Fixed major security issues

Co-authored-by: LarsVomMars <lars@kroenner.eu>
author: Marvin Borner 2019-05-04 19:10:18 +0200
committer: Marvin Borner 2019-05-04 19:10:18 +0200
commit: b7540fb2b1bbe016d23b8a7f3e7ab3edafb219c8 (patch)
tree: da32ba6ac7467bc7d39f5209c7734ded79911260 /src/main/kotlin/UserHandler.kt
parent: 04d0cb43f6a3ede1a61309cf17d78d189caa9dd4 (diff)
1 files changed, 7 insertions, 3 deletions
diff --git a/src/main/kotlin/UserHandler.kt b/src/main/kotlin/UserHandler.kt
index a950860..1a81812 100644
--- a/src/main/kotlin/UserHandler.kt
+++ b/src/main/kotlin/UserHandler.kt
@@ -112,10 +112,13 @@ class UserHandler {
      */
     fun renderRegistration(ctx: Context) {
         val username = ctx.queryParam("username", "")
+        val token = ctx.queryParam("token", "")
+
         if (username.isNullOrEmpty()) ctx.status(403).result("Please provide a valid username!")
+        else if (token.isNullOrEmpty()) ctx.status(403).result("Please provide a valid token!")
         else {
-            if (databaseController.isUserRegistrationValid(username))
-                ctx.render("register.rocker.html", model("username", username, "message", ""))
+            if (databaseController.isUserRegistrationValid(username, token))
+                ctx.render("register.rocker.html", model("username", username, "token", token, "message", ""))
             else ctx.redirect("/user/login")
         }
     }
@@ -126,11 +129,12 @@ class UserHandler {
     fun register(ctx: Context) {
         try {
             val username = ctx.formParam("username").toString()
+            val token = ctx.formParam("token").toString()
             val password = ctx.formParam("password").toString()
             val verifyPassword = ctx.formParam("verifyPassword").toString()
 
             if (password == verifyPassword) {
-                if (databaseController.isUserRegistrationValid(username)) {
+                if (databaseController.isUserRegistrationValid(username, token)) {
                     databaseController.createUser(username, password, "USER")
                     databaseController.removeRegistrationIndex(username)
                     ctx.redirect("/user/login")
author	Marvin Borner	2019-05-04 19:10:18 +0200
committer	Marvin Borner	2019-05-04 19:10:18 +0200
commit	b7540fb2b1bbe016d23b8a7f3e7ab3edafb219c8 (patch)
tree	da32ba6ac7467bc7d39f5209c7734ded79911260 /src/main/kotlin/UserHandler.kt
parent	04d0cb43f6a3ede1a61309cf17d78d189caa9dd4 (diff)