From ea4f39ca21d66409cf03b8bdaa9f24312e4d69b9 Mon Sep 17 00:00:00 2001
From: Baris Soner Usakli <barisusakli@gmail.com>
Date: Tue, 25 Jun 2013 15:50:14 -0400
Subject: [PATCH] server side checks for username/email/password, closes #41

---
 public/src/forum/register.js | 67 +++++++++++++++++++++++-------------
 public/src/utils.js          | 31 +++++++++++++++++
 src/user.js                  | 10 +++++-
 3 files changed, 83 insertions(+), 25 deletions(-)

diff --git a/public/src/forum/register.js b/public/src/forum/register.js
index 5c58edc28a..9f74698eba 100644
--- a/public/src/forum/register.js
+++ b/public/src/forum/register.js
@@ -8,32 +8,60 @@
 		email_notify = document.getElementById('email-notify'),
 		password_notify = document.getElementById('password-notify'),
 		password_confirm_notify = document.getElementById('password-confirm-notify'),		
+		usernamevalid = false;
 		emailexists = false,
 		emailvalid = false,
 		userexists = false,
-		passwordsmatch = false;
+		passwordsmatch = false,
+		passwordvalid = false;
 
 	$(username).on('keyup change', function() {
-		if (username.value.length > 2) socket.emit('user.exists', {username: username.value});
-		else {
+		usernamevalid = utils.isUserNameValid(username.value);
+
+		
+		if(username.value.length < 3) {
 			username_notify.innerHTML = 'Username too short';
 			username_notify.className = 'label label-important';
 		}
+		else if(!usernamevalid) {
+			username_notify.innerHTML = 'Invalid username';
+			username_notify.className = 'label label-important';
+		}
+		else {
+			socket.emit('user.exists', {username: username.value});
+		}
 	});
 
 	$(emailEl).on('keyup change', function() {
-		socket.emit('user.email.exists', { email: emailEl.value });
+		emailvalid = utils.isEmailValid(email.value);
+
+		if(!emailvalid) {
+			email_notify.innerHTML = 'Invalid email address';
+			email_notify.className = 'label label-important';
+		}
+		else
+			socket.emit('user.email.exists', { email: emailEl.value });
 	});
 	
-	password.addEventListener('keyup', function() {
-		if (password.value.length < 5) {
+	$(password).on('keyup', function() {
+		passwordvalid = utils.isPasswordValid(password.value);
+		if (password.value.length < 6) {
 			password_notify.innerHTML = 'Password too short';
 			password_notify.className = 'label label-important';
-		} else {
+		} else if(!passwordvalid) {
+			password_notify.innerHTML = 'Invalid password';
+			password_notify.className = 'label label-important';
+		}	else {
 			password_notify.innerHTML = 'OK!';
 			password_notify.className = 'label label-success';
 		}
-	}, false);
+		
+		if(password.value !== password_confirm.value) {
+			password_confirm_notify.innerHTML = 'Passwords must match!';
+			password_confirm_notify.className = 'label label-important';
+			passwordsmatch = false;
+		}
+	});
 	
 	$(password_confirm).on('keyup', function() {
 		if(password.value !== password_confirm.value) {
@@ -63,14 +91,10 @@
 	
 	socket.on('user.email.exists', function(data) {
 		emailexists = data.exists;
-		emailvalid = isEmailValid(email.value);
 
 		if (data.exists === true) {
 			email_notify.innerHTML = 'Email Address exists';
 			email_notify.className = 'label label-important';
-		} else if(!emailvalid) {
-			email_notify.innerHTML = 'Invalid email address';
-			email_notify.className = 'label label-important';
 		}
 		else {
 			email_notify.innerHTML = 'OK!';
@@ -78,12 +102,6 @@
 		}
 	});
 
-	// from http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
-	function isEmailValid(email) {
-	    var re = /[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/;
-    	return re.test(email); 
-	}
-
 	// Alternate Logins
 	var altLoginEl = document.querySelector('.alt-logins');
 	altLoginEl.addEventListener('click', function(e) {
@@ -97,10 +115,10 @@
 		}
 	});
 
-	// Form Validation
 	function validateForm() {
 		var validated = true;
-		if (username.value.length < 2) {
+		
+		if (username.value.length < 2 || !usernamevalid) {
 			username_notify.innerHTML = 'Invalid username';
 			username_notify.className = 'label label-important';
 			validated = false;
@@ -110,6 +128,10 @@
 			password_notify.innerHTML = 'Password too short';
 			validated = false;
 		} 
+		
+		if(password.value !== password_confirm.value) {
+			password_confirm_notify.innerHTML = 'Passwords must match!';
+		}
 
 		if (!emailvalid) {
 			email_notify.innerHTML = 'Invalid email address';
@@ -121,10 +143,7 @@
 			validated = false;
 		}
 
-		if(userexists)
-			validated = false;
-			
-		if(!passwordsmatch)
+		if(userexists || !passwordsmatch || !passwordvalid)
 			validated = false;
 
 		return validated;
diff --git a/public/src/utils.js b/public/src/utils.js
index 3486906e29..1cde4e1360 100644
--- a/public/src/utils.js
+++ b/public/src/utils.js
@@ -83,6 +83,20 @@
 			return str;
 		},
 
+		// from http://stackoverflow.com/questions/46155/validate-email-address-in-javascript
+		isEmailValid: function(email) {
+		    var re = /[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/;
+	    	return re.test(email); 
+		},
+
+		isUserNameValid: function(name) {
+			return (name && name !== "" && !(/^\s*$/.test(name)));
+		},
+	
+		isPasswordValid: function(password) {
+			return password && password.indexOf(' ') === -1 && password.length > 5;
+		},
+
 		// Blatently stolen from: http://phpjs.org/functions/strip_tags/
 		'strip_tags': function(input, allowed) {
 			allowed = (((allowed || "") + "").toLowerCase().match(/<[a-z][a-z0-9]*>/g) || []).join(''); // making sure the allowed arg is a string containing only tags in lowercase (<a><b><c>)
@@ -95,6 +109,23 @@
 		}
 	}
 
+
+	if (!String.prototype.trim) {
+		String.prototype.trim=function(){return this.replace(/^\s+|\s+$/g, '');};
+	}
+
+	if (!String.prototype.ltrim) {
+		String.prototype.ltrim=function(){return this.replace(/^\s+/,'');};
+	}
+	
+	if (!String.prototype.rtrim) {
+		String.prototype.rtrim=function(){return this.replace(/\s+$/,'');};			
+	}
+	
+	if (!String.prototype.fulltrim) {
+		String.prototype.fulltrim=function(){return this.replace(/(?:(?:^|\n)\s+|\s+(?:$|\n))/g,'').replace(/\s+/g,' ');};			
+	}
+
 	
 	if ('undefined' !== typeof window) {
 		window.utils = module.exports;
diff --git a/src/user.js b/src/user.js
index 97009edb74..7729509660 100644
--- a/src/user.js
+++ b/src/user.js
@@ -163,12 +163,20 @@ var utils = require('./../public/src/utils.js'),
 
 	User.create = function(username, password, email, callback) {
 
+		username = username.trim();
+		email = email.trim();
+
+		if(!utils.isEmailValid(email) || !utils.isUserNameValid(username) || !utils.isPasswordValid(password)) {
+			console.log('Invalid email/username/password!');
+			callback(null, 0);
+			return;
+		}
+
 		var userslug = utils.slugify(username);
 
 		User.exists(userslug, function(exists) {
 
 			if(exists) {
-				console.log("user name taken");
 				callback(null, 0);
 				return;
 			}