From 1c2646635fb529e2cd42e02ac2a4ca4ca635b27b Mon Sep 17 00:00:00 2001 From: ameagher Date: Sun, 14 Sep 2014 15:48:09 -0400 Subject: [PATCH 1/3] Prevent entryCreateUser from being used when forbidClientAccountCreation is enabled --- client/views/signUp/signUp.coffee | 215 +++++++++++++++--------------- server/entry.coffee | 41 +++--- 2 files changed, 129 insertions(+), 127 deletions(-) diff --git a/client/views/signUp/signUp.coffee b/client/views/signUp/signUp.coffee index 8a253d66..00a2061b 100644 --- a/client/views/signUp/signUp.coffee +++ b/client/views/signUp/signUp.coffee @@ -48,119 +48,120 @@ AccountsEntry.entrySignUpHelpers = { Session.get('email') } -AccountsEntry.entrySignUpEvents = { - 'submit #signUp': (event, t) -> - event.preventDefault() - - username = - if t.find('input[name="username"]') - t.find('input[name="username"]').value.toLowerCase() - else - undefined - if username and AccountsEntry.settings.usernameToLower then username = username.toLowerCase() - - signupCode = - if t.find('input[name="signupCode"]') - t.find('input[name="signupCode"]').value - else - undefined - - trimInput = (val)-> - val.replace /^\s*|\s*$/g, "" - - email = - if t.find('input[type="email"]') - trimInput t.find('input[type="email"]').value - else - undefined - if AccountsEntry.settings.emailToLower and email then email = email.toLowerCase() - - formValues = SimpleForm.processForm(event.target) - extraFields = _.pluck(AccountsEntry.settings.extraSignUpFields, 'field') - filteredExtraFields = _.pick(formValues, extraFields) - password = t.find('input[type="password"]').value - - fields = AccountsEntry.settings.passwordSignupFields - - - passwordErrors = do (password)-> - errMsg = [] - msg = false - if password.length < 7 - errMsg.push t9n("error.minChar") - if password.search(/[a-z]/i) < 0 - errMsg.push t9n("error.pwOneLetter") - if password.search(/[0-9]/) < 0 - errMsg.push t9n("error.pwOneDigit") - - if errMsg.length > 0 - msg = "" - errMsg.forEach (e) -> - msg = msg.concat "#{e}\r\n" - - Session.set 'entryError', msg - return true +if !Accounts._options.forbidClientAccountCreation + AccountsEntry.entrySignUpEvents = { + 'submit #signUp': (event, t) -> + event.preventDefault() + + username = + if t.find('input[name="username"]') + t.find('input[name="username"]').value.toLowerCase() + else + undefined + if username and AccountsEntry.settings.usernameToLower then username = username.toLowerCase() + + signupCode = + if t.find('input[name="signupCode"]') + t.find('input[name="signupCode"]').value + else + undefined + + trimInput = (val)-> + val.replace /^\s*|\s*$/g, "" + + email = + if t.find('input[type="email"]') + trimInput t.find('input[type="email"]').value + else + undefined + if AccountsEntry.settings.emailToLower and email then email = email.toLowerCase() + + formValues = SimpleForm.processForm(event.target) + extraFields = _.pluck(AccountsEntry.settings.extraSignUpFields, 'field') + filteredExtraFields = _.pick(formValues, extraFields) + password = t.find('input[type="password"]').value + + fields = AccountsEntry.settings.passwordSignupFields + + + passwordErrors = do (password)-> + errMsg = [] + msg = false + if password.length < 7 + errMsg.push t9n("error.minChar") + if password.search(/[a-z]/i) < 0 + errMsg.push t9n("error.pwOneLetter") + if password.search(/[0-9]/) < 0 + errMsg.push t9n("error.pwOneDigit") + + if errMsg.length > 0 + msg = "" + errMsg.forEach (e) -> + msg = msg.concat "#{e}\r\n" + + Session.set 'entryError', msg + return true + + return false + + if passwordErrors then return + + emailRequired = _.contains([ + 'USERNAME_AND_EMAIL', + 'EMAIL_ONLY'], fields) + + usernameRequired = _.contains([ + 'USERNAME_AND_EMAIL', + 'USERNAME_ONLY'], fields) + + if usernameRequired && username.length is 0 + Session.set('entryError', t9n("error.usernameRequired")) + return - return false + if username && AccountsEntry.isStringEmail(username) + Session.set('entryError', t9n("error.usernameIsEmail")) + return - if passwordErrors then return + if emailRequired && email.length is 0 + Session.set('entryError', t9n("error.emailRequired")) + return - emailRequired = _.contains([ - 'USERNAME_AND_EMAIL', - 'EMAIL_ONLY'], fields) + if AccountsEntry.settings.showSignupCode && signupCode.length is 0 + Session.set('entryError', t9n("error.signupCodeRequired")) + return - usernameRequired = _.contains([ - 'USERNAME_AND_EMAIL', - 'USERNAME_ONLY'], fields) - if usernameRequired && username.length is 0 - Session.set('entryError', t9n("error.usernameRequired")) - return - - if username && AccountsEntry.isStringEmail(username) - Session.set('entryError', t9n("error.usernameIsEmail")) - return - - if emailRequired && email.length is 0 - Session.set('entryError', t9n("error.emailRequired")) - return - - if AccountsEntry.settings.showSignupCode && signupCode.length is 0 - Session.set('entryError', t9n("error.signupCodeRequired")) - return - - - Meteor.call 'entryValidateSignupCode', signupCode, (err, valid) -> - if valid - newUserData = - username: username - email: email - password: AccountsEntry.hashPassword(password) - profile: filteredExtraFields - Meteor.call 'entryCreateUser', newUserData, (err, data) -> - if err - console.log err - T9NHelper.accountsError err - return - #login on client - isEmailSignUp = _.contains([ - 'USERNAME_AND_EMAIL', - 'EMAIL_ONLY'], AccountsEntry.settings.passwordSignupFields) - userCredential = if isEmailSignUp then email else username - Meteor.loginWithPassword userCredential, password, (error) -> - if error + Meteor.call 'entryValidateSignupCode', signupCode, (err, valid) -> + if valid + newUserData = + username: username + email: email + password: AccountsEntry.hashPassword(password) + profile: filteredExtraFields + Meteor.call 'entryCreateUser', newUserData, (err, data) -> + if err console.log err - T9NHelper.accountsError error - else if Session.get 'fromWhere' - Router.go Session.get('fromWhere') - Session.set 'fromWhere', undefined - else - Router.go AccountsEntry.settings.dashboardRoute - else - console.log err - Session.set 'entryError', t9n("error.signupCodeIncorrect") - return -} + T9NHelper.accountsError err + return + #login on client + isEmailSignUp = _.contains([ + 'USERNAME_AND_EMAIL', + 'EMAIL_ONLY'], AccountsEntry.settings.passwordSignupFields) + userCredential = if isEmailSignUp then email else username + Meteor.loginWithPassword userCredential, password, (error) -> + if error + console.log err + T9NHelper.accountsError error + else if Session.get 'fromWhere' + Router.go Session.get('fromWhere') + Session.set 'fromWhere', undefined + else + Router.go AccountsEntry.settings.dashboardRoute + else + console.log err + Session.set 'entryError', t9n("error.signupCodeIncorrect") + return + } Template.entrySignUp.helpers(AccountsEntry.entrySignUpHelpers) diff --git a/server/entry.coffee b/server/entry.coffee index fd467daf..987a0052 100644 --- a/server/entry.coffee +++ b/server/entry.coffee @@ -10,24 +10,25 @@ Meteor.startup -> @AccountsEntry = AccountsEntry - Meteor.methods - entryValidateSignupCode: (signupCode) -> - check signupCode, Match.OneOf(String, null, undefined) - not AccountsEntry.settings.signupCode or signupCode is AccountsEntry.settings.signupCode + if !Accounts._options.forbidClientAccountCreation + Meteor.methods + entryValidateSignupCode: (signupCode) -> + check signupCode, Match.OneOf(String, null, undefined) + not AccountsEntry.settings.signupCode or signupCode is AccountsEntry.settings.signupCode - entryCreateUser: (user) -> - check user, Object - profile = AccountsEntry.settings.defaultProfile || {} - if user.username - userId = Accounts.createUser - username: user.username, - email: user.email, - password: user.password, - profile: _.extend(profile, user.profile) - else - userId = Accounts.createUser - email: user.email - password: user.password - profile: _.extend(profile, user.profile) - if (user.email && Accounts._options.sendVerificationEmail) - Accounts.sendVerificationEmail(userId, user.email) + entryCreateUser: (user) -> + check user, Object + profile = AccountsEntry.settings.defaultProfile || {} + if user.username + userId = Accounts.createUser + username: user.username, + email: user.email, + password: user.password, + profile: _.extend(profile, user.profile) + else + userId = Accounts.createUser + email: user.email + password: user.password + profile: _.extend(profile, user.profile) + if (user.email && Accounts._options.sendVerificationEmail) + Accounts.sendVerificationEmail(userId, user.email) From 5215d6be801d4fbe5f5b4f62915b0a577893cb1b Mon Sep 17 00:00:00 2001 From: ameagher Date: Sat, 20 Sep 2014 18:51:23 -0400 Subject: [PATCH 2/3] Moved forbidClientAccountCreation checks inside functions instead of preventing their declarations. --- client/views/signUp/signUp.coffee | 216 +++++++++++++++--------------- server/entry.coffee | 44 +++--- 2 files changed, 132 insertions(+), 128 deletions(-) diff --git a/client/views/signUp/signUp.coffee b/client/views/signUp/signUp.coffee index 00a2061b..c4f844bb 100644 --- a/client/views/signUp/signUp.coffee +++ b/client/views/signUp/signUp.coffee @@ -48,119 +48,121 @@ AccountsEntry.entrySignUpHelpers = { Session.get('email') } -if !Accounts._options.forbidClientAccountCreation - AccountsEntry.entrySignUpEvents = { - 'submit #signUp': (event, t) -> - event.preventDefault() - - username = - if t.find('input[name="username"]') - t.find('input[name="username"]').value.toLowerCase() - else - undefined - if username and AccountsEntry.settings.usernameToLower then username = username.toLowerCase() - - signupCode = - if t.find('input[name="signupCode"]') - t.find('input[name="signupCode"]').value - else - undefined - - trimInput = (val)-> - val.replace /^\s*|\s*$/g, "" - - email = - if t.find('input[type="email"]') - trimInput t.find('input[type="email"]').value - else - undefined - if AccountsEntry.settings.emailToLower and email then email = email.toLowerCase() - - formValues = SimpleForm.processForm(event.target) - extraFields = _.pluck(AccountsEntry.settings.extraSignUpFields, 'field') - filteredExtraFields = _.pick(formValues, extraFields) - password = t.find('input[type="password"]').value - - fields = AccountsEntry.settings.passwordSignupFields - - - passwordErrors = do (password)-> - errMsg = [] - msg = false - if password.length < 7 - errMsg.push t9n("error.minChar") - if password.search(/[a-z]/i) < 0 - errMsg.push t9n("error.pwOneLetter") - if password.search(/[0-9]/) < 0 - errMsg.push t9n("error.pwOneDigit") - - if errMsg.length > 0 - msg = "" - errMsg.forEach (e) -> - msg = msg.concat "#{e}\r\n" - - Session.set 'entryError', msg - return true - - return false - - if passwordErrors then return - - emailRequired = _.contains([ - 'USERNAME_AND_EMAIL', - 'EMAIL_ONLY'], fields) - - usernameRequired = _.contains([ - 'USERNAME_AND_EMAIL', - 'USERNAME_ONLY'], fields) - - if usernameRequired && username.length is 0 - Session.set('entryError', t9n("error.usernameRequired")) - return +AccountsEntry.entrySignUpEvents = { + 'submit #signUp': (event, t) -> + event.preventDefault() + + if Accounts._options.forbidClientAccountCreation + return + + username = + if t.find('input[name="username"]') + t.find('input[name="username"]').value.toLowerCase() + else + undefined + if username and AccountsEntry.settings.usernameToLower then username = username.toLowerCase() + + signupCode = + if t.find('input[name="signupCode"]') + t.find('input[name="signupCode"]').value + else + undefined + + trimInput = (val)-> + val.replace /^\s*|\s*$/g, "" + + email = + if t.find('input[type="email"]') + trimInput t.find('input[type="email"]').value + else + undefined + if AccountsEntry.settings.emailToLower and email then email = email.toLowerCase() + + formValues = SimpleForm.processForm(event.target) + extraFields = _.pluck(AccountsEntry.settings.extraSignUpFields, 'field') + filteredExtraFields = _.pick(formValues, extraFields) + password = t.find('input[type="password"]').value - if username && AccountsEntry.isStringEmail(username) - Session.set('entryError', t9n("error.usernameIsEmail")) - return + fields = AccountsEntry.settings.passwordSignupFields - if emailRequired && email.length is 0 - Session.set('entryError', t9n("error.emailRequired")) - return - if AccountsEntry.settings.showSignupCode && signupCode.length is 0 - Session.set('entryError', t9n("error.signupCodeRequired")) - return + passwordErrors = do (password)-> + errMsg = [] + msg = false + if password.length < 7 + errMsg.push t9n("error.minChar") + if password.search(/[a-z]/i) < 0 + errMsg.push t9n("error.pwOneLetter") + if password.search(/[0-9]/) < 0 + errMsg.push t9n("error.pwOneDigit") + + if errMsg.length > 0 + msg = "" + errMsg.forEach (e) -> + msg = msg.concat "#{e}\r\n" + + Session.set 'entryError', msg + return true + + return false + if passwordErrors then return - Meteor.call 'entryValidateSignupCode', signupCode, (err, valid) -> - if valid - newUserData = - username: username - email: email - password: AccountsEntry.hashPassword(password) - profile: filteredExtraFields - Meteor.call 'entryCreateUser', newUserData, (err, data) -> - if err + emailRequired = _.contains([ + 'USERNAME_AND_EMAIL', + 'EMAIL_ONLY'], fields) + + usernameRequired = _.contains([ + 'USERNAME_AND_EMAIL', + 'USERNAME_ONLY'], fields) + + if usernameRequired && username.length is 0 + Session.set('entryError', t9n("error.usernameRequired")) + return + + if username && AccountsEntry.isStringEmail(username) + Session.set('entryError', t9n("error.usernameIsEmail")) + return + + if emailRequired && email.length is 0 + Session.set('entryError', t9n("error.emailRequired")) + return + + if AccountsEntry.settings.showSignupCode && signupCode.length is 0 + Session.set('entryError', t9n("error.signupCodeRequired")) + return + + + Meteor.call 'entryValidateSignupCode', signupCode, (err, valid) -> + if valid + newUserData = + username: username + email: email + password: AccountsEntry.hashPassword(password) + profile: filteredExtraFields + Meteor.call 'entryCreateUser', newUserData, (err, data) -> + if err + console.log err + T9NHelper.accountsError err + return + #login on client + isEmailSignUp = _.contains([ + 'USERNAME_AND_EMAIL', + 'EMAIL_ONLY'], AccountsEntry.settings.passwordSignupFields) + userCredential = if isEmailSignUp then email else username + Meteor.loginWithPassword userCredential, password, (error) -> + if error console.log err - T9NHelper.accountsError err - return - #login on client - isEmailSignUp = _.contains([ - 'USERNAME_AND_EMAIL', - 'EMAIL_ONLY'], AccountsEntry.settings.passwordSignupFields) - userCredential = if isEmailSignUp then email else username - Meteor.loginWithPassword userCredential, password, (error) -> - if error - console.log err - T9NHelper.accountsError error - else if Session.get 'fromWhere' - Router.go Session.get('fromWhere') - Session.set 'fromWhere', undefined - else - Router.go AccountsEntry.settings.dashboardRoute - else - console.log err - Session.set 'entryError', t9n("error.signupCodeIncorrect") - return + T9NHelper.accountsError error + else if Session.get 'fromWhere' + Router.go Session.get('fromWhere') + Session.set 'fromWhere', undefined + else + Router.go AccountsEntry.settings.dashboardRoute + else + console.log err + Session.set 'entryError', t9n("error.signupCodeIncorrect") + return } Template.entrySignUp.helpers(AccountsEntry.entrySignUpHelpers) diff --git a/server/entry.coffee b/server/entry.coffee index 987a0052..81b136e8 100644 --- a/server/entry.coffee +++ b/server/entry.coffee @@ -10,25 +10,27 @@ Meteor.startup -> @AccountsEntry = AccountsEntry - if !Accounts._options.forbidClientAccountCreation - Meteor.methods - entryValidateSignupCode: (signupCode) -> - check signupCode, Match.OneOf(String, null, undefined) - not AccountsEntry.settings.signupCode or signupCode is AccountsEntry.settings.signupCode + Meteor.methods + entryValidateSignupCode: (signupCode) -> + check signupCode, Match.OneOf(String, null, undefined) + not AccountsEntry.settings.signupCode or signupCode is AccountsEntry.settings.signupCode - entryCreateUser: (user) -> - check user, Object - profile = AccountsEntry.settings.defaultProfile || {} - if user.username - userId = Accounts.createUser - username: user.username, - email: user.email, - password: user.password, - profile: _.extend(profile, user.profile) - else - userId = Accounts.createUser - email: user.email - password: user.password - profile: _.extend(profile, user.profile) - if (user.email && Accounts._options.sendVerificationEmail) - Accounts.sendVerificationEmail(userId, user.email) + entryCreateUser: (user) -> + if Accounts._options.forbidClientAccountCreation + return + + check user, Object + profile = AccountsEntry.settings.defaultProfile || {} + if user.username + userId = Accounts.createUser + username: user.username, + email: user.email, + password: user.password, + profile: _.extend(profile, user.profile) + else + userId = Accounts.createUser + email: user.email + password: user.password + profile: _.extend(profile, user.profile) + if (user.email && Accounts._options.sendVerificationEmail) + Accounts.sendVerificationEmail(userId, user.email) From fbdc375777a2fdb659ec69230a1f2e4f9b88a74d Mon Sep 17 00:00:00 2001 From: ameagher Date: Sat, 20 Sep 2014 19:05:40 -0400 Subject: [PATCH 3/3] removed bad spacing --- client/views/signUp/signUp.coffee | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/client/views/signUp/signUp.coffee b/client/views/signUp/signUp.coffee index c4f844bb..3d651c61 100644 --- a/client/views/signUp/signUp.coffee +++ b/client/views/signUp/signUp.coffee @@ -163,7 +163,7 @@ AccountsEntry.entrySignUpEvents = { console.log err Session.set 'entryError', t9n("error.signupCodeIncorrect") return - } +} Template.entrySignUp.helpers(AccountsEntry.entrySignUpHelpers)