xwx.moe/el.xwx.moe
xwx.moe/ el.xwx.moe
1
0
Disbranĉigi 0
Fontkodo Issues Tirpetoj Actions Packages Projects Eldonoj Wiki Activity

enable modifying profile settings for SSO users

This commit is contained in:
daniel31x13 2024-05-12 22:28:34 -04:00
parent 861f8e55f4
commit 65b29830f0
4 changed files with 117 additions and 152 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
lib/api/controllers/users/userId/deleteUserById.ts
View File

@ -25,16 +25,20 @@ export default async function deleteUserById(
}; };
} }
// Then, we check if the provided password matches the one stored in the database (disabled in SSO/OAuth integrations) if (!isServerAdmin) {
if (user.password && !isServerAdmin) { if (user.password) {
console.log("isServerAdmin", isServerAdmin); const isPasswordValid = bcrypt.compareSync(
console.log("isServerAdmin", body.password); body.password,
const isPasswordValid = bcrypt.compareSync( user.password as string
body.password, );
user.password as string
);
if (!isPasswordValid && !isServerAdmin) { if (!isPasswordValid && !isServerAdmin) {
return {
response: "Invalid credentials.",
status: 401, // Unauthorized
};
}
} else {
return { return {
response: "Invalid credentials.", response: "Invalid credentials.",
status: 401, // Unauthorized status: 401, // Unauthorized

237
lib/api/controllers/users/userId/updateUserById.ts
View File

@ -24,144 +24,106 @@ export default async function updateUserById(
}, },
}); });
if (ssoUser) { if (emailEnabled && !data.email)
// deny changes to SSO-defined properties return {
if (data.email !== user?.email) { response: "Email invalid.",
status: 400,
};
else if (!data.username)
return {
response: "Username invalid.",
status: 400,
};
if (data.newPassword && data.newPassword?.length < 8)
return {
response: "Password must be at least 8 characters.",
status: 400,
};
// Check email (if enabled)
const checkEmail =
/^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$/i;
if (emailEnabled && !checkEmail.test(data.email?.toLowerCase() || ""))
return {
response: "Please enter a valid email.",
status: 400,
};
const checkUsername = RegExp("^[a-z0-9_-]{3,31}$");
if (!checkUsername.test(data.username.toLowerCase()))
return {
response:
"Username has to be between 3-30 characters, no spaces and special characters are allowed.",
status: 400,
};
const userIsTaken = await prisma.user.findFirst({
where: {
id: { not: userId },
OR: emailEnabled
? [
{
username: data.username.toLowerCase(),
},
{
email: data.email?.toLowerCase(),
},
]
: [
{
username: data.username.toLowerCase(),
},
],
},
});
if (userIsTaken) {
if (data.email?.toLowerCase().trim() === userIsTaken.email?.trim())
return { return {
response: "SSO users cannot change their email.", response: "Email is taken.",
status: 400, status: 400,
}; };
else if (
data.username?.toLowerCase().trim() === userIsTaken.username?.trim()
)
return {
response: "Username is taken.",
status: 400,
};
return {
response: "Username/Email is taken.",
status: 400,
};
}
// Avatar Settings
if (
data.image?.startsWith("data:image/jpeg;base64") &&
data.image.length < 1572864
) {
try {
const base64Data = data.image.replace(/^data:image\/jpeg;base64,/, "");
createFolder({ filePath: `uploads/avatar` });
await createFile({
filePath: `uploads/avatar/${userId}.jpg`,
data: base64Data,
isBase64: true,
});
} catch (err) {
console.log("Error saving image:", err);
} }
if (data.newPassword) { } else if (data.image?.length && data.image?.length >= 1572864) {
return { console.log("A file larger than 1.5MB was uploaded.");
response: "SSO Users cannot change their password.", return {
status: 400, response: "A file larger than 1.5MB was uploaded.",
}; status: 400,
} };
if (data.name !== user?.name) { } else if (data.image == "") {
return { removeFile({ filePath: `uploads/avatar/${userId}.jpg` });
response: "SSO Users cannot change their name.",
status: 400,
};
}
if (data.username !== user?.username) {
return {
response: "SSO Users cannot change their username.",
status: 400,
};
}
if (data.image?.startsWith("data:image/jpeg;base64")) {
return {
response: "SSO Users cannot change their avatar.",
status: 400,
};
}
} else {
// verify only for non-SSO users
// SSO users cannot change their email, password, name, username, or avatar
if (emailEnabled && !data.email)
return {
response: "Email invalid.",
status: 400,
};
else if (!data.username)
return {
response: "Username invalid.",
status: 400,
};
if (data.newPassword && data.newPassword?.length < 8)
return {
response: "Password must be at least 8 characters.",
status: 400,
};
// Check email (if enabled)
const checkEmail =
/^(([^<>()[\]\.,;:\s@\"]+(\.[^<>()[\]\.,;:\s@\"]+)*)|(\".+\"))@(([^<>()[\]\.,;:\s@\"]+\.)+[^<>()[\]\.,;:\s@\"]{2,})$/i;
if (emailEnabled && !checkEmail.test(data.email?.toLowerCase() || ""))
return {
response: "Please enter a valid email.",
status: 400,
};
const checkUsername = RegExp("^[a-z0-9_-]{3,31}$");
if (!checkUsername.test(data.username.toLowerCase()))
return {
response:
"Username has to be between 3-30 characters, no spaces and special characters are allowed.",
status: 400,
};
const userIsTaken = await prisma.user.findFirst({
where: {
id: { not: userId },
OR: emailEnabled
? [
{
username: data.username.toLowerCase(),
},
{
email: data.email?.toLowerCase(),
},
]
: [
{
username: data.username.toLowerCase(),
},
],
},
});
if (userIsTaken) {
if (data.email?.toLowerCase().trim() === userIsTaken.email?.trim())
return {
response: "Email is taken.",
status: 400,
};
else if (
data.username?.toLowerCase().trim() === userIsTaken.username?.trim()
)
return {
response: "Username is taken.",
status: 400,
};
return {
response: "Username/Email is taken.",
status: 400,
};
}
// Avatar Settings
if (data.image?.startsWith("data:image/jpeg;base64")) {
if (data.image.length < 1572864) {
try {
const base64Data = data.image.replace(
/^data:image\/jpeg;base64,/,
""
);
createFolder({ filePath: `uploads/avatar` });
await createFile({
filePath: `uploads/avatar/${userId}.jpg`,
data: base64Data,
isBase64: true,
});
} catch (err) {
console.log("Error saving image:", err);
}
} else {
console.log("A file larger than 1.5MB was uploaded.");
return {
response: "A file larger than 1.5MB was uploaded.",
status: 400,
};
}
} else if (data.image == "") {
removeFile({ filePath: `uploads/avatar/${userId}.jpg` });
}
} }
const previousEmail = ( const previousEmail = (
@ -182,7 +144,12 @@ export default async function updateUserById(
username: data.username?.toLowerCase().trim(), username: data.username?.toLowerCase().trim(),
email: data.email?.toLowerCase().trim(), email: data.email?.toLowerCase().trim(),
isPrivate: data.isPrivate, isPrivate: data.isPrivate,
image: data.image ? `uploads/avatar/${userId}.jpg` : "", image:
data.image && data.image.startsWith("http")
? data.image
: data.image
? `uploads/avatar/${userId}.jpg`
: "",
collectionOrder: data.collectionOrder.filter( collectionOrder: data.collectionOrder.filter(
(value, index, self) => self.indexOf(value) === index (value, index, self) => self.indexOf(value) === index
), ),

8
lib/api/verifyUser.ts
View File

@ -32,19 +32,13 @@ export default async function verifyUser({
subscriptions: true, subscriptions: true,
}, },
}); });
const ssoUser = await prisma.account.findFirst({
where: {
userId: userId,
},
});
if (!user) { if (!user) {
res.status(404).json({ response: "User not found." }); res.status(404).json({ response: "User not found." });
return null; return null;
} }
if (!user.username && !ssoUser) { if (!user.username) {
// SSO users don't need a username
res.status(401).json({ res.status(401).json({
response: "Username not found.", response: "Username not found.",
}); });

2
pages/api/v1/auth/[...nextauth].ts
View File

@ -119,7 +119,7 @@ if (
passwordMatches = bcrypt.compareSync(password, user.password); passwordMatches = bcrypt.compareSync(password, user.password);
} }
if (passwordMatches) { if (passwordMatches && user?.password) {
return { id: user?.id }; return { id: user?.id };
} else return null as any; } else return null as any;
}, },