closes #1400, bunch of other fixes to 404, 403 in accounts

v1.18.x
barisusakli 11 years ago
parent 8fa3baf32d
commit c8efeb7d7c

@ -198,6 +198,8 @@ var ajaxify = ajaxify || {};
return ajaxify.go('404');
} else if (data && data.status === 403) {
return ajaxify.go('403');
} else if (data && data.status === 302) {
return ajaxify.go(data.responseJSON.slice(1));
} else if (textStatus !== "abort") {
app.alertError(data.responseJSON.error);
}

@ -20,21 +20,33 @@ var fs = require('fs'),
file = require('./../file');
function userNotFound(res) {
return res.render('404', {
error: 'User not found!'
});
if (res.locals.isAPI) {
res.json(404, 'user-not-found');
} else {
res.render('404', {
error: 'User not found!'
});
}
}
function userNotAllowed(res) {
return res.render('403', {
error: 'Not allowed.'
});
if (res.locals.isAPI) {
res.json(403, 'not-allowed');
} else {
res.render('403', {
error: 'Not allowed.'
});
}
}
function getUserDataByUserSlug(userslug, callerUID, callback) {
user.getUidByUserslug(userslug, function(err, uid) {
if(err || !uid) {
return callback(err || new Error('[[error:invalid-uid]]'));
if (err) {
return callback(err);
}
if (!uid) {
return callback(null, null);
}
async.parallel({
@ -181,7 +193,7 @@ function getFollow(name, req, res, next) {
function(data, next) {
userData = data;
if (!userData) {
return userNotFound();
return userNotFound(res);
}
var method = name === 'following' ? 'getFollowing' : 'getFollowers';
user[method](userData.uid, next);
@ -202,11 +214,11 @@ accountsController.getFavourites = function(req, res, next) {
user.getUidByUserslug(req.params.userslug, function (err, uid) {
if (!uid) {
return userNotFound();
return userNotFound(res);
}
if (parseInt(uid, 10) !== callerUID) {
return userNotAllowed();
return userNotAllowed(res);
}
user.getUserFields(uid, ['username', 'userslug'], function (err, userData) {
@ -215,7 +227,7 @@ accountsController.getFavourites = function(req, res, next) {
}
if (!userData) {
return userNotFound();
return userNotFound(res);
}
posts.getFavourites(uid, 0, 9, function (err, favourites) {
@ -243,7 +255,7 @@ accountsController.getPosts = function(req, res, next) {
}
if (!userData) {
return userNotFound();
return userNotFound(res);
}
posts.getPostsByUid(callerUID, userData.uid, 0, 19, function (err, userPosts) {
@ -270,7 +282,7 @@ accountsController.getTopics = function(req, res, next) {
}
if (!userData) {
return userNotFound();
return userNotFound(res);
}
var set = 'uid:' + userData.uid + ':topics';
@ -315,16 +327,17 @@ accountsController.accountSettings = function(req, res, next) {
var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
user.getUidByUserslug(req.params.userslug, function(err, uid) {
if (err) {
return next(err);
}
if (!uid) {
return userNotFound();
return userNotFound(res);
}
if (parseInt(uid, 10) !== callerUID) {
return userNotAllowed();
return userNotAllowed(res);
}
plugins.fireHook('filter:user.settings', [], function(err, settings) {
@ -345,7 +358,7 @@ accountsController.accountSettings = function(req, res, next) {
}
if(!results.user) {
return userNotFound();
return userNotFound(res);
}
results = {

@ -52,6 +52,20 @@ middleware.redirectToAccountIfLoggedIn = function(req, res, next) {
}
};
middleware.redirectToSelf = function(req, res, next) {
if (req.user && req.params.userslug === '[self]') {
user.getUserField(req.user.uid, 'userslug', function (err, userslug) {
if(res.locals.isAPI) {
res.json(302, '/user/' + userslug + (req.params.section ? '/' + req.params.section : ''));
} else {
res.redirect('/user/' + userslug + (req.params.section ? '/' + req.params.section : ''));
}
});
} else {
next();
}
};
middleware.addSlug = function(req, res, next) {
function redirect(method, id, name) {
method(id, 'slug', function(err, slug) {
@ -114,7 +128,7 @@ middleware.checkAccountPermissions = function(req, res, next) {
// not sure if this check really should belong here. also make sure we're not doing this check again in the actual method
if (!uid) {
if (res.locals.isAPI) {
return res.json(404);
return res.json(404, 'not-found');
} else {
return res.redirect('404');
}

@ -73,6 +73,9 @@ function categoryRoutes(app, middleware, controllers) {
}
function accountRoutes(app, middleware, controllers) {
app.get('/user/:userslug/:section?', middleware.redirectToSelf);
app.get('/api/user/:userslug/:section?', middleware.redirectToSelf);
app.get('/user/:userslug', middleware.buildHeader, middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount);
app.get('/api/user/:userslug', middleware.checkGlobalPrivacySettings, controllers.accounts.getAccount);

Loading…
Cancel
Save