mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-18 15:17:25 +01:00
ebf3b4aa47
* Change update username API call
The call no longer requires a password and also validates the username.
* Implement API call to verify username without setting it
* Improve coding style
* Apply username verification to registration
* Update error messages
* Validate display names.
* Fix API early Stat Point allocation (#10680)
* Refactor hasClass check to common so it can be used in shared & server-side code
* Check that user has selected class before allocating stat points
* chore(event): end Ember Hatching Potions
* chore(analytics): reenable navigation tracking
* update bcrypt
* Point achievement modal links to main site (#10709)
* Animal ears after death (#10691)
* Animal Ears purchasable with Gold if lost in Death
* remove ears from pinned items when set is bought
* standardise css and error handling for gems and coins
* revert accidental new line
* fix client tests
* Reduce margin-bottom of checklist-item from 10px to -3px. (#10684)
* chore(i18n): update locales
* 4.61.1
* feat(content): Subscriber Items and Magic Potions
* chore(sprites): compile
* chore(i18n): update locales
* 4.62.0
* Display notification for users to confirm their username
* fix typo
* WIP(usernames): Changes to address #10694
* WIP(usernames): Further changes for #10694
* fix(usernames): don't show spurious headings
* Change verify username notification to new version
* Improve feedback for invalid usernames
* Allow user to set their username again to confirm it
* Improve validation display for usernames
* Temporarily move display name validation outside of schema
* Improve rendering banner about sleeping in the inn
See #10695
* Display settings in one column
* Position inn banner when window is resized
* Update inn banner handling
* Fix banner offset on initial load
* Fix minor issues.
* Issue: 10660 - Fixed. Changed default to Please Enter A Value (#10718)
* Issue: 10660 - Fixed. Changed default to Please Enter A Value
* Issue: 10660 - Fixed/revision 2 Changed default to Enter A Value
* chore(news): Bailey announcements
* chore(i18n): update locales
* 4.62.1
* adjust wiki link for usernameInfo string
https://github.com/HabitRPG/habitica-private/issues/7#issuecomment-425405425
* raise coverage for tasks api calls (#10029)
* - updates a group task - approval is required
- updates a group task with checklist
* add expect to test the new checklist length
* - moves tasks to a specified position out of length
* remove unused line
* website getter tasks tests
* re-add sanitizeUserChallengeTask
* change config.json.example variable to be a string not a boolean
* fix tests - pick the text / up/down props too
* fix test - remove changes on text/up/down - revert sanitize condition - revert sanitization props
* Change update username API call
The call no longer requires a password and also validates the username.
* feat(content): Subscriber Items and Magic Potions
* Re-add register call
* Fix merge issue
* Fix issue with setting username
* Implement new alert style
* Display username confirmation status in settings
* Add disclaimer to change username field
* validate username in settings
* Allow specific fields to be focused when opening site settings
* Implement requested changes.
* Fix merge issue
* Fix failing tests
* verify username when users register with username and password
* Set ID for change username notification
* Disable submit button if username is invalid
* Improve username confirmation handling
* refactor(settings): address remaining code comments on auth form
* Revert "refactor(settings): address remaining code comments on auth form"
This reverts commit 9b6609ad64.
* Social user username (#10620)
* Refactored private functions to library
* Refactored social login code
* Added username to social registration
* Changed id library
* Added new local auth check
* Fixed export error. Fixed password check error
* fix(settings): password not available on client
* refactor(settings): more sensible placement of methods
* chore(migration): script to hand out procgen usernames
* fix(migration): don't give EVERYONE new names you doofus
* fix(migration): limit data retrieved, be extra careful about updates
* fix(migration): use missing field, not migration tag, for query
* fix(migration): unused var
* fix(usernames): only generate 20 characters
* fix(migration): set lowerCaseUsername
205 lines
6.5 KiB
JavaScript
205 lines
6.5 KiB
JavaScript
import {
|
|
BadRequest,
|
|
NotAuthorized,
|
|
NotFound,
|
|
} from '../../libs/errors';
|
|
import * as passwordUtils from '../../libs/password';
|
|
import { model as User } from '../../models/user';
|
|
import { model as EmailUnsubscription } from '../../models/emailUnsubscription';
|
|
import { sendTxn as sendTxnEmail } from '../../libs/email';
|
|
import common from '../../../common';
|
|
import logger from '../../libs/logger';
|
|
import { decrypt } from '../../libs/encryption';
|
|
import { model as Group } from '../../models/group';
|
|
import moment from 'moment';
|
|
import { loginSocial } from './social.js';
|
|
import { loginRes } from './utils';
|
|
import { verifyUsername } from '../user/validation';
|
|
|
|
const USERNAME_LENGTH_MIN = 1;
|
|
const USERNAME_LENGTH_MAX = 20;
|
|
|
|
// When the user signed up after having been invited to a group, invite them automatically to the group
|
|
async function _handleGroupInvitation (user, invite) {
|
|
// wrapping the code in a try because we don't want it to prevent the user from signing up
|
|
// that's why errors are not translated
|
|
try {
|
|
let {sentAt, id: groupId, inviter} = JSON.parse(decrypt(invite));
|
|
|
|
// check that the invite has not expired (after 7 days)
|
|
if (sentAt && moment().subtract(7, 'days').isAfter(sentAt)) {
|
|
let err = new Error('Invite expired.');
|
|
err.privateData = invite;
|
|
throw err;
|
|
}
|
|
|
|
let group = await Group.getGroup({user, optionalMembership: true, groupId, fields: 'name type'});
|
|
if (!group) throw new NotFound('Group not found.');
|
|
|
|
if (group.type === 'party') {
|
|
user.invitations.party = {id: group._id, name: group.name, inviter};
|
|
user.invitations.parties.push(user.invitations.party);
|
|
} else {
|
|
user.invitations.guilds.push({id: group._id, name: group.name, inviter});
|
|
}
|
|
|
|
// award the inviter with 'Invited a Friend' achievement
|
|
inviter = await User.findById(inviter);
|
|
if (!inviter.achievements.invitedFriend) {
|
|
inviter.achievements.invitedFriend = true;
|
|
inviter.addNotification('INVITED_FRIEND_ACHIEVEMENT');
|
|
await inviter.save();
|
|
}
|
|
} catch (err) {
|
|
logger.error(err);
|
|
}
|
|
}
|
|
|
|
function hasLocalAuth (user) {
|
|
return user.auth.local.email && user.auth.local.hashed_password;
|
|
}
|
|
|
|
function hasBackupAuth (user, networkToRemove) {
|
|
if (hasLocalAuth(user)) {
|
|
return true;
|
|
}
|
|
|
|
let hasAlternateNetwork = common.constants.SUPPORTED_SOCIAL_NETWORKS.find((network) => {
|
|
return network.key !== networkToRemove && user.auth[network.key].id;
|
|
});
|
|
|
|
return hasAlternateNetwork;
|
|
}
|
|
|
|
async function registerLocal (req, res, { isV3 = false }) {
|
|
const existingUser = res.locals.user; // If adding local auth to social user
|
|
|
|
req.checkBody({
|
|
username: {
|
|
notEmpty: true,
|
|
errorMessage: res.t('missingUsername'),
|
|
// TODO use the constants in the error message above
|
|
isLength: {options: {min: USERNAME_LENGTH_MIN, max: USERNAME_LENGTH_MAX}, errorMessage: res.t('usernameWrongLength')},
|
|
matches: {options: /^[-_a-zA-Z0-9]+$/, errorMessage: res.t('usernameBadCharacters')},
|
|
},
|
|
email: {
|
|
notEmpty: true,
|
|
errorMessage: res.t('missingEmail'),
|
|
isEmail: {errorMessage: res.t('notAnEmail')},
|
|
},
|
|
password: {
|
|
notEmpty: true,
|
|
errorMessage: res.t('missingPassword'),
|
|
equals: {options: [req.body.confirmPassword], errorMessage: res.t('passwordConfirmationMatch')},
|
|
},
|
|
});
|
|
|
|
let validationErrors = req.validationErrors();
|
|
if (validationErrors) throw validationErrors;
|
|
|
|
const issues = verifyUsername(req.body.username, res);
|
|
if (issues.length > 0) throw new BadRequest(issues.join(' '));
|
|
|
|
let { email, username, password } = req.body;
|
|
|
|
// Get the lowercase version of username to check that we do not have duplicates
|
|
// So we can search for it in the database and then reject the choosen username if 1 or more results are found
|
|
email = email.toLowerCase();
|
|
username = username.trim();
|
|
let lowerCaseUsername = username.toLowerCase();
|
|
|
|
// Search for duplicates using lowercase version of username
|
|
let user = await User.findOne({$or: [
|
|
{'auth.local.email': email},
|
|
{'auth.local.lowerCaseUsername': lowerCaseUsername},
|
|
]}, {'auth.local': 1}).exec();
|
|
|
|
if (user) {
|
|
if (email === user.auth.local.email) throw new NotAuthorized(res.t('emailTaken'));
|
|
// Check that the lowercase username isn't already used
|
|
if (lowerCaseUsername === user.auth.local.lowerCaseUsername) throw new NotAuthorized(res.t('usernameTaken'));
|
|
}
|
|
|
|
let hashed_password = await passwordUtils.bcryptHash(password); // eslint-disable-line camelcase
|
|
let newUser = {
|
|
auth: {
|
|
local: {
|
|
username,
|
|
lowerCaseUsername,
|
|
email,
|
|
hashed_password, // eslint-disable-line camelcase,
|
|
passwordHashMethod: 'bcrypt',
|
|
},
|
|
},
|
|
preferences: {
|
|
language: req.language,
|
|
},
|
|
};
|
|
|
|
if (existingUser) {
|
|
let hasSocialAuth = common.constants.SUPPORTED_SOCIAL_NETWORKS.find(network => {
|
|
if (existingUser.auth.hasOwnProperty(network.key)) {
|
|
return existingUser.auth[network.key].id;
|
|
}
|
|
});
|
|
if (!hasSocialAuth) throw new NotAuthorized(res.t('onlySocialAttachLocal'));
|
|
existingUser.auth.local = newUser.auth.local;
|
|
newUser = existingUser;
|
|
} else {
|
|
newUser = new User(newUser);
|
|
newUser.registeredThrough = req.headers['x-client']; // Not saved, used to create the correct tasks based on the device used
|
|
}
|
|
|
|
// we check for partyInvite for backward compatibility
|
|
if (req.query.groupInvite || req.query.partyInvite) {
|
|
await _handleGroupInvitation(newUser, req.query.groupInvite || req.query.partyInvite);
|
|
}
|
|
|
|
newUser.flags.verifiedUsername = true;
|
|
|
|
let savedUser = await newUser.save();
|
|
|
|
let userToJSON;
|
|
if (isV3) {
|
|
userToJSON = await savedUser.toJSONWithInbox();
|
|
} else {
|
|
userToJSON = savedUser.toJSON();
|
|
}
|
|
|
|
if (existingUser) {
|
|
res.respond(200, userToJSON.auth.local); // We convert to toJSON to hide private fields
|
|
} else {
|
|
let userJSON = userToJSON;
|
|
userJSON.newUser = true;
|
|
res.respond(201, userJSON);
|
|
}
|
|
|
|
// Clean previous email preferences and send welcome email
|
|
EmailUnsubscription
|
|
.remove({email: savedUser.auth.local.email})
|
|
.then(() => {
|
|
if (!existingUser) sendTxnEmail(savedUser, 'welcome');
|
|
});
|
|
|
|
if (!existingUser) {
|
|
res.analytics.track('register', {
|
|
category: 'acquisition',
|
|
type: 'local',
|
|
gaLabel: 'local',
|
|
uuid: savedUser._id,
|
|
headers: req.headers,
|
|
user: savedUser,
|
|
});
|
|
}
|
|
|
|
return null;
|
|
}
|
|
|
|
module.exports = {
|
|
loginRes,
|
|
hasBackupAuth,
|
|
hasLocalAuth,
|
|
loginSocial,
|
|
registerLocal,
|
|
};
|