (password != confirmPassword) return this.BadRequest();
-
-                bool userExists = await this.Database.Users.FirstOrDefaultAsync(u => u.Username.ToLower() == username.ToLower()) != null;
-                if (userExists) return this.BadRequest();
-
-                User user = await this.Database.CreateUser(username, HashHelper.BCryptHash(password));
-
-                WebToken webToken = new()
-                {
-                    UserId = user.UserId,
-                    UserToken = HashHelper.GenerateAuthToken(),
-                };
-
-                this.Database.WebTokens.Add(webToken);
-                await this.Database.SaveChangesAsync();
-
-                this.Response.Cookies.Append("LighthouseToken", webToken.UserToken);
-
-                return this.RedirectToPage(nameof(LandingPage));
+                this.Error = "The username field is blank.";
+                return this.Page();
            }

+            if (string.IsNullOrWhiteSpace(password))
+            {
+                this.Error = "Password field is required.";
+                return this.Page();
+            }
+
+            if (password != confirmPassword)
+            {
+                this.Error = "Passwords do not match!";
+                return this.Page();
+            }
+
+            bool userExists =
+                await this.Database.Users.FirstOrDefaultAsync(u => u.Username.ToLower() == username.ToLower()) != null;
+            if (userExists)
+            {
+                this.Error = "The username you've chosen is already taken.";
+                return this.Page();
+            }
+
+            User user = await this.Database.CreateUser(username,
+                HashHelper.BCryptHash(password));
+
+            WebToken webToken = new()
+            {
+                UserId = user.UserId,
+                UserToken = HashHelper.GenerateAuthToken(),
+            };
+
+            this.Database.WebTokens.Add(webToken);
+            await this.Database.SaveChangesAsync();
+
+            this.Response.Cookies.Append("LighthouseToken",
+                webToken.UserToken);
+
+            return this.RedirectToPage(nameof(LandingPage));
+        }
+
+        [UsedImplicitly]
+        [SuppressMessage("ReSharper", "SpecifyStringComparison")]
+        public IActionResult OnGet()
+        {
+            Error = string.Empty;
+            if (!ServerSettings.Instance.RegistrationEnabled) return this.NotFound();
+
            return this.Page();
        }
    }