Merge remote-tracking branch 'origin/develop' into negue/flagpm

# Conflicts: # website/client/components/chat/chatCard.vue # website/client/components/chat/chatMessages.vue # website/common/locales/en/messages.json
2025-12-17 14:47:53 +01:00 · 2018-11-18 22:04:33 +01:00
parent 8f2435c37c e76bdbd62d
commit 8b15d94ae1
900 changed files with 49269 additions and 42663 deletions
--- a/website/server/controllers/api-v4/auth.js
+++ b/website/server/controllers/api-v4/auth.js
@@ -1,8 +1,51 @@
-import { authWithHeaders } from '../../middlewares/auth';
+import {
+  authWithHeaders,
+} from '../../middlewares/auth';
 import * as authLib from '../../libs/auth';
+import { model as User } from '../../models/user';
+import {verifyUsername} from '../../libs/user/validation';

 const api = {};

+api.verifyUsername = {
+  method: 'POST',
+  url: '/user/auth/verify-username',
+  middlewares: [authWithHeaders({
+    optional: true,
+  })],
+  async handler (req, res) {
+    req.checkBody({
+      username: {
+        notEmpty: {errorMessage: res.t('missingUsername')},
+      },
+    });
+
+    const validationErrors = req.validationErrors();
+    if (validationErrors) throw validationErrors;
+
+    const user = res.locals.user;
+    const chosenUsername = req.body.username;
+
+    const issues = verifyUsername(chosenUsername, res);
+
+    if (issues.length < 1) {
+      const existingUser = await User.findOne({
+        'auth.local.lowerCaseUsername': chosenUsername.toLowerCase(),
+      }, {auth: 1}).exec();
+
+      if (existingUser) {
+        if (!user ||  existingUser._id !== user._id) issues.push(res.t('usernameTaken'));
+      }
+    }
+
+    if (issues.length > 0) {
+      res.respond(200, { isUsable: false, issues });
+    } else {
+      res.respond(200, { isUsable: true });
+    }
+  },
+};
+
 /*
 * NOTE most user routes are still in the v3 controller
 * here there are only routes that had to be split from the v3 version because of
@@ -35,4 +78,4 @@ api.registerLocal = {
  },
 };

-module.exports = api;
+module.exports = api;
--- a/website/server/controllers/api-v4/user.js
+++ b/website/server/controllers/api-v4/user.js
@@ -1,5 +1,6 @@
 import { authWithHeaders } from '../../middlewares/auth';
 import * as userLib from '../../libs/user';
+import { verifyDisplayName } from '../../libs/user/validation';

 const api = {};

@@ -37,7 +38,7 @@ const api = {};
 * Tags
 * TasksOrder (list of all ids for dailys, habits, rewards and todos)
 *
- * @apiParam (Query) {UUID} userFields A list of comma separated user fields to be returned instead of the entire document. Notifications are always returned.
+ * @apiParam (Query) {String} [userFields] A list of comma separated user fields to be returned instead of the entire document. Notifications are always returned.
 *
 * @apiExample {curl} Example use:
 * curl -i https://habitica.com/api/v3/user?userFields=achievements,items.mounts
@@ -206,4 +207,32 @@ api.userReset = {
  },
 };

+api.verifyDisplayName = {
+  method: 'POST',
+  url: '/user/auth/verify-display-name',
+  middlewares: [authWithHeaders({
+    optional: true,
+  })],
+  async handler (req, res) {
+    req.checkBody({
+      displayName: {
+        notEmpty: {errorMessage: res.t('messageMissingDisplayName')},
+      },
+    });
+
+    const validationErrors = req.validationErrors();
+    if (validationErrors) throw validationErrors;
+
+    const chosenDisplayName = req.body.displayName;
+
+    const issues = verifyDisplayName(chosenDisplayName, res);
+
+    if (issues.length > 0) {
+      res.respond(200, { isUsable: false, issues });
+    } else {
+      res.respond(200, { isUsable: true });
+    }
+  },
+};
+
 module.exports = api;