aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update RegisterController, update username constraints, require atleast one alpha char

Browse Source
pull/5214/head
Daniel Supernault 10 months ago
parent d3ef35fa22
commit dd6e3cc290
No known key found for this signature in database
GPG Key ID: 23740873EE6F76A1
1 changed files with 227 additions and 222 deletions
Show Stats Download Patch File Download Diff File

69
app/Http/Controllers/Auth/RegisterController.php
Unescape Escape View File

@ -3,16 +3,16 @@
namespace App\Http\Controllers\Auth; namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Services\BouncerService;
use App\Services\EmailService;
use App\User; use App\User;
use Purify;
use App\Util\Lexer\RestrictedNames; use App\Util\Lexer\RestrictedNames;
use Illuminate\Auth\Events\Registered;
use Illuminate\Foundation\Auth\RegistersUsers; use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Illuminate\Auth\Events\Registered; use Purify;
use Illuminate\Http\Request;
use App\Services\EmailService;
use App\Services\BouncerService;
class RegisterController extends Controller class RegisterController extends Controller
{ {
@ -48,7 +48,7 @@ class RegisterController extends Controller
public function getRegisterToken() public function getRegisterToken()
{ {
return \Cache::remember('pf:register:rt', 900, function() { return \Cache::remember('pf:register:rt', 900, function () {
return str_random(40); return str_random(40);
}); });
} }
@ -56,13 +56,12 @@ class RegisterController extends Controller
/** /**
* Get a validator for an incoming registration request. * Get a validator for an incoming registration request.
* *
* @param array $data
* *
* @return \Illuminate\Contracts\Validation\Validator * @return \Illuminate\Contracts\Validation\Validator
*/ */
public function validator(array $data) public function validator(array $data)
{ {
if(config('database.default') == 'pgsql') { if (config('database.default') == 'pgsql') {
$data['username'] = strtolower($data['username']); $data['username'] = strtolower($data['username']);
$data['email'] = strtolower($data['email']); $data['email'] = strtolower($data['email']);
} }
@ -77,27 +76,31 @@ class RegisterController extends Controller
$underscore = substr_count($value, '_'); $underscore = substr_count($value, '_');
$period = substr_count($value, '.'); $period = substr_count($value, '.');
if(ends_with($value, ['.php', '.js', '.css'])) { if (ends_with($value, ['.php', '.js', '.css'])) {
return $fail('Username is invalid.'); return $fail('Username is invalid.');
} }
if(($dash + $underscore + $period) > 1) { if (($dash + $underscore + $period) > 1) {
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).'); return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
} }
if (!ctype_alnum($value[0])) { if (! ctype_alnum($value[0])) {
return $fail('Username is invalid. Must start with a letter or number.'); return $fail('Username is invalid. Must start with a letter or number.');
} }
if (!ctype_alnum($value[strlen($value) - 1])) { if (! ctype_alnum($value[strlen($value) - 1])) {
return $fail('Username is invalid. Must end with a letter or number.'); return $fail('Username is invalid. Must end with a letter or number.');
} }
$val = str_replace(['_', '.', '-'], '', $value); $val = str_replace(['_', '.', '-'], '', $value);
if(!ctype_alnum($val)) { if (! ctype_alnum($val)) {
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).'); return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
} }
if (! preg_match('/[a-zA-Z]/', $value)) {
return $fail('Username is invalid. Must contain at least one alphabetical character.');
}
$restricted = RestrictedNames::get(); $restricted = RestrictedNames::get();
if (in_array(strtolower($value), array_map('strtolower', $restricted))) { if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
return $fail('Username cannot be used.'); return $fail('Username cannot be used.');
@ -113,7 +116,7 @@ class RegisterController extends Controller
'unique:users', 'unique:users',
function ($attribute, $value, $fail) { function ($attribute, $value, $fail) {
$banned = EmailService::isBanned($value); $banned = EmailService::isBanned($value);
if($banned) { if ($banned) {
return $fail('Email is invalid.'); return $fail('Email is invalid.');
} }
}, },
@ -122,10 +125,10 @@ class RegisterController extends Controller
$rt = [ $rt = [
'required', 'required',
function ($attribute, $value, $fail) { function ($attribute, $value, $fail) {
if($value !== $this->getRegisterToken()) { if ($value !== $this->getRegisterToken()) {
return $fail('Something went wrong'); return $fail('Something went wrong');
} }
} },
]; ];
$rules = [ $rules = [
@ -137,7 +140,7 @@ class RegisterController extends Controller
'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed', 'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed',
]; ];
if((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) { if ((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) {
$rules['h-captcha-response'] = 'required|captcha'; $rules['h-captcha-response'] = 'required|captcha';
} }
@ -147,13 +150,12 @@ class RegisterController extends Controller
/** /**
* Create a new user instance after a valid registration. * Create a new user instance after a valid registration.
* *
* @param array $data
* *
* @return \App\User * @return \App\User
*/ */
public function create(array $data) public function create(array $data)
{ {
if(config('database.default') == 'pgsql') { if (config('database.default') == 'pgsql') {
$data['username'] = strtolower($data['username']); $data['username'] = strtolower($data['username']);
$data['email'] = strtolower($data['email']); $data['email'] = strtolower($data['email']);
} }
@ -163,7 +165,7 @@ class RegisterController extends Controller
'username' => $data['username'], 'username' => $data['username'],
'email' => $data['email'], 'email' => $data['email'],
'password' => Hash::make($data['password']), 'password' => Hash::make($data['password']),
'app_register_ip' => request()->ip() 'app_register_ip' => request()->ip(),
]); ]);
} }
@ -174,24 +176,27 @@ class RegisterController extends Controller
*/ */
public function showRegistrationForm() public function showRegistrationForm()
{ {
if((bool) config_cache('pixelfed.open_registration')) { if ((bool) config_cache('pixelfed.open_registration')) {
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { if (config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp(request()->ip()), 404); abort_if(BouncerService::checkIp(request()->ip()), 404);
} }
$hasLimit = config('pixelfed.enforce_max_users'); $hasLimit = config('pixelfed.enforce_max_users');
if($hasLimit) { if ($hasLimit) {
$limit = config('pixelfed.max_users'); $limit = config('pixelfed.max_users');
$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); $count = User::where(function ($q) {
if($limit <= $count) { return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']);
})->count();
if ($limit <= $count) {
return redirect(route('help.instance-max-users-limit')); return redirect(route('help.instance-max-users-limit'));
} }
abort_if($limit <= $count, 404); abort_if($limit <= $count, 404);
return view('auth.register'); return view('auth.register');
} else { } else {
return view('auth.register'); return view('auth.register');
} }
} else { } else {
if((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) { if ((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) {
return redirect('/auth/sign_up'); return redirect('/auth/sign_up');
} else { } else {
abort(404); abort(404);
@ -202,28 +207,28 @@ class RegisterController extends Controller
/** /**
* Handle a registration request for the application. * Handle a registration request for the application.
* *
* @param \Illuminate\Http\Request $request
* @return \Illuminate\Http\Response * @return \Illuminate\Http\Response
*/ */
public function register(Request $request) public function register(Request $request)
{ {
abort_if(config_cache('pixelfed.open_registration') == false, 400); abort_if(config_cache('pixelfed.open_registration') == false, 400);
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { if (config('pixelfed.bouncer.cloud_ips.ban_signups')) {
abort_if(BouncerService::checkIp($request->ip()), 404); abort_if(BouncerService::checkIp($request->ip()), 404);
} }
$hasLimit = config('pixelfed.enforce_max_users'); $hasLimit = config('pixelfed.enforce_max_users');
if($hasLimit) { if ($hasLimit) {
$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); $count = User::where(function ($q) {
return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']);
})->count();
$limit = config('pixelfed.max_users'); $limit = config('pixelfed.max_users');
if($limit && $limit <= $count) { if ($limit && $limit <= $count) {
return redirect(route('help.instance-max-users-limit')); return redirect(route('help.instance-max-users-limit'));
} }
} }
$this->validator($request->all())->validate(); $this->validator($request->all())->validate();
event(new Registered($user = $this->create($request->all()))); event(new Registered($user = $this->create($request->all())));

Write Preview
Loading…
Cancel
Save