Implement user registration feature

carlbennett · carlbennett · commit 1fd53637e9e6 · 2016-03-26T11:06:36.000Z
diff --git a/config.sample.json b/config.sample.json
@@ -5,10 +5,11 @@
       "BNETDocs has to take a brief moment to do some system maintenance. We'll be back shortly."
     ],
     "user_login_disabled": false,
+    "user_password_pepper": "bnetdocs-INSERTRANDOMVALUEHERE",
     "user_register_disabled": false,
     "user_register_requirements": {
       "email_duplicate_allowed": false,
-      "email_validate_regex": true,
+      "email_validate_quick": true,
       "password_allow_email": false,
       "password_allow_username": false,
       "password_length_max": null,
@@ -39,5 +40,10 @@
     ],
     "timeout": 3,
     "username": "bnetdocs"
+  },
+  "recaptcha": {
+    "secret": "google-provided-value",
+    "sitekey": "google-provided-value",
+    "url": "https://www.google.com/recaptcha/api/siteverify"
   }
 }
diff --git a/controllers/User/ChangePassword.php b/controllers/User/ChangePassword.php
@@ -89,7 +89,7 @@ protected function tryChangePassword(
       $model->user_session->user_id,
       getenv("REMOTE_ADDR"),
       json_encode([
-        "error" => $model->error,
+        "error"             => $model->error,
         "old_password_hash" => $old_password_hash,
         "old_password_salt" => $old_password_salt,
         "new_password_hash" => $new_password_hash,
diff --git a/controllers/User/Register.php b/controllers/User/Register.php
@@ -2,10 +2,16 @@
 
 namespace BNETDocs\Controllers\User;
 
+use \BNETDocs\Libraries\CSRF;
 use \BNETDocs\Libraries\Common;
 use \BNETDocs\Libraries\Controller;
+use \BNETDocs\Libraries\Exceptions\RecaptchaException;
 use \BNETDocs\Libraries\Exceptions\UnspecifiedViewException;
+use \BNETDocs\Libraries\Exceptions\UserNotFoundException;
+use \BNETDocs\Libraries\Exceptions\QueryException;
+use \BNETDocs\Libraries\Logger;
 use \BNETDocs\Libraries\Router;
+use \BNETDocs\Libraries\User;
 use \BNETDocs\Libraries\UserSession;
 use \BNETDocs\Models\User\Register as UserRegisterModel;
 use \BNETDocs\Views\User\RegisterHtml as UserRegisterHtmlView;
@@ -21,7 +27,14 @@ public function run(Router &$router) {
         throw new UnspecifiedViewException();
     }
     $model = new UserRegisterModel();
+    $model->csrf_id      = mt_rand();
+    $model->csrf_token   = CSRF::generate($model->csrf_id);
+    $model->captcha_key  = Common::$config->recaptcha->sitekey;
+    $model->error        = null;
     $model->user_session = UserSession::load($router);
+    if ($router->getRequestMethod() == "POST") {
+      $this->tryRegister($router, $model);
+    }
     ob_start();
     $view->render($model);
     $router->setResponseCode(200);
@@ -31,4 +44,134 @@ public function run(Router &$router) {
     ob_end_clean();
   }
 
+  protected function tryRegister(Router &$router, UserRegisterModel &$model) {
+    $data = $router->getRequestBodyArray();
+    $model->email    = (isset($data["email"   ]) ? $data["email"   ] : null);
+    $model->username = (isset($data["username"]) ? $data["username"] : null);
+    if (isset($model->user_session)) {
+      $model->error = "ALREADY_LOGGED_IN";
+      return;
+    }
+    $csrf_id    = (isset($data["csrf_id"   ]) ? $data["csrf_id"   ] : null);
+    $csrf_token = (isset($data["csrf_token"]) ? $data["csrf_token"] : null);
+    $csrf_valid = CSRF::validate($csrf_id, $csrf_token);
+    if (!$csrf_valid) {
+      $model->error = "INVALID_CSRF";
+      return;
+    }
+    CSRF::invalidate($csrf_id);
+    $email    = $model->email;
+    $username = $model->username;
+    $pw1      = (isset($data["pw1"]) ? $data["pw1"] : null);
+    $pw2      = (isset($data["pw2"]) ? $data["pw2"] : null);
+    $captcha  = (
+      isset($data["g-recaptcha-response"]) ?
+      $data["g-recaptcha-response"]        :
+      null
+    );
+    if (!self::verifyCaptcha($captcha)) {
+      $model->error = "INVALID_CAPTCHA";
+      return;
+    }
+    if ($pw1 !== $pw2) {
+      $model->error = "NONMATCHING_PASSWORD";
+      return;
+    }
+    $pwlen       = strlen($pw1);
+    $usernamelen = strlen($username);
+    $req = Common::$config->bnetdocs->user_register_requirements;
+    if ($req->email_validate_quick
+      && !filter_var($email, FILTER_VALIDATE_EMAIL)) {
+      $model->error = "INVALID_EMAIL";
+      return;
+    }
+    if (!$req->password_allow_email && stripos($pw1, $email)) {
+      $model->error = "PASSWORD_CONTAINS_EMAIL";
+      return;
+    }
+    if (!$req->password_allow_username && stripos($pw1, $username)) {
+      $model->error = "PASSWORD_CONTAINS_USERNAME";
+      return;
+    }
+    if (is_numeric($req->username_length_max)
+      && $usernamelen > $req->username_length_max) {
+      $model->error = "USERNAME_TOO_LONG";
+      return;
+    }
+    if (is_numeric($req->username_length_min)
+      && $usernamelen < $req->username_length_min) {
+      $model->error = "USERNAME_TOO_SHORT";
+      return;
+    }
+    if (is_numeric($req->password_length_max)
+      && $pwlen > $req->password_length_max) {
+      $model->error = "PASSWORD_TOO_LONG";
+      return;
+    }
+    if (is_numeric($req->password_length_min)
+      && $pwlen < $req->password_length_min) {
+      $model->error = "PASSWORD_TOO_SHORT";
+      return;
+    }
+    if (Common::$config->bnetdocs->user_register_disabled) {
+      $model->error = "REGISTER_DISABLED";
+      return;
+    }
+    try {
+      if (!$req->email_duplicate_allowed && User::findIdByEmail($email)) {
+        $model->error = "EMAIL_ALREADY_USED";
+        return;
+      }
+    } catch (UserNotFoundException $e) {}
+    try {
+      $success = User::create($email, $username, null, $pw1, 0);
+    } catch (QueryException $e) {
+      // SQL error occurred. We can show a friendly message to the user while
+      // also notifying this problem to staff.
+      Logger::logException($e);
+    }
+    if (!$success) {
+      $model->error = "INTERNAL_ERROR";
+    } else {
+      $model->error = false;
+    }
+    Logger::logEvent(
+      "user_created",
+      null,
+      getenv("REMOTE_ADDR"),
+      json_encode([
+        "error"           => $model->error,
+        "requirements"    => $req,
+        "email"           => $email,
+        "username"        => $username,
+        "display_name"    => null,
+        "options_bitmask" => 0,
+      ])
+    );
+  }
+
+  protected static function verifyCaptcha($g_captcha_response) {
+    $data = [
+      "secret"   => Common::$config->recaptcha->secret,
+      "response" => $g_captcha_response,
+      "remoteip" => getenv("REMOTE_ADDR"),
+    ];
+    $r = Common::curlRequest(Common::$config->recaptcha->url, $data);
+    Logger::logMetric("response_code", $r->code);
+    Logger::logMetric("response_type", $r->type);
+    Logger::logMetric("response_data", $r->data);
+    if ($r->code != 200)
+      throw new RecaptchaException("Received bad HTTP status");
+    if (stripos($r->type, "json") === false)
+      throw new RecaptchaException("Received unknown content type");
+    if (empty($data))
+      throw new RecaptchaException("Received empty response");
+    $j = json_decode($r->data);
+    $e = json_last_error();
+    Logger::logMetric("json_last_error", $e);
+    if (!$j || $e !== JSON_ERROR_NONE || !property_exists($j, "success"))
+      throw new RecaptchaException("Received invalid response");
+    return ($j->success);
+  }
+
 }
diff --git a/libraries/Exceptions/RecaptchaException.php b/libraries/Exceptions/RecaptchaException.php
@@ -0,0 +1,14 @@
+<?php
+
+namespace BNETDocs\Libraries\Exceptions;
+
+use \BNETDocs\Libraries\Exceptions\BNETDocsException;
+use \Exception;
+
+class RecaptchaException extends BNETDocsException {
+
+  public function __construct($message, Exception &$prev_ex = null) {
+    parent::__construct($message, 15, $prev_ex);
+  }
+
+}
diff --git a/libraries/Exceptions/Reference.md b/libraries/Exceptions/Reference.md
@@ -19,3 +19,4 @@ All of the following errors are subclassed from the `BNETDocsException` class.
 | 12         | `NewsCategoryNotFoundException` | News category not found                              |
 | 13         | `PacketNotFoundException`       | Packet not found                                     |
 | 14         | `DocumentNotFoundException`     | Document not found                                   |
+| 15         | `RecaptchaException`            | `$message`                                           |
diff --git a/templates/User/Login.phtml b/templates/User/Login.phtml
@@ -42,7 +42,7 @@ require("./header.inc.phtml");
 ?>
       <article>
 <?php if ($this->getContext()->error !== false) { ?>
-        <header>Log In</header>
+        <header>Account Login</header>
 <?php if (!empty($message)) { ?>
         <section class="red">
           <p><?php echo $message; ?></p>
diff --git a/templates/User/Logout.phtml b/templates/User/Logout.phtml
@@ -25,7 +25,7 @@ require("./header.inc.phtml");
 ?>
       <article>
 <?php if (is_null($this->getContext()->error)) { ?>
-        <header>Logout</header>
+        <header>Account Logout</header>
         <form method="POST" action="?">
           <input type="hidden" name="csrf_id" value="<?php echo $this->getContext()->csrf_id; ?>"/>
           <input type="hidden" name="csrf_token" value="<?php echo $this->getContext()->csrf_token; ?>"/>
diff --git a/templates/User/Register.phtml b/templates/User/Register.phtml
@@ -5,23 +5,129 @@ use \BNETDocs\Libraries\Common;
 use \BNETDocs\Libraries\Pair;
 
 $title       = "Create Account";
-$description = "This form allows an individual to create an account on BNETDocs";
+$description = "This form allows an individual to create an account on BNETDocs.";
 $this->opengraph->attach(new Pair("url", "/user/register"));
 
+switch ($this->getContext()->error) {
+  case null:
+    $af      = "email";
+    $message = null;
+    break;
+  case "ALREADY_LOGGED_IN":
+    $af      = null;
+    $message = "You are already logged in, you must log out first.";
+    break;
+  case "INVALID_CSRF":
+    $af      = null;
+    $message = "The Cross-Site Request Forgery token was invalid. "
+      . "Either the account creation form expired, or "
+      . "this may have been a malicious attempt to create an account.";
+    break;
+  case "INVALID_CAPTCHA":
+    $af      = "";
+    $message = "The captcha code did not successfully verify, try again.";
+    break;
+  case "NONMATCHING_PASSWORD":
+    $af      = "pw1";
+    $message = "The password does not match its confirmation.";
+    break;
+  case "INVALID_EMAIL":
+    $af      = "email";
+    $message = "The email address is invalid.";
+    break;
+  case "PASSWORD_CONTAINS_EMAIL":
+    $af      = "pw1";
+    $message = "The password contains the email address, "
+      . "use a better password.";
+    break;
+  case "PASSWORD_CONTAINS_USERNAME":
+    $af      = "pw1";
+    $message = "The password contains the username, use a better password.";
+    break;
+  case "USERNAME_TOO_LONG":
+    $af      = "username";
+    $message = "The username is too long, choose a different username.";
+    break;
+  case "USERNAME_TOO_SHORT":
+    $af      = "username";
+    $message = "The username is too short, choose a different username.";
+    break;
+  case "PASSWORD_TOO_LONG":
+    $af      = "pw1";
+    $message = "The password is too long, shorten it.";
+    break;
+  case "PASSWORD_TOO_SHORT":
+    $af      = "pw1";
+    $message = "The password is too short, use a better password.";
+    break;
+  case "REGISTER_DISABLED":
+    $af      = null;
+    $message = "Creating accounts has been administratively disabled "
+      . "indefinitely.";
+    break;
+  case "EMAIL_ALREADY_USED":
+    $af      = "email";
+    $message = "The email address is already in use, use another.";
+    break;
+  case "INTERNAL_ERROR":
+    $af      = null;
+    $message = "An internal error occurred while processing your request. "
+      . "Our staff has been notified of the issue. Try again later.";
+    break;
+  default:
+    $af      = null;
+    $message = $this->getContext()->error;
+}
+
+$safe_email    = htmlentities($this->getContext()->email   , ENT_HTML5, "UTF-8");
+$safe_username = htmlentities($this->getContext()->username, ENT_HTML5, "UTF-8");
+
 $this->additional_css[] = "/a/forms.css";
 require("./header.inc.phtml");
 ?>
       <article>
-<?php if (!isset($this->getContext()->user_session)) { ?>
+<?php if ($this->getContext()->error !== false) { ?>
+        <script async defer="defer" src="https://www.google.com/recaptcha/api.js"><![CDATA[]]></script>
         <header>Create Account</header>
-        <section>
-          <?php require("./NYI.inc.phtml"); ?>
+<?php if (!empty($message)) { ?>
+        <section class="red">
+          <p><?php echo $message; ?></p>
         </section>
+<?php } ?>
+        <form method="POST" action="?">
+          <input type="hidden" name="csrf_id" value="<?php echo $this->getContext()->csrf_id; ?>"/>
+          <input type="hidden" name="csrf_token" value="<?php echo $this->getContext()->csrf_token; ?>"/>
+          <section>
+            <table><tbody><tr>
+              <td>
+                <label for="email">Email address:</label><br/>
+                <input type="email" name="email" id="email" tabindex="1"
+                  value="<?php echo $safe_email; ?>" required<?php if ($af == "email") { ?> autofocus="autofocus"<?php } ?>/>
+              </td><td>
+                <label for="username">Username:</label><br/>
+                <input type="text" name="username" id="username" tabindex="2"
+                  value="<?php echo $safe_username; ?>" required<?php if ($af == "username") { ?> autofocus="autofocus"<?php } ?>/>
+              </td></tr><tr><td>
+                <label for="pw1">Password:</label><br/>
+                <input type="password" name="pw1" id="pw1" tabindex="3"
+                  value="" required<?php if ($af == "pw1") { ?> autofocus="autofocus"<?php } ?>/>
+              </td><td>
+                <label for="pw2">Confirm password:</label><br/>
+                <input type="password" name="pw2" id="pw2" tabindex="4"
+                  value="" required<?php if ($af == "pw2") { ?> autofocus="autofocus"<?php } ?>/>
+              </td></tr><tr><td colspan="2">
+                <div class="g-recaptcha" data-theme="dark" data-sitekey="<?php echo $this->getContext()->captcha_key; ?>"></div>
+              </td></tr><tr><td colspan="2" style="padding-top:16px;">
+                <input type="submit" value="Register" tabindex="5"/>
+              </td>
+            </tr></tbody></table>
+          </section>
+        </form>
 <?php } else { ?>
-        <header class="red">Create Account</header>
-        <section class="red">
-          <p>You are currently logged in to an account. You must first logout of your account before using this form.</p>
-          <p><a class="button" href="<?php echo Common::relativeUrlToAbsolute("/user/logout"); ?>">Logout</a></p>
+        <header class="green">Account Created</header>
+        <section class="green">
+          <p>You have successfully created an account!</p>
+          <p>Use the navigation to the left to move to another page.</p>
         </section>
 <?php } ?>
       </article>
