fix: #9217, render 400 error page on bad access to /register

NodeBB · Jan 24, 2021 · b2b1450 · b2b1450
1 parent 06e2ef1
commit b2b1450
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 4 deletions.
diff --git a/public/language/en-GB/register.json b/public/language/en-GB/register.json
@@ -24,5 +24,9 @@
     "interstitial.errors-found": "We could not complete your registration:",
     "gdpr_agree_data": "I consent to the collection and processing of my personal information on this website.",
     "gdpr_agree_email": "I consent to receive digest and notification emails from this website.",
-    "gdpr_consent_denied": "You must give consent to this site to collect/process your information, and to send you emails."
+    "gdpr_consent_denied": "You must give consent to this site to collect/process your information, and to send you emails.",
+
+    "invite.error-admin-only": "Direct user registration has been disabled. Please contact an administrator for more details.",
+    "invite.error-invite-only": "Direct user registration has been disabled. You must be invited by an existing user in order to access this forum.",
+    "invite.error-invalid-data": "The registration data received does not correspond to our records. Please contact an administrator for more details"
 }
diff --git a/src/controllers/index.js b/src/controllers/index.js
@@ -149,7 +149,13 @@ Controllers.register = async function (req, res, next) {
 	}
 	try {
 		if (registrationType === 'invite-only' || registrationType === 'admin-invite-only') {
-			await user.verifyInvitation(req.query);
+			try {
+				await user.verifyInvitation(req.query);
+			} catch (e) {
+				res.render('400', {
+					error: e.message,
+				});
+			}
 		}
 
 		const loginStrategies = require('../routes/authentication').getLoginStrategies();

diff --git a/src/user/invite.js b/src/user/invite.js
@@ -58,11 +58,15 @@ module.exports = function (User) {
 
 	User.verifyInvitation = async function (query) {
 		if (!query.token || !query.email) {
-			throw new Error('[[error:invalid-data]]');
+			if (meta.config.registrationType.startsWith('admin-')) {
+				throw new Error('[[register:invite.error-admin-only]]');
+			} else {
+				throw new Error('[[register:invite.error-invite-only]]');
+			}
 		}
 		const token = await db.getObjectField('invitation:email:' + query.email, 'token');
 		if (!token || token !== query.token) {
-			throw new Error('[[error:invalid-token]]');
+			throw new Error('[[register:invite.error-invalid-data]]');
 		}
 	};