hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: #9834, missing null email check on new registrations, added tests

Browse Source
isekai-main
Julian Lam 3 years ago
parent cb69934ad0
commit 58e0a366c8
2 changed files with 79 additions and 0 deletions
Show Stats Download Patch File Download Diff File

4
src/user/interstitials.js
Unescape Escape View File

@ -68,6 +68,10 @@ Interstitials.email = async (data) => {
} }
} }
} else { } else {
if (meta.config.requireEmailAddress && !(formData.email && formData.email.length)) {
throw new Error('[[error:invalid-email]]');
}
// New registrants have the confirm email sent from user.create() // New registrants have the confirm email sent from user.create()
userData.email = formData.email; userData.email = formData.email;
} }

75
test/controllers.js
Unescape Escape View File

@ -343,6 +343,81 @@ describe('Controllers', () => {
}); });
}); });
describe('registration interstitials', () => {
let jar;
let token;
it('email interstitial should still apply if empty email entered and requireEmailAddress is enabled', async () => {
meta.config.requireEmailAddress = 1;
jar = await helpers.registerUser({
username: 'testEmailReg',
password: 'asdasd',
});
token = await helpers.getCsrfToken(jar);
console.log('making request');
let res = await requestAsync(`${nconf.get('url')}/register/complete`, {
method: 'post',
jar,
json: true,
followRedirect: false,
simple: false,
resolveWithFullResponse: true,
headers: {
'x-csrf-token': token,
},
form: {
email: '',
},
});
assert.strictEqual(res.headers.location, '/register/complete');
res = await requestAsync(`${nconf.get('url')}/api/register/complete`, {
jar,
json: true,
resolveWithFullResponse: true,
});
assert(res.body.errors.includes('[[error:invalid-email]]'));
});
it('gdpr interstitial should still apply if email requirement is disabled', async () => {
meta.config.requireEmailAddress = 0;
const res = await requestAsync(`${nconf.get('url')}/api/register/complete`, {
jar,
json: true,
resolveWithFullResponse: true,
});
assert(!res.body.errors.includes('[[error:invalid-email]]'));
assert(!res.body.errors.includes('[[error:gdpr_consent_denied]]'));
});
it('registration should succeed once gdpr prompts are agreed to', async () => {
const res = await requestAsync(`${nconf.get('url')}/register/complete`, {
method: 'post',
jar,
json: true,
followRedirect: false,
simple: false,
resolveWithFullResponse: true,
headers: {
'x-csrf-token': token,
},
form: {
gdpr_agree_data: 'on',
gdpr_agree_email: 'on',
},
});
assert.strictEqual(res.statusCode, 302);
assert.strictEqual(res.headers.location, '/');
});
});
it('should load /robots.txt', (done) => { it('should load /robots.txt', (done) => {
request(`${nconf.get('url')}/robots.txt`, (err, res, body) => { request(`${nconf.get('url')}/robots.txt`, (err, res, body) => {
assert.ifError(err); assert.ifError(err);

Write Preview
Loading…
Cancel
Save