Merge pull request #24 from CMU-313/us-7

US7: Changes on the front-end & authentication

public/language/en-GB/error.json

@@ -19,6 +19,7 @@
 	"invalid-username": "Invalid Username",
 	"invalid-email": "Invalid Email",
 	"invalid-fullname": "Invalid Fullname",
+	"fullname-required": "Full Name is Required",
 	"invalid-location": "Invalid Location",
 	"invalid-birthday": "Invalid Birthday",
 	"invalid-title": "Invalid title",

public/language/en-US/error.json

@@ -16,6 +16,7 @@
     "invalid-username": "Invalid Username",
     "invalid-email": "Invalid Email",
     "invalid-fullname": "Invalid Fullname",
+    "fullname-required": "Full Name is Required",
     "invalid-location": "Invalid Location",
     "invalid-birthday": "Invalid Birthday",
     "invalid-title": "Invalid title",

public/language/en-US/register.json

@@ -12,6 +12,8 @@
     "password": "Password",
     "password-placeholder": "Enter Password",
     "confirm-password": "Confirm Password",
+    "fullname": "Full Name",
+    "fullname-placeholder": "Enter Full Name",
     "confirm-password-placeholder": "Confirm Password",
     "register-now-button": "Register Now",
     "alternative-registration": "Alternative Registration",

public/language/en-x-pirate/error.json

@@ -13,6 +13,7 @@
     "invalid-uid": "Invalid User ID",
     "invalid-mid": "Invalid Chat Message ID",
     "invalid-date": "A valid date must be provided",
+    "fullname-required": "Full Name is Required",
     "invalid-username": "Invalid Username",
     "invalid-email": "Invalid Email",
     "invalid-fullname": "Invalid Fullname",

public/language/sc/error.json

@@ -14,6 +14,7 @@
     "invalid-mid": "Invalid Chat Message ID",
     "invalid-date": "A valid date must be provided",
     "invalid-username": "Invalid Username",
+    "fullname-required": "Full Name is Required",
     "invalid-email": "Invalid Email",
     "invalid-fullname": "Invalid Fullname",
     "invalid-location": "Invalid Location",

src/controllers/authentication.js

@@ -92,6 +92,15 @@ authenticationController.register = async function (req, res) {
 			throw new Error('[[error:username-too-long]]');
 		}
 
+		if (!userData.fullname) {
+			throw new Error('[[error:fullname-required]]');
+		}
+
+		if (userData.fullname.length > 255 || userData.fullname.trim().length === 0 ||
+		validator.isURL(userData.fullname)) {
+			throw new Error('[[error:invalid-fullname]]');
+		}
+
 		if (userData.password !== userData['password-confirm']) {
 			throw new Error('[[user:change-password-error-match]]');
 		}

src/user/profile.js

@@ -279,6 +279,9 @@ module.exports = function (User) {
 
 	async function updateFullname(uid, newFullname) {
 		const fullname = await db.getObjectField(`user:${uid}`, 'fullname');
+		if (!newFullname) {
+			throw new Error('[[error:fullname-required]]');
+		} // covers trim already
 		await updateUidMapping('fullname', uid, newFullname, fullname);
 		if (newFullname !== fullname) {
 			if (fullname) {

test/authentication.js

@@ -106,6 +106,7 @@ describe('authentication', () => {
 				'password-confirm': 'adminpwd',
 				userLang: 'it',
 				gdpr_consent: true,
+				fullname: 'adminfn',
 			},
 			headers: {
 				'x-csrf-token': csrf_token,
@@ -384,6 +385,7 @@ describe('authentication', () => {
 			username: 'anotheruser',
 			password: 'anotherpwd',
 			gdpr_consent: 1,
+			fullname: 'anotheruser',
 		});
 		meta.config.registrationApprovalType = 'normal';
 		assert.equal(response.statusCode, 200);
@@ -393,7 +395,7 @@ describe('authentication', () => {
 
 	it('should be able to login with email', async () => {
 		const email = '[email protected]';
-		const uid = await user.create({ username: 'ginger', password: '123456', email });
+		const uid = await user.create({ username: 'ginger', password: '123456', email, fullname: 'ginger' });
 		await user.setUserField(uid, 'email', email);
 		await user.email.confirmByUid(uid);
 		const { response } = await helpers.loginUser('[email protected]', '123456');

test/controllers.js

@@ -244,6 +244,7 @@ describe('Controllers', () => {
 				password: '123456',
 				'password-confirm': '123456',
 				email: '[email protected]',
+				fullname: 'interstitial',
 			},
 			jar,
 			headers: {
@@ -279,6 +280,7 @@ describe('Controllers', () => {
 				jar = (await helpers.registerUser({
 					username: utils.generateUUID().slice(0, 10),
 					password: utils.generateUUID(),
+					fullname: utils.generateUUID().slice(0, 10),
 				})).jar;
 				token = await helpers.getCsrfToken(jar);
 
@@ -497,6 +499,7 @@ describe('Controllers', () => {
 					jar = (await helpers.registerUser({
 						username,
 						password: utils.generateUUID(),
+						fullname: utils.generateUUID().slice(0, 10),
 					})).jar;
 					token = await helpers.getCsrfToken(jar);
 				});
@@ -594,6 +597,7 @@ describe('Controllers', () => {
 				jar = (await helpers.registerUser({
 					username: utils.generateUUID().slice(0, 10),
 					password: utils.generateUUID(),
+					fullname: utils.generateUUID().slice(0, 10),
 				})).jar;
 				token = await helpers.getCsrfToken(jar);
 			});
@@ -625,6 +629,7 @@ describe('Controllers', () => {
 				jar = (await helpers.registerUser({
 					username: utils.generateUUID().slice(0, 10),
 					password: utils.generateUUID(),
+					fullname: utils.generateUUID().slice(0, 10),
 				})).jar;
 				token = await helpers.getCsrfToken(jar);
 			});

test/user.js

@@ -97,7 +97,7 @@ describe('User', () => {
 		});
 
 		it('should have a valid email, if using an email', (done) => {
-			User.create({ username: userData.username, password: userData.password, email: 'fakeMail' }, (err) => {
+			User.create({ username: userData.username, fullname: userData.fullname, password: userData.password, email: 'fakeMail' }, (err) => {
 				assert(err);
 				assert.equal(err.message, '[[error:invalid-email]]');
 				done();
@@ -767,6 +767,46 @@ describe('User', () => {
 				const confirmSent = await User.email.isValidationPending(uid, '[email protected]');
 				assert.strictEqual(confirmSent, true);
 			});
+
+			// new check added
+			it('should not allow updating fullname to an empty string', async () => {
+				try {
+					await apiUser.update({ uid: uid }, { uid: uid, fullname: '' });
+					assert(false);
+				} catch (err) {
+					assert.strictEqual(err.message, '[[error:fullname-required]]');
+				}
+			});
+
+			// new check added
+			it('should not allow updating fullname to a string with only whitespace', async () => {
+				try {
+					await apiUser.update({ uid: uid }, { uid: uid, fullname: '     ' });
+					assert(false);
+				} catch (err) {
+					assert.strictEqual(err.message, '[[error:fullname-required]]');
+				}
+			});
+
+			// new check added
+			it('should not allow fullname to be greater than 255 characters', async () => {
+				try {
+					await apiUser.update({ uid: uid }, { uid: uid, fullname: 'We want you to connect this projects experience with your previous experience with collaborative development. Your previous experience may be from an academic or non-academic setting, such as internships, hackathons, or personal projects. Adding characters so that the limit passes 255 characters so this as full name does not work' });
+					assert(false);
+				} catch (err) {
+					assert.strictEqual(err.message, '[[error:invalid-fullname]]');
+				}
+			});
+
+			// new check added
+			it('should not allow updating fullname to a URL', async () => {
+				try {
+					await apiUser.update({ uid: uid }, { uid: uid, fullname: 'https://www.linkedin.com' });
+					assert(false);
+				} catch (err) {
+					assert.strictEqual(err.message, '[[error:invalid-fullname]]');
+				}
+			});
 		});
 
 		it('should change a user\'s password', async () => {
@@ -1771,6 +1811,7 @@ describe('User', () => {
 				'password-confirm': '123456',
 				email: '<script>alert("ok")<script>[email protected]',
 				gdpr_consent: true,
+				fullname: 'rejectme',
 			});
 			const { jar } = await helpers.loginUser('admin', '123456');
 			const { body: { users } } = await request.get(`${nconf.get('url')}/api/admin/manage/registration`, { jar });
@@ -1785,6 +1826,7 @@ describe('User', () => {
 				'password-confirm': '123456',
 				email: '<script>alert("ok")<script>[email protected]',
 				gdpr_consent: true,
+				fullname: 'rejuctme',
 			});
 			assert.equal(body, '[[error:username-taken]]');
 		});
@@ -1796,10 +1838,62 @@ describe('User', () => {
 				'password-confirm': '123456',
 				email: '<script>alert("ok")<script>[email protected]',
 				gdpr_consent: true,
+				fullname: 'rejustmenew',
 			});
 			assert.equal(body, '[[error:email-taken]]');
 		});
 
+		// new check added
+		it('should fail to add user to queue if fullname is not entered', async () => {
+			const { body } = await helpers.registerUser({
+				username: 'rejectmenew',
+				password: '123456',
+				'password-confirm': '123456',
+				email: '<script>alert("ok")<script>[email protected]',
+				gdpr_consent: true,
+			});
+			assert.equal(body, '[[error:fullname-required]]');
+		});
+
+		// new check added
+		it('should fail to add user to queue if fullname is blank spaces', async () => {
+			const { body } = await helpers.registerUser({
+				username: 'rejectmenew',
+				password: '123456',
+				'password-confirm': '123456',
+				email: '<script>alert("ok")<script>[email protected]',
+				gdpr_consent: true,
+				fullname: '   ',
+			});
+			assert.equal(body, '[[error:invalid-fullname]]');
+		});
+
+		// new check added
+		it('should fail to add user to queue if fullname is URL', async () => {
+			const { body } = await helpers.registerUser({
+				username: 'rejectmenew',
+				password: '123456',
+				'password-confirm': '123456',
+				email: '<script>alert("ok")<script>[email protected]',
+				gdpr_consent: true,
+				fullname: 'https://www.linkedin.com',
+			});
+			assert.equal(body, '[[error:invalid-fullname]]');
+		});
+
+		// new check added
+		it('should fail to add user to queue if the length of the fullname exceeds 255', async () => {
+			const { body } = await helpers.registerUser({
+				username: 'rejectmenew',
+				password: '123456',
+				'password-confirm': '123456',
+				email: '<script>alert("ok")<script>[email protected]',
+				gdpr_consent: true,
+				fullname: 'As with the first sprint, every member of your team must contribute to the implementation. One way we will evaluate this is that each team member must have at least one commit as a part of the solution. Failure to do so will result in a significant penalty to your grade.',
+			});
+			assert.equal(body, '[[error:invalid-fullname]]');
+		});
+
 		it('should reject user registration', async () => {
 			await socketUser.rejectRegistration({ uid: adminUid }, { username: 'rejectme' });
 			const users = await User.getRegistrationQueue(0, -1);
@@ -1813,6 +1907,7 @@ describe('User', () => {
 				'password-confirm': '123456',
 				email: '[email protected]',
 				gdpr_consent: true,
+				fullname: 'acceptme',
 			});
 
 			const uid = await socketUser.acceptRegistration({ uid: adminUid }, { username: 'acceptme' });
@@ -1829,6 +1924,7 @@ describe('User', () => {
 				'password-confirm': '123456',
 				email: '[email protected]',
 				gdpr_consent: true,
+				fullname: 'invalidname',
 			});
 
 			const users = await db.getSortedSetRange('registration:queue', 0, -1);
@@ -2102,6 +2198,7 @@ describe('User', () => {
 					email: email,
 					gdpr_consent: true,
 					token: token,
+					fullname: 'invite5',
 				});
 
 				const memberships = await groups.isMemberOfGroups(body.uid, groupsToJoin);

test/user/emails.js

@@ -148,13 +148,15 @@ describe('email confirmation (v3 api)', () => {
 			password: 'derpioansdosa',
 			email: '[email protected]',
 			gdpr_consent: true,
+			fullname: 'fake-user',
 		});
 
 		({ body: userObj, jar } = await helpers.registerUser({
 			username: 'email-test',
 			password: 'abcdef',
 			email: '[email protected]',
 			gdpr_consent: true,
+			fullname: 'email-test',
 		}));
 	});