add possibility to create account without email and token
This commit is contained in:
@@ -1,7 +1,7 @@
|
||||
import db from "../sql.mjs";
|
||||
import lib from "../lib.mjs";
|
||||
import security from "../security.mjs";
|
||||
import { getRegistrationOpen, getDefaultLayout } from "../settings.mjs";
|
||||
import { getRegistrationOpen, getRegistrationRequireMailAndorToken, getDefaultLayout } from "../settings.mjs";
|
||||
import { sendMail } from "../../lib/smtp.mjs";
|
||||
import cfg from "../config.mjs";
|
||||
import crypto from "crypto";
|
||||
@@ -92,22 +92,28 @@ export default (router, tpl) => {
|
||||
let activated = true;
|
||||
let activationToken = null;
|
||||
|
||||
if (!token && !getRegistrationOpen()) {
|
||||
const registrationOpen = getRegistrationOpen();
|
||||
const requireMailOrToken = getRegistrationRequireMailAndorToken();
|
||||
|
||||
if (!registrationOpen && !token) {
|
||||
// Closed registration — invite token is always required
|
||||
return renderError("Invite token is required for registration.");
|
||||
}
|
||||
|
||||
if (token) {
|
||||
// Invite token path — validate and activate immediately
|
||||
const tokenRow = await db`
|
||||
select * from invite_tokens where token = ${token} and is_used = false
|
||||
`;
|
||||
if (tokenRow.length === 0) return renderError("Invalid or used invite token");
|
||||
// Token used, so it will be activated by default
|
||||
} else {
|
||||
// No token, Open Registration
|
||||
if (!email || !email.includes('@')) return renderError("A valid email is required for no-token registration.");
|
||||
// Token is valid; account activated immediately
|
||||
} else if (requireMailOrToken) {
|
||||
// Open registration but email/token required — email path
|
||||
if (!email || !email.includes('@')) return renderError("A valid email is required for registration.");
|
||||
activated = false;
|
||||
activationToken = crypto.randomBytes(32).toString('hex');
|
||||
}
|
||||
// else: open registration, no mail/token required — just username+password, activated immediately
|
||||
|
||||
// Check user existence
|
||||
const existing = await db`
|
||||
|
||||
@@ -49,6 +49,11 @@ export const getRegistrationOpen = () => {
|
||||
};
|
||||
export const setRegistrationOpen = (val) => registration_open = !!val;
|
||||
|
||||
// When false (default): open_registration=true means anyone can register with just username+password, activated immediately.
|
||||
// When true: even in open registration, a valid email OR invite token is required.
|
||||
export const getRegistrationRequireMailAndorToken = () => !!cfg.websrv.open_registration_require_mail_andor_token;
|
||||
export const setRegistrationRequireMailAndorToken = (val) => {}; // No-op, strictly config-based
|
||||
|
||||
export const getTrustedUploads = () => trusted_uploads;
|
||||
export const setTrustedUploads = (val) => trusted_uploads = Math.max(0, parseInt(val) ?? 3);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user