hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: #9217, render 400 error page on bad access to /register

Browse Source
v1.18.x
Julian Lam 4 years ago
parent 06e2ef1a8e
commit b2b1450e5d
3 changed files with 18 additions and 4 deletions
Show Stats Download Patch File Download Diff File

6
public/language/en-GB/register.json
Unescape Escape View File

@ -24,5 +24,9 @@
"interstitial.errors-found": "We could not complete your registration:",
"gdpr_agree_data": "I consent to the collection and processing of my personal information on this website.",
"gdpr_agree_email": "I consent to receive digest and notification emails from this website.",
"gdpr_consent_denied": "You must give consent to this site to collect/process your information, and to send you emails."
"gdpr_consent_denied": "You must give consent to this site to collect/process your information, and to send you emails.",
"invite.error-admin-only": "Direct user registration has been disabled. Please contact an administrator for more details.",
"invite.error-invite-only": "Direct user registration has been disabled. You must be invited by an existing user in order to access this forum.",
"invite.error-invalid-data": "The registration data received does not correspond to our records. Please contact an administrator for more details"
}

8
src/controllers/index.js
Unescape Escape View File

@ -149,7 +149,13 @@ Controllers.register = async function (req, res, next) {
}
try {
if (registrationType === 'invite-only' || registrationType === 'admin-invite-only') {
await user.verifyInvitation(req.query);
try {
await user.verifyInvitation(req.query);
} catch (e) {
res.render('400', {
error: e.message,
});
}
}
const loginStrategies = require('../routes/authentication').getLoginStrategies();

8
src/user/invite.js
Unescape Escape View File

@ -58,11 +58,15 @@ module.exports = function (User) {
User.verifyInvitation = async function (query) {
if (!query.token || !query.email) {
throw new Error('[[error:invalid-data]]');
if (meta.config.registrationType.startsWith('admin-')) {
throw new Error('[[register:invite.error-admin-only]]');
} else {
throw new Error('[[register:invite.error-invite-only]]');
}
}
const token = await db.getObjectField('invitation:email:' + query.email, 'token');
if (!token || token !== query.token) {
throw new Error('[[error:invalid-token]]');
throw new Error('[[register:invite.error-invalid-data]]');
}
};

Write Preview
Loading…
Cancel
Save