WIP restrict registration

2021-04-26 18:31:33 +05:30 · 2021-04-26 18:31:33 +05:30 · 50045c08d0
parent 75623a4349
commit 50045c08d0
11 changed files with 40 additions and 28 deletions
--- a/customize.dist/login.js
+++ b/customize.dist/login.js
@ -534,6 +534,10 @@ define([
                                    });
                                });
                                break;
+                            case 'E_RESTRICTED':
+                                Messages.register_restrictedError = "Registration is restricted on this instance"; // XXX
+                                UI.errorLoadingScreen(Messages.register_restrictedError); // XXX
+                                break;
                            default: // UNHANDLED ERROR
                                hashing = false;
                                UI.errorLoadingScreen(Messages.login_unhandledError);
--- a/customize.dist/pages.js
+++ b/customize.dist/pages.js
@ -4,7 +4,8 @@ define([
    '/customize/application_config.js',
    '/customize/messages.js',
    'jquery',
-], function (h, Language, AppConfig, Msg, $) {
+    '/api/config',
+], function (h, Language, AppConfig, Msg, $, ApiConfig) {
    var Pages = {};

    Pages.setHTML = function (e, html) {
@ -157,10 +158,16 @@ define([
    Pages.infopageTopbar = function () {
        var rightLinks;
        var username = window.localStorage.getItem('User_name');
+        var registerLink;
+
+        if (!ApiConfig.restrictRegistration) {
+            registerLink = h('a.nav-item.nav-link.cp-register-btn', { href: '/register/'}, Msg.login_register);
+        }
+
        if (username === null) {
            rightLinks = [
                h('a.nav-item.nav-link.cp-login-btn', { href: '/login/'}, Msg.login_login),
-                h('a.nav-item.nav-link.cp-register-btn', { href: '/register/'}, Msg.login_register)
+                registerLink,
            ];
        } else {
            rightLinks = h('a.nav-item.nav-link.cp-user-btn', { href: '/drive/' }, [
--- a/customize.dist/template.js
+++ b/customize.dist/template.js
@ -50,7 +50,6 @@ $(function () {
            } else if (/^\/login\//.test(pathname)) {
                require([ '/login/main.js' ], function () {});
            } else if (/^\/($|^\/index\.html$)/.test(pathname)) {
-                // TODO use different top bar
                require([ '/customize/main.js', ], function () {});
            } else {
                require([ '/customize/main.js', ], function () {});
--- a/lib/commands/block.js
+++ b/lib/commands/block.js
@ -86,12 +86,17 @@ var createLoginBlockPath = function (Env, publicKey) { // FIXME BLOCKS
    return Path.join(Env.paths.block, safeKey.slice(0, 2), safeKey);
 };

-Block.writeLoginBlock = function (Env, safeKey, msg, cb) { // FIXME BLOCKS
+Block.writeLoginBlock = function (Env, safeKey, msg, _cb) { // FIXME BLOCKS
+    var cb = Util.once(Util.mkAsync(_cb));
    //console.log(msg);
    var publicKey = msg[0];
    var signature = msg[1];
    var block = msg[2];

+    if (Env.restrictRegistration /* && notAlreadyRegistered */) { // XXX restricted-registration
+        return void cb("E_RESTRICTED");
+    }
+
    validateLoginBlock(Env, publicKey, signature, block, function (e, validatedBlock) {
        if (e) { return void cb(e); }
        if (!(validatedBlock instanceof Uint8Array)) { return void cb('E_INVALID_BLOCK'); }
--- a/lib/env.js
+++ b/lib/env.js
@ -89,6 +89,7 @@ module.exports.create = function (config) {
            }
        },

+        restrictRegistration: false,
        allowSubscriptions: config.allowSubscriptions === true,
        blockDailyCheck: config.blockDailyCheck === true,

--- a/server.js
+++ b/server.js
@ -276,6 +276,7 @@ var serveConfig = makeRouteCache(function (host) {
            defaultStorageLimit: Env.defaultStorageLimit,
            maxUploadSize: Env.maxUploadSize,
            premiumUploadSize: Env.premiumUploadSize,
+            restrictRegistration: Env.restrictRegistration, // XXX restricted-registration
        }, null, '\t'),
        'obj.httpSafeOrigin = ' + (function () {
            if (config.httpSafeOrigin) { return '"' + config.httpSafeOrigin + '"'; }
--- a/www/admin/inner.js
+++ b/www/admin/inner.js
@ -53,7 +53,7 @@ define([
            'cp-admin-update-limit',
            'cp-admin-archive',
            'cp-admin-unarchive',
-            // 'cp-admin-registration',
+            'cp-admin-registration', // XXX restricted-registration
        ],
        'quota': [ // Msg.admin_cat_quota
            'cp-admin-defaultlimit',
@ -254,7 +254,7 @@ define([
    create['registration'] = function () {
        var key = 'registration';
        var $div = makeBlock(key, true); // Msg.admin_registrationHint, .admin_registrationTitle, .admin_registrationButton
-        var $button = $div.find('button');
+        var $button = $div.find('button'); // XXX restricted-registration: a checkbox might be better. it's easy to misinterpret the verb "OPEN" as an adjective
        var state = APP.instanceStatus.restrictRegistration;
        if (state) {
            $button.text(Messages.admin_registrationAllow);
--- a/www/checkup/main.js
+++ b/www/checkup/main.js
@ -243,7 +243,7 @@ define([
        opt.keys = secret.keys;
        opt.channelHex = secret.channel;

-        var RT, rpc, exists;
+        var RT, rpc, exists, restricted;

        nThen(function (waitFor) {
            Util.fetch(blockUrl, waitFor(function (err) {
@ -285,6 +285,12 @@ define([
            // Write block
            if (exists) { return; }
            rpc.writeLoginBlock(blockRequest, waitFor(function (e) {
+                // we should tolerate restricted registration
+                // and proceed to clean up after any data we've created
+                if (e === 'E_RESTRICTED') {
+                    restricted = true;
+                    return void cb(true);
+                }
                if (e) {
                    waitFor.abort();
                    console.error("Can't write login block", e);
@ -292,6 +298,7 @@ define([
                }
            }));
        }).nThen(function (waitFor) {
+            if (restricted) { return; }
            // Read block
            Util.fetch(blockUrl, waitFor(function (e) {
                if (e) {
@ -303,6 +310,7 @@ define([
        }).nThen(function (waitFor) {
            // Remove block
            rpc.removeLoginBlock(removeRequest, waitFor(function (e) {
+                if (restricted) { return; } // an ENOENT is expected in the case of restricted registration, but we call this anyway to clean up any mess from previous tests.
                if (e) {
                    waitFor.abort();
                    console.error("Can't remove login block", e);
--- a/www/login/main.js
+++ b/www/login/main.js
@ -11,21 +11,11 @@ define([
    'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
 ], function ($, Cryptpad, Login, UI, Realtime, Feedback, LocalStore, Test) {
    $(function () {
-        var $main = $('#mainBlock');
        var $checkImport = $('#import-recent');
-
-        // main block is hidden in case javascript is disabled
-        $main.removeClass('hidden');
-
-        // Make sure we don't display non-translated content (empty button)
-        $main.find('#data').removeClass('hidden');
-
        if (LocalStore.isLoggedIn()) {
            // already logged in, redirect to drive
            document.location.href = '/drive/';
            return;
-        } else {
-            $main.find('#userForm').removeClass('hidden');
        }

        /* Log in UI */
--- a/www/register/main.js
+++ b/www/register/main.js
@ -11,26 +11,22 @@ define([
    '/common/common-feedback.js',
    '/common/outer/local-store.js',
    '/common/hyperscript.js',
+    '/api/config',

    'css!/bower_components/components-font-awesome/css/font-awesome.min.css',
-], function ($, Login, Cryptpad, Test, Cred, UI, Util, Realtime, Constants, Feedback, LocalStore, h) {
+], function ($, Login, Cryptpad, Test, Cred, UI, Util, Realtime, Constants, Feedback, LocalStore, h, ApiConfig) {
    var Messages = Cryptpad.Messages;
-
+    Messages.register_registrationIsClosed = "REGISTRATION IS CLOSED ON THIS INSTANCE."; // XXX
    $(function () {
-        var $main = $('#mainBlock');
-
-        // main block is hidden in case javascript is disabled
-        $main.removeClass('hidden');
-
-        // Make sure we don't display non-translated content (empty button)
-        $main.find('#data').removeClass('hidden');
+        if (ApiConfig.restrictRegistration) {
+            return void UI.alert(Messages.register_registrationIsClosed); // XXX restricted-registration better UI ?
+            // remove the form and display text instead of an alert that people will probably dismiss?
+        }

        if (LocalStore.isLoggedIn()) {
            // already logged in, redirect to drive
            document.location.href = '/drive/';
            return;
-        } else {
-            $main.find('#userForm').removeClass('hidden');
        }

        // text and password input fields
--- a/www/settings/inner.js
+++ b/www/settings/inner.js
@ -593,6 +593,7 @@ define([
        $(form).appendTo($div);

        var updateBlock = function(data, cb) {
+// XXX restricted-registration registered users should be able to change their password even if registration is closed. Include proof of ownership of their existing block when requesting the creation of a new one
            sframeChan.query('Q_CHANGE_USER_PASSWORD', data, function(err, obj) {
                if (err || obj.error) { return void cb({ error: err || obj.error }); }
                cb(obj);