Implement support field in video and video channel

[github/Chocobozzz/PeerTube.git] / server / middlewares / validators / users.ts

diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index b6591c9e1a99c9d4e2857ac2b14dc5e81c8d8b9b..49bc0bb560edb85f5c740b6fe69d8e8b3752c397 100644 (file)
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,18 +1,26 @@
+import * as Bluebird from 'bluebird'
 import * as express from 'express'
 import 'express-validator'
 import { body, param } from 'express-validator/check'
+import { omit } from 'lodash'
 import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
 import {
-  isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid,
+  isAvatarFile,
+  isUserAutoPlayVideoValid,
+  isUserDescriptionValid,
+  isUserDisplayNSFWValid,
+  isUserPasswordValid,
+  isUserRoleValid,
+  isUserUsernameValid,
   isUserVideoQuotaValid
 } from '../../helpers/custom-validators/users'
 import { isVideoExist } from '../../helpers/custom-validators/videos'
 import { logger } from '../../helpers/logger'
 import { isSignupAllowed } from '../../helpers/utils'
 import { CONSTRAINTS_FIELDS } from '../../initializers'
+import { Redis } from '../../lib/redis'
 import { UserModel } from '../../models/account/user'
 import { areValidationErrors } from './utils'
-import { omit } from 'lodash'
 
 const usersAddValidator = [
   body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -90,6 +98,7 @@ const usersUpdateValidator = [
 ]
 
 const usersUpdateMeValidator = [
+  body('description').optional().custom(isUserDescriptionValid).withMessage('Should have a valid description'),
   body('password').optional().custom(isUserPasswordValid).withMessage('Should have a valid password'),
   body('email').optional().isEmail().withMessage('Should have a valid email attribute'),
   body('displayNSFW').optional().custom(isUserDisplayNSFWValid).withMessage('Should have a valid display Not Safe For Work attribute'),
@@ -167,6 +176,49 @@ const ensureUserRegistrationAllowed = [
   }
 ]
 
+const usersAskResetPasswordValidator = [
+  body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body })
+
+    if (areValidationErrors(req, res)) return
+    const exists = await checkUserEmailExist(req.body.email, res, false)
+    if (!exists) {
+      logger.debug('User with email %s does not exist (asking reset password).', req.body.email)
+      // Do not leak our emails
+      return res.status(204).end()
+    }
+
+    return next()
+  }
+]
+
+const usersResetPasswordValidator = [
+  param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
+  body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
+  body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
+
+  async (req: express.Request, res: express.Response, next: express.NextFunction) => {
+    logger.debug('Checking usersResetPassword parameters', { parameters: req.params })
+
+    if (areValidationErrors(req, res)) return
+    if (!await checkUserIdExist(req.params.id, res)) return
+
+    const user = res.locals.user as UserModel
+    const redisVerificationString = await Redis.Instance.getResetPasswordLink(user.id)
+
+    if (redisVerificationString !== req.body.verificationString) {
+      return res
+        .status(403)
+        .send({ error: 'Invalid verification string.' })
+        .end()
+    }
+
+    return next()
+  }
+]
+
 // ---------------------------------------------------------------------------
 
 export {
@@ -178,24 +230,19 @@ export {
   usersVideoRatingValidator,
   ensureUserRegistrationAllowed,
   usersGetValidator,
-  usersUpdateMyAvatarValidator
+  usersUpdateMyAvatarValidator,
+  usersAskResetPasswordValidator,
+  usersResetPasswordValidator
 }
 
 // ---------------------------------------------------------------------------
 
-async function checkUserIdExist (id: number, res: express.Response) {
-  const user = await UserModel.loadById(id)
-
-  if (!user) {
-    res.status(404)
-              .send({ error: 'User not found' })
-              .end()
-
-    return false
-  }
+function checkUserIdExist (id: number, res: express.Response) {
+  return checkUserExist(() => UserModel.loadById(id), res)
+}
 
-  res.locals.user = user
-  return true
+function checkUserEmailExist (email: string, res: express.Response, abortResponse = true) {
+  return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)
 }
 
 async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
@@ -210,3 +257,21 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email:
 
   return true
 }
+
+async function checkUserExist (finder: () => Bluebird<UserModel>, res: express.Response, abortResponse = true) {
+  const user = await finder()
+
+  if (!user) {
+    if (abortResponse === true) {
+      res.status(404)
+        .send({ error: 'User not found' })
+        .end()
+    }
+
+    return false
+  }
+
+  res.locals.user = user
+
+  return true
+}