From 6900c401de751b1e6168aab50a204f24ec61663a Mon Sep 17 00:00:00 2001
From: Coal <dibashtori@gmail.com>
Date: Thu, 6 Oct 2022 10:57:42 -0600
Subject: [PATCH] Prevent admin from creating users with empty username (#37)

* Prevent admin from creating users with empty username

A error message shows when the admin tries to submit the form if the validation fails.

The error message was translated to Czech, Deutsch, English, Spanish and French, which are the currently compatible languages in the website.

* Move username validation logic to server side
---
 languages/cs-cz.js            |  1 +
 languages/de-de.js            |  1 +
 languages/en-us.js            |  1 +
 languages/es-es.js            |  1 +
 languages/fr-fr.js            |  1 +
 routes/adminSettings/index.js | 18 ++++++++++++++++++
 views/adminSettings.pug       |  1 +
 7 files changed, 24 insertions(+)

diff --git a/languages/cs-cz.js b/languages/cs-cz.js
index 6da423a..1b4abd7 100644
--- a/languages/cs-cz.js
+++ b/languages/cs-cz.js
@@ -14,6 +14,7 @@ module.exports.strings = {
   ADMIN_SETTINGS_USERS_ADD_HEADER: 'Přidat uživatele',
   ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'Martin',
   ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Uživatelské jméno',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Uživatelské jméno nesmí být prázdné.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Není možné odstanit uživatele s právy správce.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Uživatel ${name} úspěšně odstraněn`,
   ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'uživatel nemá oprávnění správce',
diff --git a/languages/de-de.js b/languages/de-de.js
index a43629e..6eb0972 100644
--- a/languages/de-de.js
+++ b/languages/de-de.js
@@ -14,6 +14,7 @@ module.exports.strings = {
   ADMIN_SETTINGS_USERS_ADD_HEADER: 'Nutzer hinzufügen',
   ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
   ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nutzername',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Der Nutzername darf nicht leer sein.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Löschen gescheitert: Nutzer ist Admin.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Nutzer ${name} wurde erfolgreich gelöscht`,
   ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Nutzer ist kein Admin',
diff --git a/languages/en-us.js b/languages/en-us.js
index f794410..12ac3f6 100644
--- a/languages/en-us.js
+++ b/languages/en-us.js
@@ -14,6 +14,7 @@ module.exports.strings = {
   ADMIN_SETTINGS_USERS_ADD_HEADER: 'Add user',
   ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
   ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Username',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Username cannot be empty.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Failed to remove: user is admin.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Successfully removed user ${name}`,
   ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'user is not an admin',
diff --git a/languages/es-es.js b/languages/es-es.js
index afba85e..37f56d5 100644
--- a/languages/es-es.js
+++ b/languages/es-es.js
@@ -14,6 +14,7 @@ module.exports.strings = {
   ADMIN_SETTINGS_USERS_ADD_HEADER: 'Agregar usuario',
   ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'juan',
   ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nombre de usuario',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'El nombre de usuario no puede estar vacío.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'No se pudo eliminar: este usuario es administrador.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Se pudo eliminar ${name}`,
   ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Este usuario no es administrador.',
diff --git a/languages/fr-fr.js b/languages/fr-fr.js
index 84ad5b3..270f8ea 100644
--- a/languages/fr-fr.js
+++ b/languages/fr-fr.js
@@ -14,6 +14,7 @@ module.exports.strings = {
   ADMIN_SETTINGS_USERS_ADD_HEADER: 'Ajouter un utilisateur',
   ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'jean',
   ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nom d\'utilisateur',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Le nom d\'utilisateur ne peut pas être vide.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Échec de la suppression : l\'utilisateur est un administrateur.',
   ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Utilisateur supprimé avec succès ${name}`,
   ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'l\'utilisateur n\'est pas un administrateur',
diff --git a/routes/adminSettings/index.js b/routes/adminSettings/index.js
index 73a1199..87d6cbc 100644
--- a/routes/adminSettings/index.js
+++ b/routes/adminSettings/index.js
@@ -25,7 +25,25 @@ module.exports = ({ db, ensurePfp }) => {
 
   router.post('/add', verifyAuth(), async (req, res) => {
     if (!req.user.admin) return res.redirect('/')
+
     const username = req.body.newUserUsername.trim()
+    if (!username) {
+      return db
+          .allDocs({ include_docs: true })
+          .then((docs) => {
+            res.render("adminSettings", {
+                add_user_error: _CC.lang(
+                    "ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY"
+                ),
+                title: _CC.lang("ADMIN_SETTINGS_HEADER"),
+                users: docs.rows,
+            });
+          })
+          .catch((err) => {
+              throw err;
+          });
+    }
+
     await db.put({
       _id: username,
       admin: false,
diff --git a/views/adminSettings.pug b/views/adminSettings.pug
index d8a9683..7d42f8e 100644
--- a/views/adminSettings.pug
+++ b/views/adminSettings.pug
@@ -13,6 +13,7 @@ block content
   h3= lang('ADMIN_SETTINGS_USERS_ADD_HEADER')
   form(action=`${_CC.config.base}admin-settings/add`, method='POST')
     .field
+      p.has-text-danger#error-label= add_user_error
       label.label= lang('ADMIN_SETTINGS_USERS_ADD_USERNAME')
       .control.has-icons-left
         input.input(type='text', name='newUserUsername', placeholder=lang('ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER'))