From e77572f6b7d9d2f8b5686d9fcacdd504e6d9bbb3 Mon Sep 17 00:00:00 2001
From: Danil Kovtonyuk <danx.kov@gmail.com>
Date: Sat, 15 Feb 2020 00:13:11 +1000
Subject: [PATCH] restrict symbols

-fix validation on update query
---
 components/Form.vue              | 19 +++++++++++--------
 pages/authorize-contribution.vue |  6 +++---
 server/controllers/authorize.js  |  7 +++++++
 server/controllers/contribute.js |  4 ++--
 server/models/contribution.js    |  9 +++++++--
 5 files changed, 30 insertions(+), 15 deletions(-)

diff --git a/components/Form.vue b/components/Form.vue
index 6ee1a80..b319901 100644
--- a/components/Form.vue
+++ b/components/Form.vue
@@ -14,10 +14,14 @@
         :message="{ [hasErrorName.msg]: hasErrorName.invalid }"
         label="Name"
       >
-        <b-input v-model="userName" maxlength="35"></b-input>
+        <b-input v-model="userName" @blur="restrictSymbols('userName')" maxlength="35"></b-input>
       </b-field>
       <b-field label="Company">
-        <b-input v-model="userCompany" maxlength="35"></b-input>
+        <b-input
+          v-model="userCompany"
+          @blur="restrictSymbols('userCompany')"
+          maxlength="35"
+        ></b-input>
       </b-field>
     </div>
     <div v-else class="buttons">
@@ -35,11 +39,6 @@
 import { mapGetters, mapActions } from 'vuex'
 
 export default {
-  data() {
-    return {
-      nameErrorMessage: ''
-    }
-  },
   computed: {
     ...mapGetters('user', ['isLoggedIn', 'hasErrorName']),
     userName: {
@@ -60,7 +59,11 @@ export default {
     }
   },
   methods: {
-    ...mapActions('user', ['makeTweet', 'logInVia', 'logOut'])
+    ...mapActions('user', ['makeTweet', 'logInVia', 'logOut']),
+    restrictSymbols(name) {
+      const regExpression = new RegExp('[^0-9a-zA-Z\\x20]', 'g')
+      this[name] = this[name].replace(regExpression, '')
+    }
   }
 }
 </script>
diff --git a/pages/authorize-contribution.vue b/pages/authorize-contribution.vue
index 2f2fb17..6448073 100644
--- a/pages/authorize-contribution.vue
+++ b/pages/authorize-contribution.vue
@@ -66,7 +66,7 @@ export default {
     if (!this.token) {
       window.location.replace(window.location.origin)
     } else {
-      await this.check()
+      await this.getContributionIndex()
     }
     setTimeout(() => {
       this.$root.$emit('disableLoading')
@@ -103,12 +103,12 @@ export default {
         this.status.type = 'is-danger'
       }
     },
-    async check() {
+    async getContributionIndex() {
       const body = {
         token: this.token
       }
       try {
-        const response = await fetch('/api/check_contribution', {
+        const response = await fetch('/api/get_contribution_index', {
           method: 'POST',
           headers: {
             Accept: 'application/json',
diff --git a/server/controllers/authorize.js b/server/controllers/authorize.js
index 5992aaf..003086a 100644
--- a/server/controllers/authorize.js
+++ b/server/controllers/authorize.js
@@ -61,6 +61,11 @@ function validateRefferer(req, res, next) {
   next()
 }
 
+function restrictSymbols(value) {
+  const regExpression = new RegExp('[^0-9a-zA-Z\\x20]', 'g')
+  return value.replace(regExpression, '')
+}
+
 router.get('/connect/:provider', validateProvider, validateRefferer, (req, res) => {
   const { provider } = req.params
   const referrer = new URL(req.get('Referrer'))
@@ -138,6 +143,7 @@ router.get('/user_data/', (req, res) => {
     github.get('https://api.github.com/user', req.session.accessToken, function(error, data) {
       if (!error) {
         userData = JSON.parse(data)
+        userData.name = restrictSymbols(userData.name)
         userData.handle = userData.login
         userData.socialType = 'github'
         req.session.handle = userData.login
@@ -153,6 +159,7 @@ router.get('/user_data/', (req, res) => {
       function(error, data) {
         if (!error) {
           userData = JSON.parse(data)
+          userData.name = restrictSymbols(userData.name)
           userData.handle = userData.screen_name
           userData.socialType = 'twitter'
           req.session.handle = userData.screen_name
diff --git a/server/controllers/contribute.js b/server/controllers/contribute.js
index ac2f66d..99870e8 100644
--- a/server/controllers/contribute.js
+++ b/server/controllers/contribute.js
@@ -136,7 +136,7 @@ router.post('/authorize_contribution', async (req, res) => {
         handle: req.session.handle,
         socialType: req.session.socialType
       },
-      { where: { token: req.body.token }, returning: true }
+      { individualHooks: true, where: { token: req.body.token }, returning: true }
     )
   } catch (e) {
     console.error('updateError', e)
@@ -146,7 +146,7 @@ router.post('/authorize_contribution', async (req, res) => {
   res.send('OK')
 })
 
-router.post('/check_contribution', async (req, res) => {
+router.post('/get_contribution_index', async (req, res) => {
   if (!req.body || !req.body.token) {
     res.status(404).send('Wrong request params')
   }
diff --git a/server/models/contribution.js b/server/models/contribution.js
index 2415ca3..839ee5b 100644
--- a/server/models/contribution.js
+++ b/server/models/contribution.js
@@ -1,11 +1,16 @@
 'use strict'
 
+function isValidName(value, minLength = 4) {
+  const regExpression = new RegExp(`^[0-9a-zA-Z\\x20]{${minLength},35}$`)
+  return regExpression.test(value)
+}
+
 const validate = (contribution, options) => {
   const { name, company, socialType } = contribution.dataValues
-  if (socialType !== 'anonymous' && (name.length < 4 || name.length > 35)) {
+  if (socialType !== 'anonymous' && !isValidName(name)) {
     throw new Error('Wrong name')
   }
-  if (company && company.length > 35) {
+  if (company && !isValidName(company, 0)) {
     throw new Error('Wrong company')
   }
 }