From b39c26153b3e54607b1a865d59e12c7d4db1e23f Mon Sep 17 00:00:00 2001 From: Bryan Ashby Date: Mon, 25 Jul 2016 10:49:41 -0600 Subject: [PATCH] * Don't allow pure numbers as usernames (e.g. "1234") * Minor code cleanup --- core/system_view_validate.js | 46 ++++++++++++++++++++---------------- 1 file changed, 26 insertions(+), 20 deletions(-) diff --git a/core/system_view_validate.js b/core/system_view_validate.js index 4508f18a..354774f7 100644 --- a/core/system_view_validate.js +++ b/core/system_view_validate.js @@ -1,5 +1,9 @@ -var user = require('./user.js'); -var Config = require('./config.js').config; +/* jslint node: true */ +'use strict'; + +// ENiGMA½ +const user = require('./user.js'); +const Config = require('./config.js').config; exports.validateNonEmpty = validateNonEmpty; exports.validateMessageSubject = validateMessageSubject; @@ -10,34 +14,36 @@ exports.validateBirthdate = validateBirthdate; exports.validatePasswordSpec = validatePasswordSpec; function validateNonEmpty(data, cb) { - cb(data && data.length > 0 ? null : new Error('Field cannot be empty')); + return cb(data && data.length > 0 ? null : new Error('Field cannot be empty')); } function validateMessageSubject(data, cb) { - cb(data && data.length > 1 ? null : new Error('Subject too short')); + return cb(data && data.length > 1 ? null : new Error('Subject too short')); } function validateUserNameAvail(data, cb) { - if(data.length < Config.users.usernameMin) { + if(!data || data.length < Config.users.usernameMin) { cb(new Error('Username too short')); } else if(data.length > Config.users.usernameMax) { // generally should be unreached due to view restraints - cb(new Error('Username too long')); + return cb(new Error('Username too long')); } else { - var usernameRegExp = new RegExp(Config.users.usernamePattern); - var invalidNames = Config.users.newUserNames + Config.users.badUserNames; + const usernameRegExp = new RegExp(Config.users.usernamePattern); + const invalidNames = Config.users.newUserNames + Config.users.badUserNames; if(!usernameRegExp.test(data)) { - cb(new Error('Username contains invalid characters')); + return cb(new Error('Username contains invalid characters')); } else if(invalidNames.indexOf(data.toLowerCase()) > -1) { - cb(new Error('Username is blacklisted')); + return cb(new Error('Username is blacklisted')); + } else if(/^[0-9]+$/.test(data)) { + return cb(new Error('Username cannot be a number')); } else { user.getUserIdAndName(data, function userIdAndName(err) { if(!err) { // err is null if we succeeded -- meaning this user exists already - cb(new Error('Userame unavailable')); - } else { - cb(null); + return cb(new Error('Userame unavailable')); } + + return cb(null); }); } } @@ -69,28 +75,28 @@ function validateEmailAvail(data, cb) { // // See http://stackoverflow.com/questions/7786058/find-the-regex-used-by-html5-forms-for-validation // - var emailRegExp = /[a-z0-9!#$%&'*+\/=?^_`{|}~.-]+@[a-z0-9-]+(.[a-z0-9-]+)*/; + const emailRegExp = /[a-z0-9!#$%&'*+\/=?^_`{|}~.-]+@[a-z0-9-]+(.[a-z0-9-]+)*/; if(!emailRegExp.test(data)) { return cb(new Error('Invalid email address')); } user.getUserIdsWithProperty('email_address', data, function userIdsWithEmail(err, uids) { if(err) { - cb(new Error('Internal system error')); + return cb(new Error('Internal system error')); } else if(uids.length > 0) { - cb(new Error('Email address not unique')); - } else { - cb(null); + return cb(new Error('Email address not unique')); } + + return cb(null); }); } function validateBirthdate(data, cb) { // :TODO: check for dates in the future, or > reasonable values - cb(isNaN(Date.parse(data)) ? new Error('Invalid birthdate') : null); + return cb(isNaN(Date.parse(data)) ? new Error('Invalid birthdate') : null); } function validatePasswordSpec(data, cb) { - cb((!data || data.length < Config.users.passwordMin) ? new Error('Password too short') : null); + return cb((!data || data.length < Config.users.passwordMin) ? new Error('Password too short') : null); }