Server side checking of user input before allowing signup.

2015-03-09 18:35:56 +09:00
parent 3bfad2e272
commit 64d1c4a908
1 changed files with 422 additions and 392 deletions
--- a/controllers/user.js
+++ b/controllers/user.js
@ -7,10 +7,10 @@ var _ = require('lodash'),
    secrets = require('../config/secrets'),
    moment = require('moment'),
    Challenge = require('./../models/Challenge'),
-    debug = require('debug')('freecc:cntr:challenges')
+    debug = require('debug')('freecc:cntr:challenges'),
    resources = require('./resources');

-//TODO(Berks): Refactor to use module.exports = {} pattern.
+

 /**
 * GET /signin
@ -99,9 +99,25 @@ exports.postEmailSignup = function(req, res, next) {
    if (errors) {
        req.flash('errors', errors);
        return res.redirect('/email-signup');
-    debug(errors);
    }

+    var possibleUserData = req.body;
+
+    if (possibleUserData.password.length < 5) {
+        req.flash('errors', {
+            msg: 'Your password is too short'
+        });
+        return res.redirect('email-signup');
+    }
+
+    if (possibleUserData.username.length < 8 || possibleUserData.length > 20) {
+        req.flash('errors', {
+            msg: 'Your username must be between 5 and 20 characters'
+        });
+        return res.redirect('email-signup');
+    }
+
+
    var user = new User({
        email: req.body.email.trim(),
        password: req.body.password,
@ -111,18 +127,30 @@ exports.postEmailSignup = function(req, res, next) {
        }
    });

-  User.findOne({ email: req.body.email }, function(err, existingUser) {
-    if (err) { return next(err); }
+    User.findOne({ email: req.body.email }, function(err, existingEmail) {
+        if (err) {
+            return next(err);
+        }

-    if (existingUser) {
+        if (existingEmail) {
            req.flash('errors', {
                msg: 'Account with that email address already exists.'
            });
            return res.redirect('/email-signup');
        }
+        User.findOne({'profile.username': req.body.username }, function(err, existingUsername) {
+            if (err) {
+                return next(err);
+            }
+            if (existingUsername) {
+                req.flash('errors', {
+                    msg: 'Account with that username already exists.'
+                });
+                return res.redirect('/email-signup');
+            }
+
            user.save(function(err) {
                if (err) { return next(err); }
-
                req.logIn(user, function(err) {
                    if (err) { return next(err); }
                    res.redirect('/email-signup');
@ -152,6 +180,7 @@ exports.postEmailSignup = function(req, res, next) {
                if (err) { return err; }
            });
        });
+    });
 };

 /**
@ -169,7 +198,7 @@ exports.getAccount = function(req, res) {
 * Angular API Call
 */

- exports.getAccountAngular = function(req, res) {
+exports.getAccountAngular = function(req, res) {
    res.json({
        user: req.user
    });
@ -292,6 +321,8 @@ exports.updateProgress = function(req, res) {
 */

 exports.postUpdateProfile = function(req, res, next) {
+
+    // What does this do?
    User.findById(req.user.id, function(err, user) {
        if (err) return next(err);
        var errors = req.validationErrors();
@ -322,7 +353,6 @@ exports.postUpdateProfile = function(req, res, next) {
                    });
                    return res.redirect('/account');
                }
-        var user = req.user;
                user.email = req.body.email.trim() || '';
                user.profile.name = req.body.name.trim() || '';
                user.profile.username = req.body.username.trim() || '';