aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/middlewares
diff options
context:
space:
mode:
Diffstat (limited to 'server/middlewares')
-rw-r--r--server/middlewares/validators/users.ts93
1 files changed, 78 insertions, 15 deletions
diff --git a/server/middlewares/validators/users.ts b/server/middlewares/validators/users.ts
index b6591c9e1..5f44c3b99 100644
--- a/server/middlewares/validators/users.ts
+++ b/server/middlewares/validators/users.ts
@@ -1,18 +1,25 @@
1import * as Bluebird from 'bluebird'
1import * as express from 'express' 2import * as express from 'express'
2import 'express-validator' 3import 'express-validator'
3import { body, param } from 'express-validator/check' 4import { body, param } from 'express-validator/check'
5import { omit } from 'lodash'
4import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc' 6import { isIdOrUUIDValid } from '../../helpers/custom-validators/misc'
5import { 7import {
6 isAvatarFile, isUserAutoPlayVideoValid, isUserDisplayNSFWValid, isUserPasswordValid, isUserRoleValid, isUserUsernameValid, 8 isAvatarFile,
9 isUserAutoPlayVideoValid,
10 isUserDisplayNSFWValid,
11 isUserPasswordValid,
12 isUserRoleValid,
13 isUserUsernameValid,
7 isUserVideoQuotaValid 14 isUserVideoQuotaValid
8} from '../../helpers/custom-validators/users' 15} from '../../helpers/custom-validators/users'
9import { isVideoExist } from '../../helpers/custom-validators/videos' 16import { isVideoExist } from '../../helpers/custom-validators/videos'
10import { logger } from '../../helpers/logger' 17import { logger } from '../../helpers/logger'
11import { isSignupAllowed } from '../../helpers/utils' 18import { isSignupAllowed } from '../../helpers/utils'
12import { CONSTRAINTS_FIELDS } from '../../initializers' 19import { CONSTRAINTS_FIELDS } from '../../initializers'
20import { Redis } from '../../lib/redis'
13import { UserModel } from '../../models/account/user' 21import { UserModel } from '../../models/account/user'
14import { areValidationErrors } from './utils' 22import { areValidationErrors } from './utils'
15import { omit } from 'lodash'
16 23
17const usersAddValidator = [ 24const usersAddValidator = [
18 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'), 25 body('username').custom(isUserUsernameValid).withMessage('Should have a valid username (lowercase alphanumeric characters)'),
@@ -167,6 +174,49 @@ const ensureUserRegistrationAllowed = [
167 } 174 }
168] 175]
169 176
177const usersAskResetPasswordValidator = [
178 body('email').isEmail().not().isEmpty().withMessage('Should have a valid email'),
179
180 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
181 logger.debug('Checking usersAskResetPassword parameters', { parameters: req.body })
182
183 if (areValidationErrors(req, res)) return
184 const exists = await checkUserEmailExist(req.body.email, res, false)
185 if (!exists) {
186 logger.debug('User with email %s does not exist (asking reset password).', req.body.email)
187 // Do not leak our emails
188 return res.status(204).end()
189 }
190
191 return next()
192 }
193]
194
195const usersResetPasswordValidator = [
196 param('id').isInt().not().isEmpty().withMessage('Should have a valid id'),
197 body('verificationString').not().isEmpty().withMessage('Should have a valid verification string'),
198 body('password').custom(isUserPasswordValid).withMessage('Should have a valid password'),
199
200 async (req: express.Request, res: express.Response, next: express.NextFunction) => {
201 logger.debug('Checking usersResetPassword parameters', { parameters: req.params })
202
203 if (areValidationErrors(req, res)) return
204 if (!await checkUserIdExist(req.params.id, res)) return
205
206 const user = res.locals.user as UserModel
207 const redisVerificationString = await Redis.Instance.getResetPasswordLink(user.id)
208
209 if (redisVerificationString !== req.body.verificationString) {
210 return res
211 .status(403)
212 .send({ error: 'Invalid verification string.' })
213 .end
214 }
215
216 return next()
217 }
218]
219
170// --------------------------------------------------------------------------- 220// ---------------------------------------------------------------------------
171 221
172export { 222export {
@@ -178,24 +228,19 @@ export {
178 usersVideoRatingValidator, 228 usersVideoRatingValidator,
179 ensureUserRegistrationAllowed, 229 ensureUserRegistrationAllowed,
180 usersGetValidator, 230 usersGetValidator,
181 usersUpdateMyAvatarValidator 231 usersUpdateMyAvatarValidator,
232 usersAskResetPasswordValidator,
233 usersResetPasswordValidator
182} 234}
183 235
184// --------------------------------------------------------------------------- 236// ---------------------------------------------------------------------------
185 237
186async function checkUserIdExist (id: number, res: express.Response) { 238function checkUserIdExist (id: number, res: express.Response) {
187 const user = await UserModel.loadById(id) 239 return checkUserExist(() => UserModel.loadById(id), res)
188 240}
189 if (!user) {
190 res.status(404)
191 .send({ error: 'User not found' })
192 .end()
193
194 return false
195 }
196 241
197 res.locals.user = user 242function checkUserEmailExist (email: string, res: express.Response, abortResponse = true) {
198 return true 243 return checkUserExist(() => UserModel.loadByEmail(email), res, abortResponse)
199} 244}
200 245
201async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) { 246async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email: string, res: express.Response) {
@@ -210,3 +255,21 @@ async function checkUserNameOrEmailDoesNotAlreadyExist (username: string, email:
210 255
211 return true 256 return true
212} 257}
258
259async function checkUserExist (finder: () => Bluebird<UserModel>, res: express.Response, abortResponse = true) {
260 const user = await finder()
261
262 if (!user) {
263 if (abortResponse === true) {
264 res.status(404)
265 .send({ error: 'User not found' })
266 .end()
267 }
268
269 return false
270 }
271
272 res.locals.user = user
273
274 return true
275}