Secret URL registration. Closes #1507

10 years ago · fefab766ba
parent 9b4f872d61
commit fefab766ba
11 changed files with 73 additions and 3 deletions
--- a/client/routes/router.coffee
+++ b/client/routes/router.coffee
@ -100,6 +100,20 @@ FlowRouter.route '/room-not-found/:type/:name',

 FlowRouter.route '/fxos',
 	name: 'firefox-os-install'
-	
+
 	action: ->
 		BlazeLayout.render 'fxOsInstallPrompt'
+
+FlowRouter.route '/register/:hash',
+	name: 'register-secret-url'
+	action: (params) ->
+		if RocketChat.settings.get('Accounts_RegistrationForm') is 'Secret URL'
+			Meteor.call 'checkRegistrationSecretURL', params.hash, (err, success) ->
+				if success
+					Session.set 'loginDefaultState', 'register'
+					BlazeLayout.render 'main', {center: 'home'}
+					KonchatNotification.getDesktopPermission()
+				else
+					BlazeLayout.render 'blankLayout', { render: 'invalidSecretURL' }
+		else
+			BlazeLayout.render 'blankLayout', { render: 'invalidSecretURL' }
--- a/i18n/en.i18n.json
+++ b/i18n/en.i18n.json
@ -54,6 +54,7 @@
  "Accounts_RegistrationForm_LinkReplacementText": "Registration Form Link Replacement Text",
  "Accounts_RegistrationForm_Secret_URL" : "Secret URL",
  "Accounts_RegistrationForm_SecretURL" : "Registration Form Secret URL",
+  "Accounts_RegistrationForm_SecretURL_Description" : "You must provide a random string that will be added to your registration URL. Example: https://demo.rocket.chat/register/[secret_hash]",
  "Accounts_RegistrationRequired" : "Registration Required",
  "Accounts_RequireNameForSignUp" : "Require Name For Signup",
  "Accounts_Enrollment_Email" : "Enrollment E-mail",
@ -168,6 +169,8 @@
  "Install_FxOs_error" : "Sorry, that did not work as intended! The following error appeared:",
  "Install_FxOs_follow_instructions" : "Please confirm the app installation on your device (press \"Install\" when prompted).",
  "Invalid_confirm_pass" : "The password confirmation does not match password",
+  "Invalid_Secret_URL" : "Invalid Secret URL",
+  "Invalid_secret_URL_message" : "The URL provided is invalid.",
  "Invalid_email" : "The e-mail entered is invalid",
  "Invalid_name" : "The name must not be empty",
  "Invalid_pass" : "The password must not be empty",
--- a/packages/rocketchat-lib/package.js
+++ b/packages/rocketchat-lib/package.js
@ -53,6 +53,7 @@ Package.onUse(function(api) {

 	// SERVER METHODS
 	api.addFiles('server/methods/addOAuthService.coffee', 'server');
+	api.addFiles('server/methods/checkRegistrationSecretURL.coffee', 'server');
 	api.addFiles('server/methods/joinDefaultChannels.coffee', 'server');
 	api.addFiles('server/methods/removeOAuthService.coffee', 'server');
 	api.addFiles('server/methods/robotMethods.coffee', 'server');
--- a/packages/rocketchat-lib/server/methods/checkRegistrationSecretURL.coffee
+++ b/packages/rocketchat-lib/server/methods/checkRegistrationSecretURL.coffee
@ -0,0 +1,4 @@
+Meteor.methods
+	checkRegistrationSecretURL: (hash) ->
+		console.log '[method] checkRegistrationSecretURL'.green, hash
+		return hash is RocketChat.settings.get 'Accounts_RegistrationForm_SecretURL'
--- a/packages/rocketchat-theme/assets/stylesheets/base.less
+++ b/packages/rocketchat-theme/assets/stylesheets/base.less
@ -4055,3 +4055,15 @@ a.github-fork {
 .inline-video {
 	max-height: 200px;
 }
+
+.attention-message {
+	color: white;
+	padding-top: 50px;
+	font-size: 24px;
+
+	i {
+		display: block;
+		margin-bottom: 20px;
+		font-size: 40px;
+	}
+}
--- a/packages/rocketchat-ui-login/login/form.coffee
+++ b/packages/rocketchat-ui-login/login/form.coffee
@ -52,7 +52,7 @@ Template.loginForm.helpers
 		return RocketChat.settings.get 'Layout_Login_Terms'

 	registrationAllowed: ->
-		return RocketChat.settings.get('Accounts_RegistrationForm') is 'Public'
+		return RocketChat.settings.get('Accounts_RegistrationForm') is 'Public' or Template.instance().validSecretURL?.get()

 	linkReplacementText: ->
 		return RocketChat.settings.get('Accounts_RegistrationForm_LinkReplacementText')
@ -81,6 +81,7 @@ Template.loginForm.events
 				return

 			if instance.state.get() is 'register'
+				formData.secretURL = FlowRouter.getParam 'hash'
 				Meteor.call 'registerUser', formData, (error, result) ->
 					RocketChat.Button.reset(button)

@ -125,8 +126,13 @@ Template.loginForm.onCreated ->
 	instance = @
 	if Meteor.settings.public.sandstorm
 		@state = new ReactiveVar('sandstorm')
+	else if Session.get 'loginDefaultState'
+		@state = new ReactiveVar(Session.get 'loginDefaultState')
 	else
 		@state = new ReactiveVar('login')
+
+	@validSecretURL = new ReactiveVar(false)
+
 	@validate = ->
 		formData = $("#login-card").serializeArray()
 		formObj = {}
@ -162,7 +168,12 @@ Template.loginForm.onCreated ->
 		$("#login-card input.error").removeClass "error"
 		return formObj

+	if FlowRouter.getParam('hash')
+		Meteor.call 'checkRegistrationSecretURL', FlowRouter.getParam('hash'), (err, success) =>
+			@validSecretURL.set true
+
 Template.loginForm.onRendered ->
+	Session.set 'loginDefaultState'
 	Tracker.autorun =>
 		switch this.state.get()
 			when 'login', 'forgot-password', 'email-verification'
--- a/packages/rocketchat-ui-master/master/blankLayout.html
+++ b/packages/rocketchat-ui-master/master/blankLayout.html
@ -0,0 +1,12 @@
+<template name="blankLayout">
+	<section class="full-page">
+		<div class="wrapper">
+			<header>
+				<a class="logo" href="/">
+					<img src="/images/logo/logo.svg?v=3" />
+				</a>
+			</header>
+			{{> Template.dynamic template=render}}
+		</div>
+	</section>
+</template>
--- a/packages/rocketchat-ui-master/package.js
+++ b/packages/rocketchat-ui-master/package.js
@ -25,6 +25,7 @@ Package.onUse(function(api) {
 	api.addFiles('master/main.html', 'client');
 	api.addFiles('master/loading.html', 'client');
 	api.addFiles('master/error.html', 'client');
+	api.addFiles('master/blankLayout.html', 'client');

 	api.addFiles('master/main.coffee', 'client');
-});
+});
--- a/packages/rocketchat-ui/package.js
+++ b/packages/rocketchat-ui/package.js
@ -73,6 +73,7 @@ Package.onUse(function(api) {
 	api.addFiles('views/fxos.html', 'client');
 	api.addFiles('views/modal.html', 'client');
 	api.addFiles('views/404/roomNotFound.html', 'client');
+	api.addFiles('views/404/invalidSecretURL.html', 'client');
 	api.addFiles('views/app/audioNotification.html', 'client');
 	api.addFiles('views/app/burguer.html', 'client');
 	api.addFiles('views/app/home.html', 'client');
--- a/packages/rocketchat-ui/views/404/invalidSecretURL.html
+++ b/packages/rocketchat-ui/views/404/invalidSecretURL.html
@ -0,0 +1,8 @@
+<template name="invalidSecretURL">
+	<div class="content">
+		<div class="attention-message">
+			<i class="icon-attention"></i>
+			{{_ 'Invalid_secret_URL_message'}}
+		</div>
+	</div>
+</template>
--- a/server/methods/registerUser.coffee
+++ b/server/methods/registerUser.coffee
@ -3,6 +3,9 @@ Meteor.methods
 		if RocketChat.settings.get('Accounts_RegistrationForm') is 'Disabled'
 			throw new Meteor.Error 'registration-disabled', 'User registration is disabled'

+		else if RocketChat.settings.get('Accounts_RegistrationForm') is 'Secret URL' and (not formData.secretURL or formData.secretURL isnt RocketChat.settings.get('Accounts_RegistrationForm_SecretURL'))
+			throw new Meteor.Error 'registration-disabled', 'User registration is only allowed via Secret URL'
+
 		userData =
 			email: formData.email
 			password: formData.pass