diff options
Diffstat (limited to 'server/middlewares/validators/users.ts')
-rw-r--r-- | server/middlewares/validators/users.ts | 46 |
1 files changed, 45 insertions, 1 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts index 6c5e783e9..a595c39ec 100644 --- a/server/middlewares/validators/users.ts +++ b/server/middlewares/validators/users.ts | |||
@@ -248,6 +248,48 @@ const usersResetPasswordValidator = [ | |||
248 | } | 248 | } |
249 | ] | 249 | ] |
250 | 250 | ||
251 | const usersAskSendVerifyEmailValidator = [ | ||
252 | body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'), | ||
253 | |||
254 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
255 | logger.debug('Checking askUsersSendVerifyEmail parameters', { parameters: req.body }) | ||
256 | |||
257 | if (areValidationErrors(req, res)) return | ||
258 | const exists = await checkUserEmailExist(req.body.email, res, false) | ||
259 | if (!exists) { | ||
260 | logger.debug('User with email %s does not exist (asking verify email).', req.body.email) | ||
261 | // Do not leak our emails | ||
262 | return res.status(204).end() | ||
263 | } | ||
264 | |||
265 | return next() | ||
266 | } | ||
267 | ] | ||
268 | |||
269 | const usersVerifyEmailValidator = [ | ||
270 | param('id').isInt().not().isEmpty().withMessage('Should have a valid id'), | ||
271 | body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'), | ||
272 | |||
273 | async (req: express.Request, res: express.Response, next: express.NextFunction) => { | ||
274 | logger.debug('Checking usersVerifyEmail parameters', { parameters: req.params }) | ||
275 | |||
276 | if (areValidationErrors(req, res)) return | ||
277 | if (!await checkUserIdExist(req.params.id, res)) return | ||
278 | |||
279 | const user = res.locals.user as UserModel | ||
280 | const redisVerificationString = await Redis.Instance.getVerifyEmailLink(user.id) | ||
281 | |||
282 | if (redisVerificationString !== req.body.verificationString) { | ||
283 | return res | ||
284 | .status(403) | ||
285 | .send({ error: 'Invalid verification string.' }) | ||
286 | .end() | ||
287 | } | ||
288 | |||
289 | return next() | ||
290 | } | ||
291 | ] | ||
292 | |||
251 | // --------------------------------------------------------------------------- | 293 | // --------------------------------------------------------------------------- |
252 | 294 | ||
253 | export { | 295 | export { |
@@ -263,7 +305,9 @@ export { | |||
263 | ensureUserRegistrationAllowedForIP, | 305 | ensureUserRegistrationAllowedForIP, |
264 | usersGetValidator, | 306 | usersGetValidator, |
265 | usersAskResetPasswordValidator, | 307 | usersAskResetPasswordValidator, |
266 | usersResetPasswordValidator | 308 | usersResetPasswordValidator, |
309 | usersAskSendVerifyEmailValidator, | ||
310 | usersVerifyEmailValidator | ||
267 | } | 311 | } |
268 | 312 | ||
269 | // --------------------------------------------------------------------------- | 313 | // --------------------------------------------------------------------------- |