Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-09-26 11:19:07 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Fix issue where register page sends username and password as GET parameters.

Browse source
This commit is contained in:
Michael VanOverbeek 2021-12-03 21:36:00 -05:00
commit 868308c574
2 changed files with 66 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

14
ProjectLighthouse/Pages/RegisterForm.cshtml
View file

@ -20,8 +20,20 @@
} }
</script> </script>
<form onsubmit="return onSubmit(this)"> @if (!string.IsNullOrWhiteSpace(Model.Error))
{
<div class="ui negative message">
<div class="header">
Uh oh!
</div>
<p>@Model.Error</p>
</div>
}
<form onsubmit="return onSubmit(this)" method="post">
<div class="ui left labeled input"> <div class="ui left labeled input">
@Html.AntiForgeryToken()
<label for="text" class="ui blue label">Username: </label> <label for="text" class="ui blue label">Username: </label>
<input type="text" name="username" id="text"> <input type="text" name="username" id="text">
</div><br><br> </div><br><br>

48
ProjectLighthouse/Pages/RegisterForm.cshtml.cs
View file

@ -15,24 +15,44 @@ namespace LBPUnion.ProjectLighthouse.Pages
public RegisterForm(Database database) : base(database) public RegisterForm(Database database) : base(database)
{} {}
public string Error { get; private set; }
public bool WasRegisterRequest { get; private set; } public bool WasRegisterRequest { get; private set; }
[UsedImplicitly] [UsedImplicitly]
[SuppressMessage("ReSharper", "SpecifyStringComparison")] [SuppressMessage("ReSharper",
public async Task<IActionResult> OnGet([FromQuery] string username, [FromQuery] string password, [FromQuery] string confirmPassword) "SpecifyStringComparison")]
public async Task<IActionResult> OnPost(string username, string password, string confirmPassword)
{ {
if (!ServerSettings.Instance.RegistrationEnabled) return this.NotFound(); if (!ServerSettings.Instance.RegistrationEnabled) return this.NotFound();
this.WasRegisterRequest = !string.IsNullOrEmpty(username) && !string.IsNullOrEmpty(password) && !string.IsNullOrEmpty(confirmPassword); if (string.IsNullOrWhiteSpace(username))
if (this.WasRegisterRequest)
{ {
if (password != confirmPassword) return this.BadRequest(); this.Error = "The username field is blank.";
return this.Page();
}
bool userExists = await this.Database.Users.FirstOrDefaultAsync(u => u.Username.ToLower() == username.ToLower()) != null; if (string.IsNullOrWhiteSpace(password))
if (userExists) return this.BadRequest(); {
this.Error = "Password field is required.";
return this.Page();
}
User user = await this.Database.CreateUser(username, HashHelper.BCryptHash(password)); if (password != confirmPassword)
{
this.Error = "Passwords do not match!";
return this.Page();
}
bool userExists =
await this.Database.Users.FirstOrDefaultAsync(u => u.Username.ToLower() == username.ToLower()) != null;
if (userExists)
{
this.Error = "The username you've chosen is already taken.";
return this.Page();
}
User user = await this.Database.CreateUser(username,
HashHelper.BCryptHash(password));
WebToken webToken = new() WebToken webToken = new()
{ {
@ -43,11 +63,19 @@ namespace LBPUnion.ProjectLighthouse.Pages
this.Database.WebTokens.Add(webToken); this.Database.WebTokens.Add(webToken);
await this.Database.SaveChangesAsync(); await this.Database.SaveChangesAsync();
this.Response.Cookies.Append("LighthouseToken", webToken.UserToken); this.Response.Cookies.Append("LighthouseToken",
webToken.UserToken);
return this.RedirectToPage(nameof(LandingPage)); return this.RedirectToPage(nameof(LandingPage));
} }
[UsedImplicitly]
[SuppressMessage("ReSharper", "SpecifyStringComparison")]
public IActionResult OnGet()
{
Error = string.Empty;
if (!ServerSettings.Instance.RegistrationEnabled) return this.NotFound();
return this.Page(); return this.Page();
} }
} }