From abfb36bcdb25ba11bda9892ec473970fc29506bb Mon Sep 17 00:00:00 2001
From: syuilo <syuilotan@yahoo.co.jp>
Date: Wed, 22 Feb 2017 19:39:34 +0900
Subject: Fix bug

---
 src/api/models/user.ts    |  9 +++++++--
 src/api/private/signin.ts | 10 ++++++++++
 src/api/private/signup.ts |  4 ++--
 3 files changed, 19 insertions(+), 4 deletions(-)

(limited to 'src')

diff --git a/src/api/models/user.ts b/src/api/models/user.ts
index 30805e4b63..c8c187c509 100644
--- a/src/api/models/user.ts
+++ b/src/api/models/user.ts
@@ -8,9 +8,14 @@ const collection = db.get('users');
 export default collection as any; // fuck type definition
 
 export function validateUsername(username: string): boolean {
-	return /^[a-zA-Z0-9\-]{3,20}$/.test(username);
+	return typeof username == 'string' && /^[a-zA-Z0-9\-]{3,20}$/.test(username);
+}
+
+export function validatePassword(password: string): boolean {
+	return typeof password == 'string' && password != '';
 }
 
 export function isValidBirthday(birthday: string): boolean {
-	return /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday);
+	return typeof birthday == 'string' && /^([0-9]{4})\-([0-9]{2})-([0-9]{2})$/.test(birthday);
+}
 }
diff --git a/src/api/private/signin.ts b/src/api/private/signin.ts
index 14dd1c7058..fe3b5f7084 100644
--- a/src/api/private/signin.ts
+++ b/src/api/private/signin.ts
@@ -12,6 +12,16 @@ export default async (req: express.Request, res: express.Response) => {
 	const username = req.body['username'];
 	const password = req.body['password'];
 
+	if (typeof username != 'string') {
+		res.sendStatus(400);
+		return;
+	}
+
+	if (typeof password != 'string') {
+		res.sendStatus(400);
+		return;
+	}
+
 	// Fetch user
 	const user = await User.findOne({
 		username_lower: username.toLowerCase()
diff --git a/src/api/private/signup.ts b/src/api/private/signup.ts
index 73e04f8b37..bd2a7ef02a 100644
--- a/src/api/private/signup.ts
+++ b/src/api/private/signup.ts
@@ -3,7 +3,7 @@ import * as bcrypt from 'bcryptjs';
 import rndstr from 'rndstr';
 import recaptcha = require('recaptcha-promise');
 import User from '../models/user';
-import { validateUsername } from '../models/user';
+import { validateUsername, validatePassword } from '../models/user';
 import serialize from '../serializers/user';
 import config from '../../conf';
 
@@ -34,7 +34,7 @@ export default async (req: express.Request, res: express.Response) => {
 	}
 
 	// Validate password
-	if (password == '') {
+	if (!validatePassword(password)) {
 		res.sendStatus(400);
 		return;
 	}
-- 
cgit v1.2.3-freya