From b2b1450e5dc428aa2153f5b752048e8a5f1437f8 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Sun, 24 Jan 2021 13:59:00 -0500 Subject: [PATCH] fix: #9217, render 400 error page on bad access to /register --- public/language/en-GB/register.json | 6 +++++- src/controllers/index.js | 8 +++++++- src/user/invite.js | 8 ++++++-- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/public/language/en-GB/register.json b/public/language/en-GB/register.json index c6136b9d0a..5d9655aaba 100644 --- a/public/language/en-GB/register.json +++ b/public/language/en-GB/register.json @@ -24,5 +24,9 @@ "interstitial.errors-found": "We could not complete your registration:", "gdpr_agree_data": "I consent to the collection and processing of my personal information on this website.", "gdpr_agree_email": "I consent to receive digest and notification emails from this website.", - "gdpr_consent_denied": "You must give consent to this site to collect/process your information, and to send you emails." + "gdpr_consent_denied": "You must give consent to this site to collect/process your information, and to send you emails.", + + "invite.error-admin-only": "Direct user registration has been disabled. Please contact an administrator for more details.", + "invite.error-invite-only": "Direct user registration has been disabled. You must be invited by an existing user in order to access this forum.", + "invite.error-invalid-data": "The registration data received does not correspond to our records. Please contact an administrator for more details" } diff --git a/src/controllers/index.js b/src/controllers/index.js index 8be1668684..c5549a7357 100644 --- a/src/controllers/index.js +++ b/src/controllers/index.js @@ -149,7 +149,13 @@ Controllers.register = async function (req, res, next) { } try { if (registrationType === 'invite-only' || registrationType === 'admin-invite-only') { - await user.verifyInvitation(req.query); + try { + await user.verifyInvitation(req.query); + } catch (e) { + res.render('400', { + error: e.message, + }); + } } const loginStrategies = require('../routes/authentication').getLoginStrategies(); diff --git a/src/user/invite.js b/src/user/invite.js index b939f6cd68..8b7087996d 100644 --- a/src/user/invite.js +++ b/src/user/invite.js @@ -58,11 +58,15 @@ module.exports = function (User) { User.verifyInvitation = async function (query) { if (!query.token || !query.email) { - throw new Error('[[error:invalid-data]]'); + if (meta.config.registrationType.startsWith('admin-')) { + throw new Error('[[register:invite.error-admin-only]]'); + } else { + throw new Error('[[register:invite.error-invite-only]]'); + } } const token = await db.getObjectField('invitation:email:' + query.email, 'token'); if (!token || token !== query.token) { - throw new Error('[[error:invalid-token]]'); + throw new Error('[[register:invite.error-invalid-data]]'); } };