Browse Source

fix wrong behavior with the invite token

Validating email is wrong when the invite token is not set.
Outsider 9 years ago
parent
commit
14fc73227a
3 changed files with 15 additions and 11 deletions
  1. 2 2
      config.js
  2. 7 7
      routes/index.js
  3. 6 2
      views/index.jade

+ 2 - 2
config.js

@@ -13,6 +13,6 @@ module.exports = {
   //   --data 'email=EMAIL&token=TOKEN&set_active=true' \
   //   --compressed
   slacktoken: process.env.SLACK_TOKEN || 'YOUR-ACCESS-TOKEN',
-
-  inviteToken: process.env.INVITE_TOKEN || ''
+  // an optional security measure - if it is set, then that token will be required to get invited.
+  inviteToken: process.env.INVITE_TOKEN || null
 };

+ 7 - 7
routes/index.js

@@ -5,11 +5,11 @@ var config = require('../config');
 
 router.get('/', function(req, res) {
   res.render('index', { community: config.community,
-                        tokenRequired: config.inviteToken !== "" });
+                        tokenRequired: !!config.inviteToken });
 });
 
 router.post('/invite', function(req, res) {
-  if (req.body.email && req.body.token && config.inviteToken !== "" && req.body.token === config.inviteToken) {
+  if (req.body.email && (!config.inviteToken || (!!config.inviteToken && req.body.token === config.inviteToken))) {
     request.post({
         url: 'https://'+ config.slackUrl + '/api/users.admin.invite',
         form: {
@@ -46,22 +46,22 @@ router.post('/invite', function(req, res) {
   } else {
     var errMsg = [];
     if (!req.body.email) {
-      errMsg.push('email is required.');
+      errMsg.push('email is required');
     }
 
-    if (config.inviteToken !== "") {
+    if (!!config.inviteToken) {
       if (!req.body.token) {
-        errMsg.push('token is required.');
+        errMsg.push('token is required');
       }
 
       if (req.body.token && req.body.token !== config.inviteToken) {
-        errMsg.push('token is wrong.');
+        errMsg.push('token is wrong');
       }
     }
 
     res.render('result', {
       community: config.community,
-      message: errMsg.join(" and ")
+      message: 'Failed! ' + errMsg.join(' and ') + '.'
     });
   }
 });

+ 6 - 2
views/index.jade

@@ -18,14 +18,18 @@ html
             form(method="POST", action="/invite")#join-form.form
               input(type="text", name="email", placeholder="Enter Your Email Address")#slack-email.field
               if tokenRequired
-                input(type="text", name="token", placeholder="Enter the token you were given")#slack-token.field
+                input(type="text", name="token", placeholder="Enter the invite token you were given")#slack-token.field
               input(type="submit", value="Join").submit
     script.
+      var tokenRequired = #{tokenRequired};
       var form = document.getElementById('join-form');
       var email = document.getElementById('slack-email');
       var token = document.getElementById('slack-token');
       form.addEventListener('submit', function(evt) {
-        if (!email.value || (tokenRequired && !token.value)) {
+        if (!email.value) {
+          evt.preventDefault();
+        }
+        if (tokenRequired && !token.value) {
           evt.preventDefault();
         }
       });