fix: site title check + UI fixes + 2FA setup on account verify

4 years ago · 8c205b6950
4 changed files with 21 additions and 12 deletions
--- a/client/components/admin/admin-general.vue
+++ b/client/components/admin/admin-general.vue
@ -177,6 +177,8 @@ import editorStore from '../../store/editor'

 /* global WIKI */

+const titleRegex = /[<>"]/i
+
 WIKI.$store.registerModule('editor', editorStore)

 export default {
@ -186,12 +188,6 @@ export default {
  },
  data() {
    return {
-      analyticsServices: [
-        { text: 'None', value: '' },
-        { text: 'Elasticsearch APM RUM', value: 'elk' },
-        { text: 'Google Analytics', value: 'ga' },
-        { text: 'Google Tag Manager', value: 'gtm' }
-      ],
      config: {
        host: '',
        title: '',
@ -238,6 +234,15 @@ export default {
  },
  methods: {
    async save () {
+      const title = _.get(this.config, 'title', '')
+      if (titleRegex.test(title)) {
+        this.$store.commit('showNotification', {
+          style: 'error',
+          message: this.$t('admin:general.siteTitleInvalidChars'),
+          icon: 'alert'
+        })
+        return
+      }
      try {
        await this.$apollo.mutate({
          mutation: gql`
@ -300,7 +305,7 @@ export default {
        })
        this.$store.commit('showNotification', {
          style: 'success',
-          message: 'Configuration saved successfully.',
+          message: this.$t('admin:general.saveSuccess'),
          icon: 'check'
        })
        this.siteTitle = this.config.title
--- a/client/components/common/loader.vue
+++ b/client/components/common/loader.vue
@ -8,7 +8,7 @@
          :size='60'
          color='#FFF'
          )
-        img(v-else-if='mode === `icon`', :src='`/svg/icon-` + icon + `.svg`', :alt='icon')
+        img(v-else-if='mode === `icon`', :src='`/_assets/svg/icon-` + icon + `.svg`', :alt='icon')
        .subtitle-1.white--text {{ title }}
        .caption {{ subtitle }}
 </template>
--- a/client/components/register.vue
+++ b/client/components/register.vue
@ -93,7 +93,7 @@

    loader(v-model='isLoading', :mode='loaderMode', :icon='loaderIcon', :color='loaderColor', :title='loaderTitle', :subtitle='loaderSubtitle')
    nav-footer(color='grey darken-5', dark-color='grey darken-5')
-    notify
+    notify(style='padding-top: 64px;')
 </template>

 <script>
--- a/server/controllers/auth.js
+++ b/server/controllers/auth.js
@ -135,10 +135,14 @@ router.get('/verify/:token', bruteforce.prevent, async (req, res, next) => {
  try {
    const usr = await WIKI.models.userKeys.validateToken({ kind: 'verify', token: req.params.token })
    await WIKI.models.users.query().patch({ isVerified: true }).where('id', usr.id)
-    const result = await WIKI.models.users.refreshToken(usr)
    req.brute.reset()
-    res.cookie('jwt', result.token, { expires: moment().add(1, 'years').toDate() })
-    res.redirect('/')
+    if (WIKI.config.auth.enforce2FA) {
+      res.redirect('/login')
+    } else {
+      const result = await WIKI.models.users.refreshToken(usr)
+      res.cookie('jwt', result.token, { expires: moment().add(1, 'years').toDate() })
+      res.redirect('/')
+    }
  } catch (err) {
    next(err)
  }