forked from FoundKeyGang/FoundKey
Fix bug
This commit is contained in:
parent
48812ad2e0
commit
abfb36bcdb
4 changed files with 32 additions and 4 deletions
|
@ -8,9 +8,14 @@ const collection = db.get('users');
|
|||
export default collection as any; // fuck type definition
|
||||
|
||||
export function validateUsername(username: string): boolean {
|
||||
return /^[a-zA-Z0-9\-]{3,20}$/.test(username);
|
||||
return typeof username == 'string' && /^[a-zA-Z0-9\-]{3,20}$/.test(username);
|
||||
}
|
||||
|
||||
export function validatePassword(password: string): boolean {
|
||||
return typeof password == 'string' && password != '';
|
||||
}
|
||||
|
||||
export function isValidBirthday(birthday: string): boolean {
|
||||
return /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday);
|
||||
return typeof birthday == 'string' && /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday);
|
||||
}
|
||||
}
|
||||
|
|
|
@ -12,6 +12,16 @@ export default async (req: express.Request, res: express.Response) => {
|
|||
const username = req.body['username'];
|
||||
const password = req.body['password'];
|
||||
|
||||
if (typeof username != 'string') {
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
if (typeof password != 'string') {
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
||||
// Fetch user
|
||||
const user = await User.findOne({
|
||||
username_lower: username.toLowerCase()
|
||||
|
|
|
@ -3,7 +3,7 @@ import * as bcrypt from 'bcryptjs';
|
|||
import rndstr from 'rndstr';
|
||||
import recaptcha = require('recaptcha-promise');
|
||||
import User from '../models/user';
|
||||
import { validateUsername } from '../models/user';
|
||||
import { validateUsername, validatePassword } from '../models/user';
|
||||
import serialize from '../serializers/user';
|
||||
import config from '../../conf';
|
||||
|
||||
|
@ -34,7 +34,7 @@ export default async (req: express.Request, res: express.Response) => {
|
|||
}
|
||||
|
||||
// Validate password
|
||||
if (password == '') {
|
||||
if (!validatePassword(password)) {
|
||||
res.sendStatus(400);
|
||||
return;
|
||||
}
|
||||
|
|
13
test/api.js
13
test/api.js
|
@ -120,6 +120,19 @@ describe('API', () => {
|
|||
});
|
||||
}));
|
||||
|
||||
it('クエリをインジェクションできない', () => new Promise(async (done) => {
|
||||
const me = await insertSakurako();
|
||||
request('/signin', {
|
||||
username: me.username,
|
||||
password: {
|
||||
$gt: ''
|
||||
}
|
||||
}).then(res => {
|
||||
res.should.have.status(400);
|
||||
done();
|
||||
});
|
||||
}));
|
||||
|
||||
it('正しい情報でサインインできる', () => new Promise(async (done) => {
|
||||
const me = await insertSakurako();
|
||||
request('/signin', {
|
||||
|
|
Loading…
Reference in a new issue