fix: site title check + UI fixes + 2FA setup on account verify

requarks · Aug 23, 2020 · 8c205b6 · 8c205b6
1 parent f72530b
commit 8c205b6
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 12 deletions.
diff --git a/client/components/admin/admin-general.vue b/client/components/admin/admin-general.vue
@@ -177,6 +177,8 @@ import editorStore from '../../store/editor'
 
 /* global WIKI */
 
+const titleRegex = /[<>"]/i
+
 WIKI.$store.registerModule('editor', editorStore)
 
 export default {
@@ -186,12 +188,6 @@ export default {
   },
   data() {
     return {
-      analyticsServices: [
-        { text: 'None', value: '' },
-        { text: 'Elasticsearch APM RUM', value: 'elk' },
-        { text: 'Google Analytics', value: 'ga' },
-        { text: 'Google Tag Manager', value: 'gtm' }
-      ],
       config: {
         host: '',
         title: '',
@@ -238,6 +234,15 @@ export default {
   },
   methods: {
     async save () {
+      const title = _.get(this.config, 'title', '')
+      if (titleRegex.test(title)) {
+        this.$store.commit('showNotification', {
+          style: 'error',
+          message: this.$t('admin:general.siteTitleInvalidChars'),
+          icon: 'alert'
+        })
+        return
+      }
       try {
         await this.$apollo.mutate({
           mutation: gql`
@@ -300,7 +305,7 @@ export default {
         })
         this.$store.commit('showNotification', {
           style: 'success',
-          message: 'Configuration saved successfully.',
+          message: this.$t('admin:general.saveSuccess'),
           icon: 'check'
         })
         this.siteTitle = this.config.title

diff --git a/client/components/common/loader.vue b/client/components/common/loader.vue
@@ -8,7 +8,7 @@
           :size='60'
           color='#FFF'
           )
-        img(v-else-if='mode === `icon`', :src='`/svg/icon-` + icon + `.svg`', :alt='icon')
+        img(v-else-if='mode === `icon`', :src='`/_assets/svg/icon-` + icon + `.svg`', :alt='icon')
         .subtitle-1.white--text {{ title }}
         .caption {{ subtitle }}
 </template>

diff --git a/client/components/register.vue b/client/components/register.vue
@@ -93,7 +93,7 @@
 
     loader(v-model='isLoading', :mode='loaderMode', :icon='loaderIcon', :color='loaderColor', :title='loaderTitle', :subtitle='loaderSubtitle')
     nav-footer(color='grey darken-5', dark-color='grey darken-5')
-    notify
+    notify(style='padding-top: 64px;')
 </template>
 
 <script>

diff --git a/server/controllers/auth.js b/server/controllers/auth.js
@@ -135,10 +135,14 @@ router.get('/verify/:token', bruteforce.prevent, async (req, res, next) => {
   try {
     const usr = await WIKI.models.userKeys.validateToken({ kind: 'verify', token: req.params.token })
     await WIKI.models.users.query().patch({ isVerified: true }).where('id', usr.id)
-    const result = await WIKI.models.users.refreshToken(usr)
     req.brute.reset()
-    res.cookie('jwt', result.token, { expires: moment().add(1, 'years').toDate() })
-    res.redirect('/')
+    if (WIKI.config.auth.enforce2FA) {
+      res.redirect('/login')
+    } else {
+      const result = await WIKI.models.users.refreshToken(usr)
+      res.cookie('jwt', result.token, { expires: moment().add(1, 'years').toDate() })
+      res.redirect('/')
+    }
   } catch (err) {
     next(err)
   }