From cf3d5588c2a9ff6ed26bbac2edcf481541fbaa31 Mon Sep 17 00:00:00 2001 From: Matt Baer Date: Wed, 22 Apr 2020 09:17:25 -0400 Subject: [PATCH] Move unique OAuth username creation to client-side Now, on OAuth signup form, we create a unique username with random appended string only if there's a conflict. Previously, this was always happening during the Slack OAuth flow. This has the benefit of preventing username collisions for all OAuth providers. --- oauth_slack.go | 4 +--- pages/signup-oauth.tmpl | 17 +++++++++++++++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/oauth_slack.go b/oauth_slack.go index 35db156..c881ab6 100644 --- a/oauth_slack.go +++ b/oauth_slack.go @@ -13,8 +13,6 @@ package writefreely import ( "context" "errors" - "fmt" - "github.com/writeas/nerds/store" "github.com/writeas/slug" "net/http" "net/url" @@ -167,7 +165,7 @@ func (c slackOauthClient) inspectOauthAccessToken(ctx context.Context, accessTok func (resp slackUserIdentityResponse) InspectResponse() *InspectResponse { return &InspectResponse{ UserID: resp.User.ID, - Username: fmt.Sprintf("%s-%s", slug.Make(resp.User.Name), store.GenerateRandomString("0123456789bcdfghjklmnpqrstvwxyz", 5)), + Username: slug.Make(resp.User.Name), DisplayName: resp.User.Name, Email: resp.User.Email, } diff --git a/pages/signup-oauth.tmpl b/pages/signup-oauth.tmpl index e02b89d..8ba65b4 100644 --- a/pages/signup-oauth.tmpl +++ b/pages/signup-oauth.tmpl @@ -130,7 +130,7 @@ var $aliasSite = document.getElementById('alias-site'); var aliasOK = true; var typingTimer; var doneTypingInterval = 750; -var doneTyping = function() { +var doneTyping = function(genID) { // Check on username var alias = $alias.el.value; if (alias != "") { @@ -153,6 +153,11 @@ var doneTyping = function() { $aliasSite.className = $aliasSite.className.replace(/(?:^|\s)error(?!\S)/g, ''); $aliasSite.innerHTML = '{{ if .Federation }}@' + data.data + '@{{.FriendlyHost}}{{ else }}{{.FriendlyHost}}/' + data.data + '/{{ end }}'; } else { + if (genID === true) { + $alias.el.value = alias + "-" + randStr(4); + doneTyping(); + return; + } aliasOK = false; $alias.setClass('error'); $aliasSite.className = 'error'; @@ -170,6 +175,14 @@ $alias.on('keyup input', function() { clearTimeout(typingTimer); typingTimer = setTimeout(doneTyping, doneTypingInterval); }); -doneTyping(); +function randStr(len) { + var res = ''; + var chars = '23456789bcdfghjklmnpqrstvwxyz'; + for (var i=0; i {{end}}