Prevent admin from creating users with empty username (#37)

* Prevent admin from creating users with empty username A error message shows when the admin tries to submit the form if the validation fails. The error message was translated to Czech, Deutsch, English, Spanish and French, which are the currently compatible languages in the website. * Move username validation logic to server side
2022-10-06 10:57:42 -06:00 · 2022-10-06 10:57:42 -06:00 · 6900c401de
commit 6900c401de
parent 001b81d6b5
7 changed files with 24 additions and 0 deletions
--- a/languages/cs-cz.js
+++ b/languages/cs-cz.js
@ -14,6 +14,7 @@ module.exports.strings = {
  ADMIN_SETTINGS_USERS_ADD_HEADER: 'Přidat uživatele',
  ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'Martin',
  ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Uživatelské jméno',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Uživatelské jméno nesmí být prázdné.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Není možné odstanit uživatele s právy správce.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Uživatel ${name} úspěšně odstraněn`,
  ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'uživatel nemá oprávnění správce',
--- a/languages/de-de.js
+++ b/languages/de-de.js
@ -14,6 +14,7 @@ module.exports.strings = {
  ADMIN_SETTINGS_USERS_ADD_HEADER: 'Nutzer hinzufügen',
  ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
  ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nutzername',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Der Nutzername darf nicht leer sein.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Löschen gescheitert: Nutzer ist Admin.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Nutzer ${name} wurde erfolgreich gelöscht`,
  ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Nutzer ist kein Admin',
--- a/languages/en-us.js
+++ b/languages/en-us.js
@ -14,6 +14,7 @@ module.exports.strings = {
  ADMIN_SETTINGS_USERS_ADD_HEADER: 'Add user',
  ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'john',
  ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Username',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Username cannot be empty.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Failed to remove: user is admin.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Successfully removed user ${name}`,
  ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'user is not an admin',
--- a/languages/es-es.js
+++ b/languages/es-es.js
@ -14,6 +14,7 @@ module.exports.strings = {
  ADMIN_SETTINGS_USERS_ADD_HEADER: 'Agregar usuario',
  ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'juan',
  ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nombre de usuario',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'El nombre de usuario no puede estar vacío.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'No se pudo eliminar: este usuario es administrador.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Se pudo eliminar ${name}`,
  ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'Este usuario no es administrador.',
--- a/languages/fr-fr.js
+++ b/languages/fr-fr.js
@ -14,6 +14,7 @@ module.exports.strings = {
  ADMIN_SETTINGS_USERS_ADD_HEADER: 'Ajouter un utilisateur',
  ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER: 'jean',
  ADMIN_SETTINGS_USERS_ADD_USERNAME: 'Nom d\'utilisateur',
+  ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY: 'Le nom d\'utilisateur ne peut pas être vide.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_FAIL_ADMIN: 'Échec de la suppression : l\'utilisateur est un administrateur.',
  ADMIN_SETTINGS_USERS_EDIT_DELETE_SUCCESS: name => `Utilisateur supprimé avec succès ${name}`,
  ADMIN_SETTINGS_USERS_EDIT_DEMOTE_NOT_ADMIN: 'l\'utilisateur n\'est pas un administrateur',
--- a/routes/adminSettings/index.js
+++ b/routes/adminSettings/index.js
@ -25,7 +25,25 @@ module.exports = ({ db, ensurePfp }) => {

  router.post('/add', verifyAuth(), async (req, res) => {
    if (!req.user.admin) return res.redirect('/')
+
    const username = req.body.newUserUsername.trim()
+    if (!username) {
+      return db
+          .allDocs({ include_docs: true })
+          .then((docs) => {
+            res.render("adminSettings", {
+                add_user_error: _CC.lang(
+                    "ADMIN_SETTINGS_USERS_ADD_ERROR_USERNAME_EMPTY"
+                ),
+                title: _CC.lang("ADMIN_SETTINGS_HEADER"),
+                users: docs.rows,
+            });
+          })
+          .catch((err) => {
+              throw err;
+          });
+    }
+
    await db.put({
      _id: username,
      admin: false,
--- a/views/adminSettings.pug
+++ b/views/adminSettings.pug
@ -13,6 +13,7 @@ block content
  h3= lang('ADMIN_SETTINGS_USERS_ADD_HEADER')
  form(action=`${_CC.config.base}admin-settings/add`, method='POST')
    .field
+      p.has-text-danger#error-label= add_user_error
      label.label= lang('ADMIN_SETTINGS_USERS_ADD_USERNAME')
      .control.has-icons-left
        input.input(type='text', name='newUserUsername', placeholder=lang('ADMIN_SETTINGS_USERS_ADD_PLACEHOLDER'))