Skip to content

Commit

Permalink
Add maintenance configuration options to deal with situations better
Browse files Browse the repository at this point in the history
  • Loading branch information
@nullpixel
nullpixel committed Nov 27, 2017
1 parent 98c7449 commit c80d8b1
Show file tree
Hide file tree
Showing 4 changed files with 80 additions and 45 deletions.
5 changes: 5 additions & 0 deletions config/config.example.js
View file
Expand Up @@ -14,6 +14,11 @@ module.exports = {
//"raven": "",
//"publicRaven": "",
// "bugsnag": "",
'maintenance': {
'allowSignups': true,
'allowLogins': true,
'notice': undefined
},
"cachet": {
// Setup reporting error count as a metric to Cachet
"apiKey": "",
Expand Down
14 changes: 14 additions & 0 deletions controllers/AuthController.js
View file
Expand Up @@ -7,11 +7,18 @@ const absoluteURLRegex = new RegExp('^(?:[a-z]+:)?(//)?', 'i');
const User = require('../models/user');

exports.postSignIn = (req, res, next) => {
const config = req.place.config;
require("../util/passport")(passport, req.place);
if (req.user) return res.redirect("/");
if (!req.body.username || !req.body.password) return res.status(400).json({success: false, error: {message: "A username and password are required."}});
passport.authenticate("local", function(err, user, info) {
if (!user) return res.status(403).json({success: false, error: info.error || {message: "A username and password are required."}});
if (!user.admin && config.maintenance && !config.maintenance.allowSignins) return res.status(403).json({

This comment has been minimized.

Sign in to view

Copy link
@EricRabil

EricRabil Nov 28, 2017

Contributor

@nullpixel you dumbass its config.maintenance.allowLogins you broke place im banning you

This comment has been minimized.

Sign in to view

Copy link
@nullpixel

nullpixel Nov 29, 2017

Author Contributor

Fuck!
success: false,
error: {
message: 'Logins disabled. Please do not call this endpoint any futher.'
}
});
if (user.twoFactorAuthEnabled()) {
if(!req.body.totpToken) return res.status(403).json({success: false, error: {code: "totp_needed", message: "Two-factor authentication is enabled for this account. Please specify your two-factor authentication token."}});
if(!speakeasy.totp.verify({ secret: user.totpSecret, encoding: 'base32', token: req.body.totpToken, window: 6 })) return res.status(403).json({success: false, error: {code: "invalid_totp", message: "We couldn't sign you in with that two-factor authentication token. Make sure you're entering the right code and it is updated."}});
Expand All @@ -25,6 +32,13 @@ exports.postSignIn = (req, res, next) => {
};

exports.postSignUp = (req, res, next) => {
const config = req.place.config;
if (config.maintenance && !config.maintenance.allowSignups) return res.status(403).json({
success: false,
error: {
message: 'Signups disabled. Please do not call this endpoint any futher.'
}
});
function sendError(error) {
res.json({success: false, error: error || {message: "An unknown error occurred", code: "unknown_error"}});
}
Expand Down
4 changes: 4 additions & 0 deletions views/public/account.pug
View file
Expand Up @@ -39,6 +39,10 @@ block content
div
span.value= profileUserInfo.statistics.placesThisWeek.toLocaleString()
span.name pixel#{profileUserInfo.statistics.placesThisWeek == 1 ? "" : "s"} this week
if isSelf && config.maintenance.notice
div.alert.alert-danger
h4 Important infomation regarding your #{config.siteName} account:
p !{config.maintenance.notice}
if hasNewPassword
.alert.alert-success #[strong Success!] Your password has been changed successfully!
hr
Expand Down
102 changes: 57 additions & 45 deletions views/public/views/auth-dialog.pug
View file
Expand Up @@ -8,59 +8,71 @@
span.site #{config.siteName}
h1 Become a member
p.subhead Join the #{config.siteName} community today to start placing.
form.form-signin(action="/signup")
label.sr-only(for="inputUsername") Username
input.form-control#inputUsername(type="text", placeholder="Username", name="username", required, autofocus, autocorrect="off", autocapitalize="off", spellcheck="false")
label.sr-only(for="inputPassword") Password
input.form-control.form-merge-top#inputPassword(type="password", placeholder="Password", name="password", required)
label.sr-only(for="inputPassword2") Password (again)
input.form-control.form-merge-bottom#inputPassword2(type="password", placeholder="Password (again)", name="passwordverify", required)
if captcha
.
!{renderCaptcha()}
if hasTOS || hasCommunityGuidelines
if config.maintenance.allowSignups || !config.maintenance
form.form-signin(action="/signup")
label.sr-only(for="inputUsername") Username
input.form-control#inputUsername(type="text", placeholder="Username", name="username", required, autofocus, autocorrect="off", autocapitalize="off", spellcheck="false")
label.sr-only(for="inputPassword") Password
input.form-control.form-merge-top#inputPassword(type="password", placeholder="Password", name="password", required)
label.sr-only(for="inputPassword2") Password (again)
input.form-control.form-merge-bottom#inputPassword2(type="password", placeholder="Password (again)", name="passwordverify", required)
if captcha
.
!{renderCaptcha()}
if hasTOS || hasCommunityGuidelines
.checkbox
label
input(type="checkbox", name="agreeToGuidelines")
span
| I agree to abide by the
if hasTOS
a(href="/tos") Terms of Service
if hasTOS && hasCommunityGuidelines
| and
if hasCommunityGuidelines
a(href="/guidelines") Community Guidelines
| .
.checkbox
label
input(type="checkbox", name="agreeToGuidelines")
span
| I agree to abide by the
if hasTOS
a(href="/tos") Terms of Service
if hasTOS && hasCommunityGuidelines
| and
if hasCommunityGuidelines
a(href="/guidelines") Community Guidelines
| .
.checkbox
label
input(type="checkbox", name="keepSignedIn", checked)
span Keep me signed in
.send-section
button.btn.btn-popping(type="submit") Sign Up
include social-buttons
if config.signUpBanner
br
div.alert.alert-success !{config.signUpBanner}
input(type="checkbox", name="keepSignedIn", checked)
span Keep me signed in
.send-section
button.btn.btn-popping(type="submit") Sign Up
include social-buttons
else
br
div.alert.alert-danger
h4 Signups for #{config.siteName} are currently disabled.
if config.maintenance.notice
p !{config.maintenance.notice}

div(tab-name="sign-in")
.heading
span.site #{config.siteName}
h1 Welcome back
p.subhead Sign in to your account to continue placing and save your stats.
form.form-signin(action="/signin")
label.sr-only(for="inputUsername") Username
input.form-control#inputUsername(type="text", placeholder="Username", name="username", required, autofocus, autocorrect="off", autocapitalizae="off", spellcheck="false")
label.sr-only(for="inputPassword") Password
input.form-control#inputPassword(type="password", placeholder="Password", name="password", required)
.checkbox
label
input#inputKeepSignIn(type="checkbox", name="keepSignedIn", checked)
span Keep me signed in
.send-section
button.btn.btn-popping(type="submit") Sign in
include social-buttons
if config.signInBanner
if config.maintenance.allowLogins || !config.maintenance
form.form-signin(action="/signin")
label.sr-only(for="inputUsername") Username
input.form-control#inputUsername(type="text", placeholder="Username", name="username", required, autofocus, autocorrect="off", autocapitalizae="off", spellcheck="false")
label.sr-only(for="inputPassword") Password
input.form-control#inputPassword(type="password", placeholder="Password", name="password", required)
.checkbox
label
input#inputKeepSignIn(type="checkbox", name="keepSignedIn", checked)
span Keep me signed in
.send-section
button.btn.btn-popping(type="submit") Sign in
include social-buttons
if config.signInBanner
br
div.alert.alert-success !{config.signInBanner}
else
br
div.alert.alert-success !{config.signInBanner}
div.alert.alert-danger
h4 Signins to #{config.siteName} are currently disabled.
if config.maintenance.notice
p !{config.maintenance.notice}
div.hides-switchers(tab-name="2fa-auth")
.heading
span.site #{config.siteName}
Expand Down

0 comments on commit c80d8b1

Please sign in to comment.