Merge pull request #5671 from RocketChat/add-rest-api-registration

Add users.register and users.getAvatar

packages/rocketchat-api/server/v1/users.js

@@ -51,6 +51,20 @@ RocketChat.API.v1.addRoute('users.delete', { authRequired: true }, {
 	}
 });
 
+RocketChat.API.v1.addRoute('users.getAvatar', { authRequired: false }, {
+	get: function() {
+		const user = this.getUserFromParams();
+
+		const url = RocketChat.getURL(`/avatar/${user.username}`, { cdn: false, full: true });
+		this.response.setHeader('Location', url);
+
+		return {
+			statusCode: 307,
+			body: url
+		};
+	}
+});
+
 RocketChat.API.v1.addRoute('users.getPresence', { authRequired: true }, {
 	get: function() {
 		//BLAHHHHHHHHHH :'(
@@ -133,6 +147,28 @@ RocketChat.API.v1.addRoute('users.list', { authRequired: true }, {
 	}
 });
 
+RocketChat.API.v1.addRoute('users.register', { authRequired: false }, {
+	post: function() {
+		if (this.userId) {
+			return RocketChat.API.v1.failure('Logged in users can not register again.');
+		}
+
+		//We set their username here, so require it
+		//The `registerUser` checks for the other requirements
+		check(this.bodyParams, Match.ObjectIncluding({
+			username: String
+		}));
+
+		//Register the user
+		const userId = Meteor.call('registerUser', this.bodyParams);
+
+		//Now set their username
+		Meteor.runAsUser(userId, () => Meteor.call('setUsername', this.bodyParams.username));
+
+		return RocketChat.API.v1.success({ user: RocketChat.models.Users.findOneById(userId, { fields: RocketChat.API.v1.defaultFieldsToExclude }) });
+	}
+});
+
 //TODO: Make this route work with support for usernames
 RocketChat.API.v1.addRoute('users.setAvatar', { authRequired: true }, {
 	post: function() {

server/methods/registerUser.js

@@ -0,0 +1,52 @@
+Meteor.methods({
+	registerUser(formData) {
+		check(formData, Match.ObjectIncluding({
+			email: String,
+			pass: String,
+			name: String,
+			secretURL: Match.Optional(String)
+		}));
+
+		if (RocketChat.settings.get('Accounts_RegistrationForm') === 'Disabled') {
+			throw new Meteor.Error('error-user-registration-disabled', 'User registration is disabled', { method: 'registerUser' });
+		} else if (RocketChat.settings.get('Accounts_RegistrationForm') === 'Secret URL' && (!formData.secretURL || formData.secretURL !== RocketChat.settings.get('Accounts_RegistrationForm_SecretURL'))) {
+			throw new Meteor.Error ('error-user-registration-secret', 'User registration is only allowed via Secret URL', { method: 'registerUser' });
+		}
+
+		RocketChat.validateEmailDomain(formData.email);
+
+		const userData = {
+			email: s.trim(formData.email.toLowerCase()),
+			password: formData.pass
+		};
+
+		// Check if user has already been imported and never logged in. If so, set password and let it through
+		const importedUser = RocketChat.models.Users.findOneByEmailAddress(s.trim(formData.email.toLowerCase()));
+		let userId;
+		if (importedUser && importedUser.importIds && importedUser.importIds.length && !importedUser.lastLogin) {
+			Accounts.setPassword(importedUser._id, userData.password);
+			userId = importedUser._id;
+		} else {
+			userId = Accounts.createUser(userData);
+		}
+
+		RocketChat.models.Users.setName(userId, s.trim(formData.name));
+
+		RocketChat.saveCustomFields(userId, formData);
+
+		try {
+			if (RocketChat.settings.get('Verification_Customized')) {
+				const subject = RocketChat.placeholders.replace(RocketChat.settings.get('Verification_Email_Subject') || '');
+				const html = RocketChat.placeholders.replace(RocketChat.settings.get('Verification_Email') || '');
+				Accounts.emailTemplates.verifyEmail.subject = () => subject;
+				Accounts.emailTemplates.verifyEmail.html = (userModel, url) => html.replace(/\[Verification_Url]/g, url);
+			}
+
+			Accounts.sendVerificationEmail(userId, userData.email);
+		} catch (error) {
+			// throw new Meteor.Error 'error-email-send-failed', 'Error trying to send email: ' + error.message, { method: 'registerUser', message: error.message }
+		}
+
+		return userId;
+	}
+});