aiden
/
pixelfed
mirror of https://github.com/pixelfed/pixelfed
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #5214 from pixelfed/staging

Browse Source 
Update RegisterController, update username constraints, require atlea…
pull/5259/head
daniel 8 months ago committed by GitHub
parent 9479838042 dd6e3cc290
commit a342a6a981
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 227 additions and 222 deletions
Show Stats Download Patch File Download Diff File

449
app/Http/Controllers/Auth/RegisterController.php
Unescape Escape View File

@ -3,234 +3,239 @@
namespace App\Http\Controllers\Auth; namespace App\Http\Controllers\Auth;
use App\Http\Controllers\Controller; use App\Http\Controllers\Controller;
use App\Services\BouncerService;
use App\Services\EmailService;
use App\User; use App\User;
use Purify;
use App\Util\Lexer\RestrictedNames; use App\Util\Lexer\RestrictedNames;
use Illuminate\Auth\Events\Registered;
use Illuminate\Foundation\Auth\RegistersUsers; use Illuminate\Foundation\Auth\RegistersUsers;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Hash; use Illuminate\Support\Facades\Hash;
use Illuminate\Support\Facades\Validator; use Illuminate\Support\Facades\Validator;
use Illuminate\Auth\Events\Registered; use Purify;
use Illuminate\Http\Request;
use App\Services\EmailService;
use App\Services\BouncerService;
class RegisterController extends Controller class RegisterController extends Controller
{ {
/* /*
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| Register Controller | Register Controller
|-------------------------------------------------------------------------- |--------------------------------------------------------------------------
| |
| This controller handles the registration of new users as well as their | This controller handles the registration of new users as well as their
| validation and creation. By default this controller uses a trait to | validation and creation. By default this controller uses a trait to
| provide this functionality without requiring any additional code. | provide this functionality without requiring any additional code.
| |
*/ */
use RegistersUsers; use RegistersUsers;
/** /**
* Where to redirect users after registration. * Where to redirect users after registration.
* *
* @var string * @var string
*/ */
protected $redirectTo = '/i/web'; protected $redirectTo = '/i/web';
/** /**
* Create a new controller instance. * Create a new controller instance.
* *
* @return void * @return void
*/ */
public function __construct() public function __construct()
{ {
$this->middleware('guest'); $this->middleware('guest');
} }
public function getRegisterToken() public function getRegisterToken()
{ {
return \Cache::remember('pf:register:rt', 900, function() { return \Cache::remember('pf:register:rt', 900, function () {
return str_random(40); return str_random(40);
}); });
} }
/** /**
* Get a validator for an incoming registration request. * Get a validator for an incoming registration request.
* *
* @param array $data *
* * @return \Illuminate\Contracts\Validation\Validator
* @return \Illuminate\Contracts\Validation\Validator */
*/ public function validator(array $data)
public function validator(array $data) {
{ if (config('database.default') == 'pgsql') {
if(config('database.default') == 'pgsql') { $data['username'] = strtolower($data['username']);
$data['username'] = strtolower($data['username']); $data['email'] = strtolower($data['email']);
$data['email'] = strtolower($data['email']); }
}
$usernameRules = [
$usernameRules = [ 'required',
'required', 'min:2',
'min:2', 'max:15',
'max:15', 'unique:users',
'unique:users', function ($attribute, $value, $fail) {
function ($attribute, $value, $fail) { $dash = substr_count($value, '-');
$dash = substr_count($value, '-'); $underscore = substr_count($value, '_');
$underscore = substr_count($value, '_'); $period = substr_count($value, '.');
$period = substr_count($value, '.');
if (ends_with($value, ['.php', '.js', '.css'])) {
if(ends_with($value, ['.php', '.js', '.css'])) { return $fail('Username is invalid.');
return $fail('Username is invalid.'); }
}
if (($dash + $underscore + $period) > 1) {
if(($dash + $underscore + $period) > 1) { return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).'); }
}
if (! ctype_alnum($value[0])) {
if (!ctype_alnum($value[0])) { return $fail('Username is invalid. Must start with a letter or number.');
return $fail('Username is invalid. Must start with a letter or number.'); }
}
if (! ctype_alnum($value[strlen($value) - 1])) {
if (!ctype_alnum($value[strlen($value) - 1])) { return $fail('Username is invalid. Must end with a letter or number.');
return $fail('Username is invalid. Must end with a letter or number.'); }
}
$val = str_replace(['_', '.', '-'], '', $value);
$val = str_replace(['_', '.', '-'], '', $value); if (! ctype_alnum($val)) {
if(!ctype_alnum($val)) { return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).'); }
}
if (! preg_match('/[a-zA-Z]/', $value)) {
$restricted = RestrictedNames::get(); return $fail('Username is invalid. Must contain at least one alphabetical character.');
if (in_array(strtolower($value), array_map('strtolower', $restricted))) { }
return $fail('Username cannot be used.');
} $restricted = RestrictedNames::get();
}, if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
]; return $fail('Username cannot be used.');
}
$emailRules = [ },
'required', ];
'string',
'email', $emailRules = [
'max:255', 'required',
'unique:users', 'string',
function ($attribute, $value, $fail) { 'email',
$banned = EmailService::isBanned($value); 'max:255',
if($banned) { 'unique:users',
return $fail('Email is invalid.'); function ($attribute, $value, $fail) {
} $banned = EmailService::isBanned($value);
}, if ($banned) {
]; return $fail('Email is invalid.');
}
$rt = [ },
'required', ];
function ($attribute, $value, $fail) {
if($value !== $this->getRegisterToken()) { $rt = [
return $fail('Something went wrong'); 'required',
} function ($attribute, $value, $fail) {
} if ($value !== $this->getRegisterToken()) {
]; return $fail('Something went wrong');
}
$rules = [ },
'agecheck' => 'required|accepted', ];
'rt' => $rt,
'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'), $rules = [
'username' => $usernameRules, 'agecheck' => 'required|accepted',
'email' => $emailRules, 'rt' => $rt,
'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed', 'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'),
]; 'username' => $usernameRules,
'email' => $emailRules,
if((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) { 'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed',
$rules['h-captcha-response'] = 'required|captcha'; ];
}
if ((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) {
return Validator::make($data, $rules); $rules['h-captcha-response'] = 'required|captcha';
} }
/** return Validator::make($data, $rules);
* Create a new user instance after a valid registration. }
*
* @param array $data /**
* * Create a new user instance after a valid registration.
* @return \App\User *
*/ *
public function create(array $data) * @return \App\User
{ */
if(config('database.default') == 'pgsql') { public function create(array $data)
$data['username'] = strtolower($data['username']); {
$data['email'] = strtolower($data['email']); if (config('database.default') == 'pgsql') {
} $data['username'] = strtolower($data['username']);
$data['email'] = strtolower($data['email']);
return User::create([ }
'name' => Purify::clean($data['name']),
'username' => $data['username'], return User::create([
'email' => $data['email'], 'name' => Purify::clean($data['name']),
'password' => Hash::make($data['password']), 'username' => $data['username'],
'app_register_ip' => request()->ip() 'email' => $data['email'],
]); 'password' => Hash::make($data['password']),
} 'app_register_ip' => request()->ip(),
]);
/** }
* Show the application registration form.
* /**
* @return \Illuminate\Http\Response * Show the application registration form.
*/ *
public function showRegistrationForm() * @return \Illuminate\Http\Response
{ */
if((bool) config_cache('pixelfed.open_registration')) { public function showRegistrationForm()
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { {
abort_if(BouncerService::checkIp(request()->ip()), 404); if ((bool) config_cache('pixelfed.open_registration')) {
} if (config('pixelfed.bouncer.cloud_ips.ban_signups')) {
$hasLimit = config('pixelfed.enforce_max_users'); abort_if(BouncerService::checkIp(request()->ip()), 404);
if($hasLimit) { }
$limit = config('pixelfed.max_users'); $hasLimit = config('pixelfed.enforce_max_users');
$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); if ($hasLimit) {
if($limit <= $count) { $limit = config('pixelfed.max_users');
return redirect(route('help.instance-max-users-limit')); $count = User::where(function ($q) {
} return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']);
abort_if($limit <= $count, 404); })->count();
return view('auth.register'); if ($limit <= $count) {
} else { return redirect(route('help.instance-max-users-limit'));
return view('auth.register'); }
} abort_if($limit <= $count, 404);
} else {
if((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) { return view('auth.register');
return redirect('/auth/sign_up'); } else {
} else { return view('auth.register');
abort(404); }
} } else {
} if ((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) {
} return redirect('/auth/sign_up');
} else {
/** abort(404);
* Handle a registration request for the application. }
* }
* @param \Illuminate\Http\Request $request }
* @return \Illuminate\Http\Response
*/ /**
public function register(Request $request) * Handle a registration request for the application.
{ *
abort_if(config_cache('pixelfed.open_registration') == false, 400); * @return \Illuminate\Http\Response
*/
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) { public function register(Request $request)
abort_if(BouncerService::checkIp($request->ip()), 404); {
} abort_if(config_cache('pixelfed.open_registration') == false, 400);
$hasLimit = config('pixelfed.enforce_max_users'); if (config('pixelfed.bouncer.cloud_ips.ban_signups')) {
if($hasLimit) { abort_if(BouncerService::checkIp($request->ip()), 404);
$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count(); }
$limit = config('pixelfed.max_users');
$hasLimit = config('pixelfed.enforce_max_users');
if($limit && $limit <= $count) { if ($hasLimit) {
return redirect(route('help.instance-max-users-limit')); $count = User::where(function ($q) {
} return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']);
} })->count();
$limit = config('pixelfed.max_users');
$this->validator($request->all())->validate(); if ($limit && $limit <= $count) {
return redirect(route('help.instance-max-users-limit'));
event(new Registered($user = $this->create($request->all()))); }
}
$this->guard()->login($user);
$this->validator($request->all())->validate();
return $this->registered($request, $user)
?: redirect($this->redirectPath()); event(new Registered($user = $this->create($request->all())));
}
$this->guard()->login($user);
return $this->registered($request, $user)
?: redirect($this->redirectPath());
}
} }

Write Preview
Loading…
Cancel
Save