Prevent admin from creating users with empty username (#37)
* Prevent admin from creating users with empty username A error message shows when the admin tries to submit the form if the validation fails. The error message was translated to Czech, Deutsch, English, Spanish and French, which are the currently compatible languages in the website. * Move username validation logic to server side
This commit is contained in:
Coal
GitHub
parent
001b81d6b5
commit
6900c401de
7 changed files with 24 additions and 0 deletions
|
|
@ -14,6 +14,7 @@ module.exports.strings = {
|
||||||
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Přidat uživatele',
|
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Přidat uživatele',
|
||||||
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'Martin',
|
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'Martin',
|
||||||
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Uživatelské jméno',
|
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Uživatelské jméno',
|
||||||
|
ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Uživatelské jméno nesmí být prázdné.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Není možné odstanit uživatele s právy správce.',
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Není možné odstanit uživatele s právy správce.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Uživatel ${name} úspěšně odstraněn`,
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Uživatel ${name} úspěšně odstraněn`,
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'uživatel nemá oprávnění správce',
|
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'uživatel nemá oprávnění správce',
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ module.exports.strings = {
|
||||||
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Nutzer hinzufügen',
|
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Nutzer hinzufügen',
|
||||||
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
|
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
|
||||||
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nutzername',
|
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nutzername',
|
||||||
|
ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Der Nutzername darf nicht leer sein.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Löschen gescheitert: Nutzer ist Admin.',
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Löschen gescheitert: Nutzer ist Admin.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Nutzer ${name} wurde erfolgreich gelöscht`,
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Nutzer ${name} wurde erfolgreich gelöscht`,
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Nutzer ist kein Admin',
|
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Nutzer ist kein Admin',
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ module.exports.strings = {
|
||||||
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Add user',
|
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Add user',
|
||||||
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
|
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
|
||||||
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Username',
|
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Username',
|
||||||
|
ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Username cannot be empty.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Failed to remove: user is admin.',
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Failed to remove: user is admin.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Successfully removed user ${name}`,
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Successfully removed user ${name}`,
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'user is not an admin',
|
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'user is not an admin',
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ module.exports.strings = {
|
||||||
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Agregar usuario',
|
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Agregar usuario',
|
||||||
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'juan',
|
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'juan',
|
||||||
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nombre de usuario',
|
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nombre de usuario',
|
||||||
|
ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'El nombre de usuario no puede estar vacío.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'No se pudo eliminar: este usuario es administrador.',
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'No se pudo eliminar: este usuario es administrador.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Se pudo eliminar ${name}`,
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Se pudo eliminar ${name}`,
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Este usuario no es administrador.',
|
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Este usuario no es administrador.',
|
||||||
|
|
|
||||||
|
|
@ -14,6 +14,7 @@ module.exports.strings = {
|
||||||
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Ajouter un utilisateur',
|
ADMIN_SETTINGS_USERS_ADD_HEADER: 'Ajouter un utilisateur',
|
||||||
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'jean',
|
ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'jean',
|
||||||
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nom d\'utilisateur',
|
ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nom d\'utilisateur',
|
||||||
|
ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Le nom d\'utilisateur ne peut pas être vide.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Échec de la suppression : l\'utilisateur est un administrateur.',
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Échec de la suppression : l\'utilisateur est un administrateur.',
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Utilisateur supprimé avec succès ${name}`,
|
ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Utilisateur supprimé avec succès ${name}`,
|
||||||
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'l\'utilisateur n\'est pas un administrateur',
|
ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'l\'utilisateur n\'est pas un administrateur',
|
||||||
|
|
|
||||||
|
|
@ -25,7 +25,25 @@ module.exports = ({ db, ensurePfp }) => {
|
||||||
|
|
||||||
router.post('/add', verifyAuth(), async (req, res) => {
|
router.post('/add', verifyAuth(), async (req, res) => {
|
||||||
if (!req.user.admin) return res.redirect('/')
|
if (!req.user.admin) return res.redirect('/')
|
||||||
|
|
||||||
const username = req.body.newUserUsername.trim()
|
const username = req.body.newUserUsername.trim()
|
||||||
|
if (!username) {
|
||||||
|
return db
|
||||||
|
.allDocs({ include_docs: true })
|
||||||
|
.then((docs) => {
|
||||||
|
res.render("adminSettings", {
|
||||||
|
add_user_error: _CC.lang(
|
||||||
|
"ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY"
|
||||||
|
),
|
||||||
|
title: _CC.lang("ADMIN_SETTINGS_HEADER"),
|
||||||
|
users: docs.rows,
|
||||||
|
});
|
||||||
|
})
|
||||||
|
.catch((err) => {
|
||||||
|
throw err;
|
||||||
|
});
|
||||||
|
}
|
||||||
|
|
||||||
await db.put({
|
await db.put({
|
||||||
_id: username,
|
_id: username,
|
||||||
admin: false,
|
admin: false,
|
||||||
|
|
|
||||||
|
|
@ -13,6 +13,7 @@ block content
|
||||||
h3= lang('ADMIN_SETTINGS_USERS_ADD_HEADER')
|
h3= lang('ADMIN_SETTINGS_USERS_ADD_HEADER')
|
||||||
form(action=`${_CC.config.base}admin-settings/add`, method='POST')
|
form(action=`${_CC.config.base}admin-settings/add`, method='POST')
|
||||||
.field
|
.field
|
||||||
|
p.has-text-danger#error-label= add_user_error
|
||||||
label.label= lang('ADMIN_SETTINGS_USERS_ADD_USERNAME')
|
label.label= lang('ADMIN_SETTINGS_USERS_ADD_USERNAME')
|
||||||
.control.has-icons-left
|
.control.has-icons-left
|
||||||
input.input(type='text', name='newUserUsername', placeholder=lang('ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER'))
|
input.input(type='text', name='newUserUsername', placeholder=lang('ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER'))
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue