From c7166395a41d63d584c0ca5e1deda99185624888 Mon Sep 17 00:00:00 2001 From: Akhil Date: Fri, 1 Dec 2023 19:49:36 +0530 Subject: [PATCH 1/9] Check if username is taken at common db --- lib/Controller/AccountController.php | 21 ++++++++++++++++++-- lib/Service/CurlService.php | 13 +++++++++++++ lib/Service/UserService.php | 29 ++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+), 2 deletions(-) diff --git a/lib/Controller/AccountController.php b/lib/Controller/AccountController.php index 505831be..9a37fcc9 100644 --- a/lib/Controller/AccountController.php +++ b/lib/Controller/AccountController.php @@ -30,6 +30,8 @@ class AccountController extends Controller { private $session; private $userSession; private $urlGenerator; + private const SESSION_USERNAME_CHECK = 'username_check_passed'; + public function __construct( $AppName, IRequest $request, @@ -92,6 +94,12 @@ class AccountController extends Controller { return $response; } + if (!$this->session->get(self::SESSION_USERNAME_CHECK)) { + $response->setData(['message' => 'Username is already taken.', 'success' => false]); + $response->setStatus(400); + return $response; + } + $inputData = [ 'username' => ['value' => $username, 'maxLength' => 30], 'displayname' => ['value' => $displayname, 'maxLength' => 30], @@ -132,6 +140,8 @@ class AccountController extends Controller { $response->setData(['message' => $e->getMessage(), 'success' => false]); $response->setStatus(500); } + + $this->session->remove(self::SESSION_USERNAME_CHECK); return $response; } /** @@ -168,9 +178,16 @@ class AccountController extends Controller { public function checkUsernameAvailable(string $username) : DataResponse { $response = new DataResponse(); $response->setStatus(400); - if (!$this->userService->userExists($username)) { + + if (empty($username)) { + return $response; + } + + if (!$this->userService->userExists($username) && !$this->userService->isUsernameTaken($username)) { $response->setStatus(200); } + + $this->session->set('username_check_passed', true); return $response; } @@ -200,7 +217,7 @@ class AccountController extends Controller { public function verifyCaptcha(string $captchaInput = '') : DataResponse { $response = new DataResponse(); - $captchaResult = (string)$this->session->get('captcha_result', ''); + $captchaResult = (string) $this->session->get('captcha_result', ''); $response->setStatus(400); if ($captchaResult === $captchaInput) { $this->session->remove('captcha_result'); diff --git a/lib/Service/CurlService.php b/lib/Service/CurlService.php index d7a477fc..6e795e58 100644 --- a/lib/Service/CurlService.php +++ b/lib/Service/CurlService.php @@ -14,6 +14,8 @@ namespace OCA\EcloudAccounts\Service; use Exception; class CurlService { + + private int $lastStatusCode = 0; /** * GET alias for request method * @@ -44,6 +46,14 @@ class CurlService { return $this->request('DELETE', $url, $params, $headers, $userOptions); } + /** + * @return int + */ + + public function getLastStatusCode() : int { + return $this->getLastStatusCode; + } + /** * Curl run request @@ -90,6 +100,9 @@ class CurlService { $response = curl_exec($ch); + $this->lastStatusCode = (int) curl_getinfo($ch, CURLINFO_HTTP_CODE); + + if ($errno = curl_errno($ch)) { var_dump($errno); $errorMessage = curl_strerror($errno); diff --git a/lib/Service/UserService.php b/lib/Service/UserService.php index 56e156fe..9b939b2f 100644 --- a/lib/Service/UserService.php +++ b/lib/Service/UserService.php @@ -389,4 +389,33 @@ class UserService { $quota = strval($quota) . ' MB'; $user->setQuota($quota); } + + public function isUsernameTaken(string $username) : bool { + $commonApiUrl = $this->apiConfig['commonApiUrl']; + $commonApiVersion = $this->apiConfig['commonApiVersion']; + + if (!isset($commonApiUrl) || empty($commonApiUrl)) { + return false; + } + $endpoint = $commonApiVersion . '/users/'; + $url = $commonApiUrl . $endpoint . $username; + + $token = $this->apiConfig['commonServiceToken']; + $headers = [ + "Authorization: Bearer $token" + ]; + + $this->curl->get($url, [], $headers); + + $statusCode = $this->curl->getLastStatusCode(); + if ($statusCode === 404) { + return false; + } + + if ($statusCode === 200) { + return true; + } + + throw new Exception("Error checking if username is taken at common source, status code: " . (string) $statusCode); + } } -- GitLab From 8616425723da88d19f78bb1343c5e5331f56630a Mon Sep 17 00:00:00 2001 From: Akhil Date: Fri, 1 Dec 2023 19:54:20 +0530 Subject: [PATCH 2/9] Add POST call to add username to common data store --- lib/Controller/AccountController.php | 1 + lib/Service/UserService.php | 32 ++++++++++++++++++++++++++++ 2 files changed, 33 insertions(+) diff --git a/lib/Controller/AccountController.php b/lib/Controller/AccountController.php index 9a37fcc9..5412d751 100644 --- a/lib/Controller/AccountController.php +++ b/lib/Controller/AccountController.php @@ -142,6 +142,7 @@ class AccountController extends Controller { } $this->session->remove(self::SESSION_USERNAME_CHECK); + $this->userService->addUsernameToCommonDataStore($username); return $response; } /** diff --git a/lib/Service/UserService.php b/lib/Service/UserService.php index 9b939b2f..68eeb8f9 100644 --- a/lib/Service/UserService.php +++ b/lib/Service/UserService.php @@ -418,4 +418,36 @@ class UserService { throw new Exception("Error checking if username is taken at common source, status code: " . (string) $statusCode); } + + public function addUsernameToCommonDataStore(string $username) : void { + $commonApiUrl = $this->apiConfig['commonApiUrl']; + $commonApiVersion = $this->apiConfig['commonApiVersion']; + + if (!isset($commonApiUrl) || empty($commonApiUrl)) { + return; + } + $endpoint = $commonApiVersion . '/users/'; + $url = $commonApiUrl . $endpoint ; + + $params = [ + 'username' => $username + ]; + + $token = $this->apiConfig['commonServiceToken']; + $headers = [ + "Authorization: Bearer $token" + ]; + + try { + $this->curl->post($url, $params, $headers); + + if ($this->curl->getLastStatusCode() !== 200) { + throw new Exception(); + } + } catch (Exception $e) { + $this->logger->error('Error adding username ' . $username . ' to common data store'); + } + + + } } -- GitLab From c28f56f8ab131876a8c56f988a56a604fa482247 Mon Sep 17 00:00:00 2001 From: Akhil Date: Tue, 5 Dec 2023 22:14:22 +0530 Subject: [PATCH 3/9] fix getLastStatusCode --- lib/Service/CurlService.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Service/CurlService.php b/lib/Service/CurlService.php index 6e795e58..d3b132d5 100644 --- a/lib/Service/CurlService.php +++ b/lib/Service/CurlService.php @@ -51,7 +51,7 @@ class CurlService { */ public function getLastStatusCode() : int { - return $this->getLastStatusCode; + return $this->lastStatusCode; } -- GitLab From 262caf41317530f45ac546de6d2fc135f10e336e Mon Sep 17 00:00:00 2001 From: Akhil Date: Mon, 18 Dec 2023 23:00:34 +0530 Subject: [PATCH 4/9] Handle exception in method call --- lib/Controller/AccountController.php | 7 ++++++- lib/Service/UserService.php | 12 +++--------- 2 files changed, 9 insertions(+), 10 deletions(-) diff --git a/lib/Controller/AccountController.php b/lib/Controller/AccountController.php index 7fbd8c67..30a22b05 100644 --- a/lib/Controller/AccountController.php +++ b/lib/Controller/AccountController.php @@ -147,8 +147,13 @@ class AccountController extends Controller { } $this->session->remove(self::SESSION_USERNAME_CHECK); - $this->userService->addUsernameToCommonDataStore($username); $this->session->remove(self::CAPTCHA_VERIFIED_CHECK); + + try { + $this->userService->addUsernameToCommonDataStore($username); + } catch (Exception $e) { + $this->logger->logException($e, ['app' => Application::APP_ID]); + } return $response; } /** diff --git a/lib/Service/UserService.php b/lib/Service/UserService.php index bb5ad7a3..dbda65c4 100644 --- a/lib/Service/UserService.php +++ b/lib/Service/UserService.php @@ -442,16 +442,10 @@ class UserService { "Authorization: Bearer $token" ]; - try { - $this->curl->post($url, $params, $headers); + $this->curl->post($url, $params, $headers); - if ($this->curl->getLastStatusCode() !== 200) { - throw new Exception(); - } - } catch (Exception $e) { - $this->logger->error('Error adding username ' . $username . ' to common data store'); + if ($this->curl->getLastStatusCode() !== 200) { + throw new Exception('Error adding username ' . $username . ' to common data store'); } - - } } -- GitLab From 5a0977dfa5709f09bf695f9016bb94a6fb2e0296 Mon Sep 17 00:00:00 2001 From: Akhil Date: Mon, 18 Dec 2023 23:04:10 +0530 Subject: [PATCH 5/9] Handle exception in method call to check username --- lib/Controller/AccountController.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/lib/Controller/AccountController.php b/lib/Controller/AccountController.php index 30a22b05..94ec7d3c 100644 --- a/lib/Controller/AccountController.php +++ b/lib/Controller/AccountController.php @@ -195,11 +195,16 @@ class AccountController extends Controller { return $response; } - if (!$this->userService->userExists($username) && !$this->userService->isUsernameTaken($username)) { - $response->setStatus(200); + try { + if (!$this->userService->userExists($username) && !$this->userService->isUsernameTaken($username)) { + $response->setStatus(200); + $this->session->set('username_check_passed', true); + } + } catch (Exception $e) { + $this->logger->logException($e, ['app' => Application::APP_ID ]); + $response->setStatus(500); } - $this->session->set('username_check_passed', true); return $response; } -- GitLab From 07413ce77a4748da93227f678f39e5b69bd1bfb7 Mon Sep 17 00:00:00 2001 From: Akhil Date: Mon, 18 Dec 2023 23:05:17 +0530 Subject: [PATCH 6/9] use constant for username check key --- lib/Controller/AccountController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Controller/AccountController.php b/lib/Controller/AccountController.php index 94ec7d3c..8bc2f137 100644 --- a/lib/Controller/AccountController.php +++ b/lib/Controller/AccountController.php @@ -198,7 +198,7 @@ class AccountController extends Controller { try { if (!$this->userService->userExists($username) && !$this->userService->isUsernameTaken($username)) { $response->setStatus(200); - $this->session->set('username_check_passed', true); + $this->session->set(self::SESSION_USERNAME_CHECK, true); } } catch (Exception $e) { $this->logger->logException($e, ['app' => Application::APP_ID ]); -- GitLab From ad2dbabed9002e5ebb9234b362a2a88fb6a71d1d Mon Sep 17 00:00:00 2001 From: Akhil Date: Mon, 18 Dec 2023 23:13:45 +0530 Subject: [PATCH 7/9] Fix captcha_result as const --- lib/Controller/AccountController.php | 4 ++-- lib/Service/CaptchaService.php | 3 ++- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/lib/Controller/AccountController.php b/lib/Controller/AccountController.php index 8bc2f137..8f9c849b 100644 --- a/lib/Controller/AccountController.php +++ b/lib/Controller/AccountController.php @@ -234,10 +234,10 @@ class AccountController extends Controller { public function verifyCaptcha(string $captchaInput = '') : DataResponse { $response = new DataResponse(); - $captchaResult = (string) $this->session->get('captcha_result', ''); + $captchaResult = (string) $this->session->get(CaptchaService::CAPTCHA_RESULT_KEY, ''); $response->setStatus(400); if ($captchaResult === $captchaInput) { - $this->session->remove('captcha_result'); + $this->session->remove(CaptchaService::CAPTCHA_RESULT_KEY); $this->session->set(self::CAPTCHA_VERIFIED_CHECK, true); $response->setStatus(200); } diff --git a/lib/Service/CaptchaService.php b/lib/Service/CaptchaService.php index 4bc4245d..cb3c6833 100644 --- a/lib/Service/CaptchaService.php +++ b/lib/Service/CaptchaService.php @@ -13,6 +13,7 @@ class CaptchaService { public const NUMBERS = '123456789'; public const SYMBOLS = '+-'; public const NOISE_LEVEL = 13; + public const CAPTCHA_RESULT_KEY = 'captcha_result'; public function __construct(ISession $session) { $this->session = $session; @@ -195,7 +196,7 @@ class CaptchaService { * @return void */ private function updateSession(float $captchaResult): void { - $this->session->set('captcha_result', $captchaResult); + $this->session->set(self::CAPTCHA_RESULT_KEY, $captchaResult); } -- GitLab From 08298b6b0cc6719c256b38d9202fb59f74456fba Mon Sep 17 00:00:00 2001 From: Akhil Date: Mon, 18 Dec 2023 23:28:37 +0530 Subject: [PATCH 8/9] await username check --- src/signup/RegistrationForm.vue | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/signup/RegistrationForm.vue b/src/signup/RegistrationForm.vue index 3a5f091b..ff81f3d7 100644 --- a/src/signup/RegistrationForm.vue +++ b/src/signup/RegistrationForm.vue @@ -289,9 +289,9 @@ export default { } } }, - submitRegistrationForm() { + async submitRegistrationForm() { this.validateForm(['displayname', 'username', 'password', 'repassword', 'termsandservices']) - this.checkUsername() + await this.checkUsername() const isFormValid = Object.values(this.validation).every(value => !value) if (isFormValid) { -- GitLab From cea69fb9d1502649a3b4918fa71e5c778b992d85 Mon Sep 17 00:00:00 2001 From: Akhil Date: Mon, 18 Dec 2023 23:37:33 +0530 Subject: [PATCH 9/9] Make captchaservice constants private --- lib/Service/CaptchaService.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/lib/Service/CaptchaService.php b/lib/Service/CaptchaService.php index cb3c6833..1a0ea4b6 100644 --- a/lib/Service/CaptchaService.php +++ b/lib/Service/CaptchaService.php @@ -8,11 +8,11 @@ use OCP\ISession; class CaptchaService { private $session; - public const WIDTH = 80; - public const HEIGHT = 40; - public const NUMBERS = '123456789'; - public const SYMBOLS = '+-'; - public const NOISE_LEVEL = 13; + private const WIDTH = 80; + private const HEIGHT = 40; + private const NUMBERS = '123456789'; + private const SYMBOLS = '+-'; + private const NOISE_LEVEL = 13; public const CAPTCHA_RESULT_KEY = 'captcha_result'; public function __construct(ISession $session) { -- GitLab