Fix bug
This commit is contained in:
parent
48812ad2e0
commit
abfb36bcdb
|
@ -8,9 +8,14 @@ const collection = db.get('users');
|
||||||
export default collection as any; // fuck type definition
|
export default collection as any; // fuck type definition
|
||||||
|
|
||||||
export function validateUsername(username: string): boolean {
|
export function validateUsername(username: string): boolean {
|
||||||
return /^[a-zA-Z0-9\-]{3,20}$/.test(username);
|
return typeof username == 'string' && /^[a-zA-Z0-9\-]{3,20}$/.test(username);
|
||||||
|
}
|
||||||
|
|
||||||
|
export function validatePassword(password: string): boolean {
|
||||||
|
return typeof password == 'string' && password != '';
|
||||||
}
|
}
|
||||||
|
|
||||||
export function isValidBirthday(birthday: string): boolean {
|
export function isValidBirthday(birthday: string): boolean {
|
||||||
return /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday);
|
return typeof birthday == 'string' && /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,6 +12,16 @@ export default async (req: express.Request, res: express.Response) => {
|
||||||
const username = req.body['username'];
|
const username = req.body['username'];
|
||||||
const password = req.body['password'];
|
const password = req.body['password'];
|
||||||
|
|
||||||
|
if (typeof username != 'string') {
|
||||||
|
res.sendStatus(400);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (typeof password != 'string') {
|
||||||
|
res.sendStatus(400);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Fetch user
|
// Fetch user
|
||||||
const user = await User.findOne({
|
const user = await User.findOne({
|
||||||
username_lower: username.toLowerCase()
|
username_lower: username.toLowerCase()
|
||||||
|
|
|
@ -3,7 +3,7 @@ import * as bcrypt from 'bcryptjs';
|
||||||
import rndstr from 'rndstr';
|
import rndstr from 'rndstr';
|
||||||
import recaptcha = require('recaptcha-promise');
|
import recaptcha = require('recaptcha-promise');
|
||||||
import User from '../models/user';
|
import User from '../models/user';
|
||||||
import { validateUsername } from '../models/user';
|
import { validateUsername, validatePassword } from '../models/user';
|
||||||
import serialize from '../serializers/user';
|
import serialize from '../serializers/user';
|
||||||
import config from '../../conf';
|
import config from '../../conf';
|
||||||
|
|
||||||
|
@ -34,7 +34,7 @@ export default async (req: express.Request, res: express.Response) => {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate password
|
// Validate password
|
||||||
if (password == '') {
|
if (!validatePassword(password)) {
|
||||||
res.sendStatus(400);
|
res.sendStatus(400);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
13
test/api.js
13
test/api.js
|
@ -120,6 +120,19 @@ describe('API', () => {
|
||||||
});
|
});
|
||||||
}));
|
}));
|
||||||
|
|
||||||
|
it('クエリをインジェクションできない', () => new Promise(async (done) => {
|
||||||
|
const me = await insertSakurako();
|
||||||
|
request('/signin', {
|
||||||
|
username: me.username,
|
||||||
|
password: {
|
||||||
|
$gt: ''
|
||||||
|
}
|
||||||
|
}).then(res => {
|
||||||
|
res.should.have.status(400);
|
||||||
|
done();
|
||||||
|
});
|
||||||
|
}));
|
||||||
|
|
||||||
it('正しい情報でサインインできる', () => new Promise(async (done) => {
|
it('正しい情報でサインインできる', () => new Promise(async (done) => {
|
||||||
const me = await insertSakurako();
|
const me = await insertSakurako();
|
||||||
request('/signin', {
|
request('/signin', {
|
||||||
|
|
Loading…
Reference in New Issue