forked from mirror/pixelfed
Update RegisterController, update username constraints, require atleast one alpha char
This commit is contained in:
parent
d3ef35fa22
commit
dd6e3cc290
|
@ -3,234 +3,239 @@
|
|||
namespace App\Http\Controllers\Auth;
|
||||
|
||||
use App\Http\Controllers\Controller;
|
||||
use App\Services\BouncerService;
|
||||
use App\Services\EmailService;
|
||||
use App\User;
|
||||
use Purify;
|
||||
use App\Util\Lexer\RestrictedNames;
|
||||
use Illuminate\Auth\Events\Registered;
|
||||
use Illuminate\Foundation\Auth\RegistersUsers;
|
||||
use Illuminate\Http\Request;
|
||||
use Illuminate\Support\Facades\Hash;
|
||||
use Illuminate\Support\Facades\Validator;
|
||||
use Illuminate\Auth\Events\Registered;
|
||||
use Illuminate\Http\Request;
|
||||
use App\Services\EmailService;
|
||||
use App\Services\BouncerService;
|
||||
use Purify;
|
||||
|
||||
class RegisterController extends Controller
|
||||
{
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Register Controller
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This controller handles the registration of new users as well as their
|
||||
| validation and creation. By default this controller uses a trait to
|
||||
| provide this functionality without requiring any additional code.
|
||||
|
|
||||
*/
|
||||
/*
|
||||
|--------------------------------------------------------------------------
|
||||
| Register Controller
|
||||
|--------------------------------------------------------------------------
|
||||
|
|
||||
| This controller handles the registration of new users as well as their
|
||||
| validation and creation. By default this controller uses a trait to
|
||||
| provide this functionality without requiring any additional code.
|
||||
|
|
||||
*/
|
||||
|
||||
use RegistersUsers;
|
||||
use RegistersUsers;
|
||||
|
||||
/**
|
||||
* Where to redirect users after registration.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $redirectTo = '/i/web';
|
||||
/**
|
||||
* Where to redirect users after registration.
|
||||
*
|
||||
* @var string
|
||||
*/
|
||||
protected $redirectTo = '/i/web';
|
||||
|
||||
/**
|
||||
* Create a new controller instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('guest');
|
||||
}
|
||||
/**
|
||||
* Create a new controller instance.
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
$this->middleware('guest');
|
||||
}
|
||||
|
||||
public function getRegisterToken()
|
||||
{
|
||||
return \Cache::remember('pf:register:rt', 900, function() {
|
||||
return str_random(40);
|
||||
});
|
||||
}
|
||||
public function getRegisterToken()
|
||||
{
|
||||
return \Cache::remember('pf:register:rt', 900, function () {
|
||||
return str_random(40);
|
||||
});
|
||||
}
|
||||
|
||||
/**
|
||||
* Get a validator for an incoming registration request.
|
||||
*
|
||||
* @param array $data
|
||||
*
|
||||
* @return \Illuminate\Contracts\Validation\Validator
|
||||
*/
|
||||
public function validator(array $data)
|
||||
{
|
||||
if(config('database.default') == 'pgsql') {
|
||||
$data['username'] = strtolower($data['username']);
|
||||
$data['email'] = strtolower($data['email']);
|
||||
}
|
||||
/**
|
||||
* Get a validator for an incoming registration request.
|
||||
*
|
||||
*
|
||||
* @return \Illuminate\Contracts\Validation\Validator
|
||||
*/
|
||||
public function validator(array $data)
|
||||
{
|
||||
if (config('database.default') == 'pgsql') {
|
||||
$data['username'] = strtolower($data['username']);
|
||||
$data['email'] = strtolower($data['email']);
|
||||
}
|
||||
|
||||
$usernameRules = [
|
||||
'required',
|
||||
'min:2',
|
||||
'max:15',
|
||||
'unique:users',
|
||||
function ($attribute, $value, $fail) {
|
||||
$dash = substr_count($value, '-');
|
||||
$underscore = substr_count($value, '_');
|
||||
$period = substr_count($value, '.');
|
||||
$usernameRules = [
|
||||
'required',
|
||||
'min:2',
|
||||
'max:15',
|
||||
'unique:users',
|
||||
function ($attribute, $value, $fail) {
|
||||
$dash = substr_count($value, '-');
|
||||
$underscore = substr_count($value, '_');
|
||||
$period = substr_count($value, '.');
|
||||
|
||||
if(ends_with($value, ['.php', '.js', '.css'])) {
|
||||
return $fail('Username is invalid.');
|
||||
}
|
||||
if (ends_with($value, ['.php', '.js', '.css'])) {
|
||||
return $fail('Username is invalid.');
|
||||
}
|
||||
|
||||
if(($dash + $underscore + $period) > 1) {
|
||||
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
|
||||
}
|
||||
if (($dash + $underscore + $period) > 1) {
|
||||
return $fail('Username is invalid. Can only contain one dash (-), period (.) or underscore (_).');
|
||||
}
|
||||
|
||||
if (!ctype_alnum($value[0])) {
|
||||
return $fail('Username is invalid. Must start with a letter or number.');
|
||||
}
|
||||
if (! ctype_alnum($value[0])) {
|
||||
return $fail('Username is invalid. Must start with a letter or number.');
|
||||
}
|
||||
|
||||
if (!ctype_alnum($value[strlen($value) - 1])) {
|
||||
return $fail('Username is invalid. Must end with a letter or number.');
|
||||
}
|
||||
if (! ctype_alnum($value[strlen($value) - 1])) {
|
||||
return $fail('Username is invalid. Must end with a letter or number.');
|
||||
}
|
||||
|
||||
$val = str_replace(['_', '.', '-'], '', $value);
|
||||
if(!ctype_alnum($val)) {
|
||||
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
|
||||
}
|
||||
$val = str_replace(['_', '.', '-'], '', $value);
|
||||
if (! ctype_alnum($val)) {
|
||||
return $fail('Username is invalid. Username must be alpha-numeric and may contain dashes (-), periods (.) and underscores (_).');
|
||||
}
|
||||
|
||||
$restricted = RestrictedNames::get();
|
||||
if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
|
||||
return $fail('Username cannot be used.');
|
||||
}
|
||||
},
|
||||
];
|
||||
if (! preg_match('/[a-zA-Z]/', $value)) {
|
||||
return $fail('Username is invalid. Must contain at least one alphabetical character.');
|
||||
}
|
||||
|
||||
$emailRules = [
|
||||
'required',
|
||||
'string',
|
||||
'email',
|
||||
'max:255',
|
||||
'unique:users',
|
||||
function ($attribute, $value, $fail) {
|
||||
$banned = EmailService::isBanned($value);
|
||||
if($banned) {
|
||||
return $fail('Email is invalid.');
|
||||
}
|
||||
},
|
||||
];
|
||||
$restricted = RestrictedNames::get();
|
||||
if (in_array(strtolower($value), array_map('strtolower', $restricted))) {
|
||||
return $fail('Username cannot be used.');
|
||||
}
|
||||
},
|
||||
];
|
||||
|
||||
$rt = [
|
||||
'required',
|
||||
function ($attribute, $value, $fail) {
|
||||
if($value !== $this->getRegisterToken()) {
|
||||
return $fail('Something went wrong');
|
||||
}
|
||||
}
|
||||
];
|
||||
$emailRules = [
|
||||
'required',
|
||||
'string',
|
||||
'email',
|
||||
'max:255',
|
||||
'unique:users',
|
||||
function ($attribute, $value, $fail) {
|
||||
$banned = EmailService::isBanned($value);
|
||||
if ($banned) {
|
||||
return $fail('Email is invalid.');
|
||||
}
|
||||
},
|
||||
];
|
||||
|
||||
$rules = [
|
||||
'agecheck' => 'required|accepted',
|
||||
'rt' => $rt,
|
||||
'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'),
|
||||
'username' => $usernameRules,
|
||||
'email' => $emailRules,
|
||||
'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed',
|
||||
];
|
||||
$rt = [
|
||||
'required',
|
||||
function ($attribute, $value, $fail) {
|
||||
if ($value !== $this->getRegisterToken()) {
|
||||
return $fail('Something went wrong');
|
||||
}
|
||||
},
|
||||
];
|
||||
|
||||
if((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) {
|
||||
$rules['h-captcha-response'] = 'required|captcha';
|
||||
}
|
||||
$rules = [
|
||||
'agecheck' => 'required|accepted',
|
||||
'rt' => $rt,
|
||||
'name' => 'nullable|string|max:'.config('pixelfed.max_name_length'),
|
||||
'username' => $usernameRules,
|
||||
'email' => $emailRules,
|
||||
'password' => 'required|string|min:'.config('pixelfed.min_password_length').'|confirmed',
|
||||
];
|
||||
|
||||
return Validator::make($data, $rules);
|
||||
}
|
||||
if ((bool) config_cache('captcha.enabled') && (bool) config_cache('captcha.active.register')) {
|
||||
$rules['h-captcha-response'] = 'required|captcha';
|
||||
}
|
||||
|
||||
/**
|
||||
* Create a new user instance after a valid registration.
|
||||
*
|
||||
* @param array $data
|
||||
*
|
||||
* @return \App\User
|
||||
*/
|
||||
public function create(array $data)
|
||||
{
|
||||
if(config('database.default') == 'pgsql') {
|
||||
$data['username'] = strtolower($data['username']);
|
||||
$data['email'] = strtolower($data['email']);
|
||||
}
|
||||
return Validator::make($data, $rules);
|
||||
}
|
||||
|
||||
return User::create([
|
||||
'name' => Purify::clean($data['name']),
|
||||
'username' => $data['username'],
|
||||
'email' => $data['email'],
|
||||
'password' => Hash::make($data['password']),
|
||||
'app_register_ip' => request()->ip()
|
||||
]);
|
||||
}
|
||||
/**
|
||||
* Create a new user instance after a valid registration.
|
||||
*
|
||||
*
|
||||
* @return \App\User
|
||||
*/
|
||||
public function create(array $data)
|
||||
{
|
||||
if (config('database.default') == 'pgsql') {
|
||||
$data['username'] = strtolower($data['username']);
|
||||
$data['email'] = strtolower($data['email']);
|
||||
}
|
||||
|
||||
/**
|
||||
* Show the application registration form.
|
||||
*
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function showRegistrationForm()
|
||||
{
|
||||
if((bool) config_cache('pixelfed.open_registration')) {
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp(request()->ip()), 404);
|
||||
}
|
||||
$hasLimit = config('pixelfed.enforce_max_users');
|
||||
if($hasLimit) {
|
||||
$limit = config('pixelfed.max_users');
|
||||
$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();
|
||||
if($limit <= $count) {
|
||||
return redirect(route('help.instance-max-users-limit'));
|
||||
}
|
||||
abort_if($limit <= $count, 404);
|
||||
return view('auth.register');
|
||||
} else {
|
||||
return view('auth.register');
|
||||
}
|
||||
} else {
|
||||
if((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) {
|
||||
return redirect('/auth/sign_up');
|
||||
} else {
|
||||
abort(404);
|
||||
}
|
||||
}
|
||||
}
|
||||
return User::create([
|
||||
'name' => Purify::clean($data['name']),
|
||||
'username' => $data['username'],
|
||||
'email' => $data['email'],
|
||||
'password' => Hash::make($data['password']),
|
||||
'app_register_ip' => request()->ip(),
|
||||
]);
|
||||
}
|
||||
|
||||
/**
|
||||
* Handle a registration request for the application.
|
||||
*
|
||||
* @param \Illuminate\Http\Request $request
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function register(Request $request)
|
||||
{
|
||||
abort_if(config_cache('pixelfed.open_registration') == false, 400);
|
||||
/**
|
||||
* Show the application registration form.
|
||||
*
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function showRegistrationForm()
|
||||
{
|
||||
if ((bool) config_cache('pixelfed.open_registration')) {
|
||||
if (config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp(request()->ip()), 404);
|
||||
}
|
||||
$hasLimit = config('pixelfed.enforce_max_users');
|
||||
if ($hasLimit) {
|
||||
$limit = config('pixelfed.max_users');
|
||||
$count = User::where(function ($q) {
|
||||
return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']);
|
||||
})->count();
|
||||
if ($limit <= $count) {
|
||||
return redirect(route('help.instance-max-users-limit'));
|
||||
}
|
||||
abort_if($limit <= $count, 404);
|
||||
|
||||
if(config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
return view('auth.register');
|
||||
} else {
|
||||
return view('auth.register');
|
||||
}
|
||||
} else {
|
||||
if ((bool) config_cache('instance.curated_registration.enabled') && config('instance.curated_registration.state.fallback_on_closed_reg')) {
|
||||
return redirect('/auth/sign_up');
|
||||
} else {
|
||||
abort(404);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$hasLimit = config('pixelfed.enforce_max_users');
|
||||
if($hasLimit) {
|
||||
$count = User::where(function($q){ return $q->whereNull('status')->orWhereNotIn('status', ['deleted','delete']); })->count();
|
||||
$limit = config('pixelfed.max_users');
|
||||
/**
|
||||
* Handle a registration request for the application.
|
||||
*
|
||||
* @return \Illuminate\Http\Response
|
||||
*/
|
||||
public function register(Request $request)
|
||||
{
|
||||
abort_if(config_cache('pixelfed.open_registration') == false, 400);
|
||||
|
||||
if($limit && $limit <= $count) {
|
||||
return redirect(route('help.instance-max-users-limit'));
|
||||
}
|
||||
}
|
||||
if (config('pixelfed.bouncer.cloud_ips.ban_signups')) {
|
||||
abort_if(BouncerService::checkIp($request->ip()), 404);
|
||||
}
|
||||
|
||||
$hasLimit = config('pixelfed.enforce_max_users');
|
||||
if ($hasLimit) {
|
||||
$count = User::where(function ($q) {
|
||||
return $q->whereNull('status')->orWhereNotIn('status', ['deleted', 'delete']);
|
||||
})->count();
|
||||
$limit = config('pixelfed.max_users');
|
||||
|
||||
$this->validator($request->all())->validate();
|
||||
if ($limit && $limit <= $count) {
|
||||
return redirect(route('help.instance-max-users-limit'));
|
||||
}
|
||||
}
|
||||
|
||||
event(new Registered($user = $this->create($request->all())));
|
||||
$this->validator($request->all())->validate();
|
||||
|
||||
$this->guard()->login($user);
|
||||
event(new Registered($user = $this->create($request->all())));
|
||||
|
||||
return $this->registered($request, $user)
|
||||
?: redirect($this->redirectPath());
|
||||
}
|
||||
$this->guard()->login($user);
|
||||
|
||||
return $this->registered($request, $user)
|
||||
?: redirect($this->redirectPath());
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue