Union/ProjectLighthouse
1
0
Fork 0
mirror of https://github.com/LBPUnion/ProjectLighthouse.git synced 2025-05-12 21:02:27 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Don't issue registration tokens for names that already exist

Browse source
This commit is contained in:
Slendy 2022-11-13 22:17:41 -06:00
parent 75de1d0faa
commit e67abe0164
No known key found for this signature in database
GPG key ID: 7288D68361B91428
2 changed files with 21 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

6
ProjectLighthouse.Servers.API/Controllers/UserEndpoints.cs
View file

@ -83,6 +83,12 @@ public class UserEndpoints : ApiEndpointController
APIKey? apiKey = await this.database.APIKeys.FirstOrDefaultAsync(k => k.Key == authToken); APIKey? apiKey = await this.database.APIKeys.FirstOrDefaultAsync(k => k.Key == authToken);
if (apiKey == null) return this.StatusCode(403, null); if (apiKey == null) return this.StatusCode(403, null);
if (!string.IsNullOrWhiteSpace(username))
{
bool userExists = await this.database.Users.AnyAsync(u => u.Username == username);
if (userExists) return this.BadRequest();
}
RegistrationToken token = new() RegistrationToken token = new()
{ {
Created = DateTime.Now, Created = DateTime.Now,

20
ProjectLighthouse.Servers.Website/Pages/RegisterForm.cshtml.cs
View file

@ -29,10 +29,16 @@ public class RegisterForm : BaseLayout
{ {
if (this.Request.Query.ContainsKey("token")) if (this.Request.Query.ContainsKey("token"))
{ {
if (!this.Database.IsRegistrationTokenValid(this.Request.Query["token"])) string token = this.Request.Query["token"];
if (!this.Database.IsRegistrationTokenValid(token))
return this.StatusCode(403, this.Translate(ErrorStrings.TokenInvalid)); return this.StatusCode(403, this.Translate(ErrorStrings.TokenInvalid));
username = (await this.Database.RegistrationTokens.FirstAsync(r => r.Token == this.Request.Query["token"].ToString())).Username; string? tokenUsername = await this.Database.RegistrationTokens.Where(r => r.Token == token)
.Select(u => u.Username)
.FirstOrDefaultAsync();
if (tokenUsername == null) return this.BadRequest();
username = tokenUsername;
} }
else else
{ {
@ -113,17 +119,21 @@ public class RegisterForm : BaseLayout
[UsedImplicitly] [UsedImplicitly]
[SuppressMessage("ReSharper", "SpecifyStringComparison")] [SuppressMessage("ReSharper", "SpecifyStringComparison")]
public IActionResult OnGet() public async Task<IActionResult> OnGet()
{ {
this.Error = string.Empty; this.Error = string.Empty;
if (ServerConfiguration.Instance.Authentication.PrivateRegistration) if (ServerConfiguration.Instance.Authentication.PrivateRegistration)
{ {
if (this.Request.Query.ContainsKey("token")) if (this.Request.Query.ContainsKey("token"))
{ {
if (!this.Database.IsRegistrationTokenValid(this.Request.Query["token"])) string token = this.Request.Query["token"];
if (!this.Database.IsRegistrationTokenValid(token))
return this.StatusCode(403, this.Translate(ErrorStrings.TokenInvalid)); return this.StatusCode(403, this.Translate(ErrorStrings.TokenInvalid));
this.Username = this.Database.RegistrationTokens.First(r => r.Token == this.Request.Query["token"].ToString()).Username; string? tokenUsername = await this.Database.RegistrationTokens.Where(r => r.Token == token)
.Select(u => u.Username)
.FirstAsync();
this.Username = tokenUsername;
} }
else else
{ {