mirror of
https://gitlab.com/PronounsPage/PronounsPage.git
synced 2025-09-24 05:05:20 -04:00
(bug) #379 Username character limit not respected
This commit is contained in:
Andrea Vos
parent
d14fa7c266
commit
2650952a9c
@ -32,8 +32,8 @@ const isSpam = (email) => {
|
||||
};
|
||||
|
||||
const replaceExtension = (username) => username
|
||||
.replace(/\.(txt|jpg|jpeg|png|pdf|gif|doc|docx|csv|js|css|html)$/i, '_$1')
|
||||
.replace(/\.$/, '')
|
||||
.replace(/\.(txt|jpg|jpeg|png|pdf|gif|doc|docx|csv|js|css|html)$/i, '_$1') // nuxt tries to serve those requests as files, not pages
|
||||
.replace(/\.$/, '_') // trailing dots get ignored by autolinkers on external pages
|
||||
;
|
||||
|
||||
export const saveAuthenticator = async (db, type, user, payload, validForMinutes = null) => {
|
||||
@ -472,24 +472,24 @@ router.post('/user/change-username', handleErrorAsync(async (req, res) => {
|
||||
return res.status(401).json({ error: 'Unauthorised' });
|
||||
}
|
||||
|
||||
if (req.body.username.length < 4 || req.body.username.length > 16 || !req.body.username.match(usernameRegex)) {
|
||||
await auditLog(req, 'auth/change_username_invalid', { requested: req.body.username });
|
||||
const newUsername = replaceExtension(req.body.username);
|
||||
|
||||
if (newUsername.length < 4 || newUsername.length > 16 || !newUsername.match(usernameRegex)) {
|
||||
await auditLog(req, 'auth/change_username_invalid', { requested: newUsername });
|
||||
return res.json({ error: 'user.account.changeUsername.invalid' });
|
||||
}
|
||||
|
||||
req.body.username = replaceExtension(req.body.username);
|
||||
|
||||
const dbUser = await req.db.get(SQL`SELECT * FROM users WHERE usernameNorm = ${normalise(req.body.username)}`);
|
||||
const dbUser = await req.db.get(SQL`SELECT * FROM users WHERE usernameNorm = ${normalise(newUsername)}`);
|
||||
if (dbUser && dbUser.id !== req.user.id) {
|
||||
await auditLog(req, 'auth/change_username_taken', { requested: req.body.username });
|
||||
await auditLog(req, 'auth/change_username_taken', { requested: newUsername });
|
||||
return res.json({ error: 'user.account.changeUsername.taken' });
|
||||
}
|
||||
|
||||
await req.db.get(SQL`UPDATE users SET username = ${req.body.username}, usernameNorm = ${normalise(req.body.username)} WHERE id = ${req.user.id}`);
|
||||
await req.db.get(SQL`UPDATE users SET username = ${newUsername}, usernameNorm = ${normalise(newUsername)} WHERE id = ${req.user.id}`);
|
||||
|
||||
await resetCards(req.db, req.user.id);
|
||||
|
||||
await auditLog(req, 'auth/changed_username', { newUsername: req.body.username });
|
||||
await auditLog(req, 'auth/changed_username', { newUsername });
|
||||
|
||||
return res.json({ token: await issueAuthentication(req.db, req.user) });
|
||||
}));
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user