From 5a714a2ec25ff2499cb8077bcdbe55d3612200c8 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Paul=20H=C3=A4nsch?= Date: Tue, 21 Sep 2021 21:10:58 +0200 Subject: [PATCH] syntax fixes, minor sanity checks --- users.sh | 31 +++++++++++++++++++------------ 1 file changed, 19 insertions(+), 12 deletions(-) diff --git a/users.sh b/users.sh index 0af2320..b5ebcef 100755 --- a/users.sh +++ b/users.sh @@ -25,7 +25,8 @@ user_init(){ && read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE <<-EOF $(grep "^${user_id} " "$user_db") EOF - if [ "$STATUS" = active -a "$EXPIRE" -gt "$_DATE" ]; then + [ "$STATUS" -a "$EXPIRE" ] \ + && if [ "$STATUS" = active -a "$EXPIRE" -gt "$_DATE" ]; then USER_ID="$UID" USER_NAME="$(UNSTRING "$UNAME")" USER_EMAIL="$(UNSTRING "$EMAIL")" @@ -33,7 +34,7 @@ user_init(){ } user_checkname(){ - { [ $# -gt 0 ] && printf %s "$*" || cat } \ + { [ $# -gt 0 ] && printf %s "$*" || cat; } \ | sed -nE ' :X; $!{N;bX;} s;[ \t\r\n]+; ;g; @@ -45,7 +46,7 @@ user_checkname(){ } user_checkemail(){ - { [ $# -gt 0 ] && printf %s "$*" || cat } \ + { [ $# -gt 0 ] && printf %s "$*" || cat; } \ | sed -nE ' # W3C recommended email regex # https://html.spec.whatwg.org/multipage/input.html#email-state-(type=email) @@ -56,7 +57,8 @@ user_checkemail(){ user_nameexist(){ local uname="$(STRING "$1")" local UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE - while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do + [ -f "$user_db" -a -r "$user_db" ] \ + && while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do [ "$EXPIRE" -gt "$_DATE" -a "$UNAME" = "$uname" ] && return 0 done <"$user_db" return 1 @@ -65,7 +67,8 @@ user_nameexist(){ user_emailexist(){ local email="$(STRING "$1")" local UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE - while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do + [ -f "$user_db" -a -r "$user_db" ] \ + && while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do [ "$EXPIRE" -gt "$_DATE" -a "$EMAIL" = "$email" ] && return 0 done <"$user_db" return 1 @@ -74,7 +77,7 @@ user_emailexist(){ user_pwhash(){ local salt="$1" secret="$2" hash hash="$(printf '%s\n%s\n' "$secret" "$salt" |sha256sum)" - printf '%s\n' "${hash% *}" + printf '%s\n' "${hash%% *}" } user_register(){ @@ -126,7 +129,7 @@ user_register(){ REDIRECT "${_BASE}${PATH_INFO}#ERROR_USER_NOLOCK" fi - elif [ "$USER_REQUIREEMAIL" != true ] then + elif [ "$USER_REQUIREEMAIL" != true ]; then if [ ! "$uname" ]; then REDIRECT "${_BASE}${PATH_INFO}#ERROR_UNAME_INVALID" elif user_nameexist "$uname"; then @@ -206,7 +209,8 @@ user_login(){ local UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE local uname="$(POST uname |STRING)" pw="$(POST pw)" - while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do + [ -f "$user_db" -a -r "$user_db" ] \ + && while read -r UID UNAME STATUS EMAIL PWSALT PWHASH EXPIRE DEVICES FUTUREUSE; do if [ "$UNAME" = "$uname" -o "$EMAIL" = "$uname" ]; then if [ "$STATUS" = active -a "$EXPIRE" -gt "$_DATE" -a "$PWHASH" = "$(user_pwhash "$PWSALT" "$pw")" ]; then SESSION_COOKIE new @@ -229,11 +233,14 @@ user_logout(){ user_update(){ # passphrase, email + : } user_recover(){ # send recover link + : } user_disable(){ + : } user_init @@ -272,8 +279,8 @@ w_user_register(){ cat <<-EOF [form #user_register .registername method=POST [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off] - [input type=pw placeholder="Choose Passphrase" pattern=".{4,}"] - [input type=pwconfirm placeholder="Confirm Passphrase" pattern=".{4,}"] + [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"] + [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"] [submit "action" "user_register" Sign Up] ] EOF @@ -296,8 +303,8 @@ w_user_confirm(){ [input type=hidden name=signature value="${signature}"] [input disabled=disabled value="$(HTML "$EMAIL")"] [input name=uname placeholder="Choose Username" tooltip="Your username may contain any character but the @ sign. It must be at least 3 characters long, and it must start with a letter." pattern="^\[a-zA-Z\]\[a-zA-Z0-9 -~\]{2,127}$" autocomplete=off] - [input type=pw placeholder="Choose Passphrase" pattern=".{4,}"] - [input type=pwconfirm placeholder="Confirm Passphrase" pattern=".{4,}"] + [input type=password name=pw placeholder="Choose Passphrase" pattern=".{6,}"] + [input type=password name=pwconfirm placeholder="Confirm Passphrase" pattern=".{6,}"] [submit "action" "user_confirm" Finish Registration] ] EOF -- 2.39.2