diff --git a/public/src/utils.js b/public/src/utils.js index bc97257382..e7916ef5f6 100644 --- a/public/src/utils.js +++ b/public/src/utils.js @@ -126,8 +126,7 @@ // from http://stackoverflow.com/questions/46155/validate-email-address-in-javascript isEmailValid: function(email) { // var re = /[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/; - var valid = email.indexOf('@') !== -1 ? true : false; - return valid; + return email.indexOf('@') !== -1; }, isUserNameValid: function(name) { @@ -137,6 +136,21 @@ isPasswordValid: function(password) { return password && password.indexOf(' ') === -1; }, + isNumber: function(n) { + return !isNaN(parseFloat(n)) && isFinite(n); + }, + // shallow objects merge + merge: function() { + var result = {}, obj, keys; + for (var i = 0; i < arguments.length; i++) { + obj = arguments[i] || {}; + keys = Object.keys(obj); + for (var j = 0; j < keys.length; j++) { + result[keys[j]] = obj[keys[j]]; + } + } + return result; + }, buildMetaTags: function(tagsArr) { var tags = '', tag; diff --git a/src/admin/user.js b/src/admin/user.js index f295f78916..3c1fb77ab0 100644 --- a/src/admin/user.js +++ b/src/admin/user.js @@ -11,7 +11,7 @@ var utils = require('../../public/src/utils'), } if (isAdmin) { - user.create(userData.username, userData.password, userData.email, function(err) { + user.create(userData, function(err) { if(err) { return callback(err); } diff --git a/src/install.js b/src/install.js index bb52441d40..eae4de5dfa 100644 --- a/src/install.js +++ b/src/install.js @@ -25,7 +25,13 @@ var async = require('async'), description: 'Use a port number to access NodeBB?', 'default': (nconf.get('use_port') !== undefined ? (nconf.get('use_port') ? 'y' : 'n') : 'y'), pattern: /y[es]*|n[o]?/, - message: 'Please enter \'yes\' or \'no\'', + message: 'Please enter \'yes\' or \'no\'' + }, { + name: 'use_proxy', + description: 'is NodeBB behind a proxy?', + 'default': (nconf.get('use_proxy') !== undefined ? (nconf.get('use_proxy') ? 'y' : 'n') : 'y'), + pattern: /y[es]*|n[o]?/, + message: 'Please enter \'yes\' or \'no\'' }, { name: 'secret', description: 'Please enter a NodeBB secret', @@ -141,6 +147,7 @@ var async = require('async'), config.bcrypt_rounds = 12; config.upload_path = '/public/uploads'; config.use_port = config.use_port.slice(0, 1) === 'y'; + config.use_proxy = config.use_proxy.slice(0, 1) === 'y'; var urlObject = url.parse(config.base_url), relative_path = (urlObject.pathname && urlObject.pathname.length > 1) ? urlObject.pathname : '', @@ -218,7 +225,7 @@ var async = require('async'), value: 1 }, { field: 'allowFileUploads', - value: 0, + value: 0 }, { field: 'maximumFileSize', value: 2048 @@ -404,7 +411,7 @@ var async = require('async'), } nconf.set('bcrypt_rounds', 12); - User.create(results.username, results.password, results.email, function (err, uid) { + User.create({username: results.username, password: results.password, email: results.email}, function (err, uid) { if (err) { winston.warn(err.message + ' Please try again.'); return callback(new Error('invalid-values')); diff --git a/src/login.js b/src/login.js index c4eb226586..50ce805b21 100644 --- a/src/login.js +++ b/src/login.js @@ -70,7 +70,7 @@ var user = require('./user'), }); } else { // New User - user.create(handle, undefined, undefined, function(err, uid) { + user.create({username: handle}, function(err, uid) { if(err) { return callback(err); } @@ -93,7 +93,7 @@ var user = require('./user'), }); } }); - } + }; Login.loginViaGoogle = function(gplusid, handle, email, callback) { user.getUidByGoogleId(gplusid, function(err, uid) { @@ -115,7 +115,7 @@ var user = require('./user'), callback(null, { uid: uid }); - } + }; user.getUidByEmail(email, function(err, uid) { if(err) { @@ -123,7 +123,7 @@ var user = require('./user'), } if (!uid) { - user.create(handle, undefined, email, function(err, uid) { + user.create({username: handle, email: email}, function(err, uid) { if(err) { return callback(err); } @@ -136,7 +136,7 @@ var user = require('./user'), }); } }); - } + }; Login.loginViaFacebook = function(fbid, name, email, callback) { user.getUidByFbid(fbid, function(err, uid) { @@ -158,7 +158,7 @@ var user = require('./user'), callback(null, { uid: uid }); - } + }; user.getUidByEmail(email, function(err, uid) { if(err) { @@ -166,7 +166,7 @@ var user = require('./user'), } if (!uid) { - user.create(name, undefined, email, function(err, uid) { + user.create({username: name, email: email}, function(err, uid) { if(err) { return callback(err); } @@ -181,4 +181,4 @@ var user = require('./user'), }); } -}(exports)); \ No newline at end of file +}(exports)); diff --git a/src/routes/authentication.js b/src/routes/authentication.js index 4fb9560a1b..8b1bc8b4af 100644 --- a/src/routes/authentication.js +++ b/src/routes/authentication.js @@ -197,7 +197,7 @@ return res.send(403); } - user.create(req.body.username, req.body.password, req.body.email, function(err, uid) { + user.create({username: req.body.username, password: req.body.password, email: req.body.email, ip: req.ip}, function(err, uid) { if (err === null && uid) { req.login({ uid: uid diff --git a/src/user.js b/src/user.js index 59ef04f80a..3fc8dca0da 100644 --- a/src/user.js +++ b/src/user.js @@ -19,34 +19,35 @@ var bcrypt = require('bcrypt'), (function(User) { 'use strict'; - User.create = function(username, password, email, callback) { - var userslug = utils.slugify(username); + User.create = function(userData, callback) { + userData = userData || {}; + userData.userslug = utils.slugify(userData.username); - username = username.trim(); - if (email !== undefined) { - email = email.trim(); + userData.username = userData.username.trim(); + if (userData.email !== undefined) { + userData.email = userData.email.trim(); } async.parallel([ function(next) { - if (email !== undefined) { - next(!utils.isEmailValid(email) ? new Error('Invalid Email!') : null); + if (userData.email) { + next(!utils.isEmailValid(userData.email) ? new Error('Invalid Email!') : null); } else { next(); } }, function(next) { - next((!utils.isUserNameValid(username) || !userslug) ? new Error('Invalid Username!') : null); + next((!utils.isUserNameValid(userData.username) || !userData.userslug) ? new Error('Invalid Username!') : null); }, function(next) { - if (password !== undefined) { - next(!utils.isPasswordValid(password) ? new Error('Invalid Password!') : null); + if (userData.password) { + next(!utils.isPasswordValid(userData.password) ? new Error('Invalid Password!') : null); } else { next(); } }, function(next) { - User.exists(userslug, function(err, exists) { + User.exists(userData.userslug, function(err, exists) { if (err) { return next(err); } @@ -54,8 +55,8 @@ var bcrypt = require('bcrypt'), }); }, function(next) { - if (email !== undefined) { - User.isEmailAvailable(email, function(err, available) { + if (userData.email) { + User.isEmailAvailable(userData.email, function(err, available) { if (err) { return next(err); } @@ -64,8 +65,14 @@ var bcrypt = require('bcrypt'), } else { next(); } + }, + function(next) { + plugins.fireHook('filter:user.create', userData, function(err, filteredUserData){ + next(err, utils.merge(userData, filteredUserData)); + }); } ], function(err, results) { + userData = results[results.length - 1]; if (err) { return callback(err); } @@ -75,18 +82,19 @@ var bcrypt = require('bcrypt'), return callback(err); } - var gravatar = User.createGravatarURLFromEmail(email); + var gravatar = User.createGravatarURLFromEmail(userData.email); var timestamp = Date.now(); + var password = userData.password; - db.setObject('user:' + uid, { + userData = { 'uid': uid, - 'username': username, - 'userslug': userslug, + 'username': userData.username, + 'userslug': userData.userslug, 'fullname': '', 'location': '', 'birthday': '', 'website': '', - 'email': email || '', + 'email': userData.email || '', 'signature': '', 'joindate': timestamp, 'picture': gravatar, @@ -98,19 +106,21 @@ var bcrypt = require('bcrypt'), 'lastposttime': 0, 'banned': 0, 'showemail': 0 - }); + }; + + db.setObject('user:' + uid, userData); - db.setObjectField('username:uid', username, uid); - db.setObjectField('userslug:uid', userslug, uid); + db.setObjectField('username:uid', userData.username, uid); + db.setObjectField('userslug:uid', userData.userslug, uid); - if (email !== undefined) { - db.setObjectField('email:uid', email, uid); + if (userData.email !== undefined) { + db.setObjectField('email:uid', userData.email, uid); if (parseInt(uid, 10) !== 1) { - User.email.verify(uid, email); + User.email.verify(uid, userData.email); } } - plugins.fireHook('action:user.create', {uid: uid, username: username, email: email, picture: gravatar, timestamp: timestamp}); + plugins.fireHook('action:user.create', userData); db.incrObjectField('global', 'userCount'); db.sortedSetAdd('users:joindate', timestamp, uid); @@ -120,7 +130,7 @@ var bcrypt = require('bcrypt'), // Join the "registered-users" meta group groups.joinByGroupName('registered-users', uid); - if (password !== undefined) { + if (password) { User.hashPassword(password, function(err, hash) { User.setUserField(uid, 'password', hash); callback(null, uid); diff --git a/src/webserver.js b/src/webserver.js index cea4071ab9..0d8077419b 100644 --- a/src/webserver.js +++ b/src/webserver.js @@ -191,6 +191,25 @@ if(nconf.get('ssl')) { app.use(express.csrf()); + // negative boolean with type check here to support a config.json without a 'use_proxy' value, + // so unless it's specifically set to false, it's true (as long as it's not a dev env) + // todo: remove double negative with a minor release, where backward compatibility can be broken + // and if dev mode, then it's probably not behind a proxy but it can be forced by setting 'use_proxy' to true + + if (nconf.get('use_proxy') === false) { + winston.info('\'use_proxy\' is set to false in config file, skipping \'trust proxy\''); + + } else if (!nconf.get('use_proxy') && process.env.NODE_ENV === 'development') { + winston.info('\'use_proxy\' is not set, skipping because you\'re in development env. Set to true to force enabling it.'); + + } else { + winston.info('\'use_proxy\'' + + (nconf.get('use_proxy') === true ? ' is set to true ' : ' is not set ') + + 'in config file, enabling \'trust proxy\', set to false to disable it.'); + + app.enable('trust proxy'); + } + // Local vars, other assorted setup app.use(function (req, res, next) { nconf.set('https', req.secure); @@ -210,7 +229,7 @@ if(nconf.get('ssl')) { user.setUserField(req.user.uid, 'lastonline', Date.now()); } next(); - }) + }); next(); }, diff --git a/tests/user.js b/tests/user.js index 7adfca61ee..40c7156cbd 100644 --- a/tests/user.js +++ b/tests/user.js @@ -26,16 +26,16 @@ describe('User', function() { describe('when created', function() { it('should be created properly', function(done){ - User.create(userData.name, userData.password, userData.email, function(error,userId){ + User.create({usename: userData.name, password: userData.password, email: userData.email}, function(error,userId){ assert.equal(error, null, 'was created with error'); assert.ok(userId); done(); }); }); - it('should have a valid email', function() { + it('should have a valid email, if using an email', function() { assert.throws( - User.create(userData.name, userData.password, 'fakeMail',function(){}), + User.create({username: userData.name, password: userData.password, email: 'fakeMail'},function(){}), Error, 'does not validate email' );