Merge branch 'dev'

docs/dev/dev.md

@@ -29,9 +29,17 @@ git clone https://framagit.org/les/gancio
 yarn
 ```
 
-4. Hacking
+4. Run db migrations
+```bash
+./node_modules/.bin/sequelize db:migrate
+```
+
+5. Hacking
 ```bash
 yarn dev
 ```
 
-Please use the [issue board](https://framagit.org/les/gancio/-/boards) and the [forum](https://framavox.org/g/hMXTDgtJ/gancio) to discuss any modification.
+> warning "Warning"
+> You need to register a first user, this will be an active administrator!
+
+Please use the [issue board](https://framagit.org/les/gancio/-/boards) and the [forum](https://framavox.org/g/hMXTDgtJ/gancio) to discuss any modification.

locales/it.json

@@ -101,7 +101,8 @@
   "register": {
     "description": "I movimenti hanno bisogno di organizzarsi e autofinanziarsi. <br/>Questo è un dono per voi, usatelo solo per eventi non commerciali e ovviamente antifascisti, antisessisti, antirazzisti. \n      <br/>Prima di poter pubblicare <strong>dobbiamo approvare l'account</strong>, considera che <strong>dietro questo sito ci sono delle persone</strong> di\n      carne e sangue, scrivici quindi due righe per farci capire che eventi vorresti pubblicare.",
     "error": "Errore: ",
-    "complete": "Confermeremo la registrazione quanto prima."
+    "complete": "Confermeremo la registrazione quanto prima.",
+    "first_user": "Amministratore creato e attivo"
   },
   "event": {
     "anon": "Anonimo",

pages/Register.vue

@@ -21,6 +21,7 @@
 import { mapState } from 'vuex'
 import { Message } from 'element-ui'
 import get from 'lodash/get'
+import linkify from 'linkifyjs'
 
 export default {
   name: 'Register',
@@ -46,19 +47,21 @@ export default {
     this.$refs.email.focus()
   },
   methods: {
-    close () {
-      this.$router.replace('/')
-    },
     async register () {
-      this.loading = true
       try {
-        await this.$axios.$post('/user/register', this.user)
+        if (!linkify.test(this.user.email, 'email')) {
+          throw new Error('Invalid email')
+        }
+        this.loading = true
+        const user = await this.$axios.$post('/user/register', this.user)
+        // this is the first user registered
+        const first_user = user && user.is_admin && user.is_active
         Message({
           showClose: true,
-          message: this.$t('register.complete'),
+          message: first_user ? this.$t('register.first_user') : this.$t('register.complete'),
           type: 'success'
         })
-        this.close()
+        this.$router.replace('/')
       } catch (e) {
         const error = get(e, 'response.data.errors[0].message', String(e))
         Message({

server/api/controller/user.js

@@ -5,6 +5,7 @@ const mail = require('../mail')
 const { user: User } = require('../models')
 const settingsController = require('./settings')
 const debug = require('debug')('user:controller')
+const linkify = require('linkifyjs')
 
 const userController = {
 
@@ -79,14 +80,22 @@ const userController = {
     if (!settingsController.settings.allow_registration) { return res.sendStatus(404) }
     const n_users = await User.count()
     try {
+      req.body.recover_code = crypto.randomBytes(16).toString('hex')
+
       // the first registered user will be an active admin
       if (n_users === 0) {
         req.body.is_active = req.body.is_admin = true
-      } else {
+        const user = await User.create(req.body)
-        req.body.is_active = false
+        return res.json(user)
+      }
+
+      req.body.is_active = false
+
+      // check email
+      if (!linkify.test(req.body.email, 'email')) {
+        return res.status(404).json('Invalid email')
       }
 
-      req.body.recover_code = crypto.randomBytes(16).toString('hex')
       debug('Register user ', req.body.email)
       const user = await User.create(req.body)
       debug(`Sending registration email to ${user.email}`)

server/api/models/user.js

@@ -10,7 +10,6 @@ module.exports = (sequelize, DataTypes) => {
       type: DataTypes.STRING,
       unique: { msg: 'error.email_taken' },
       validate: {
-        isEmail: true,
         notEmpty: true
       },
       index: true,

server/cli.js

@@ -145,7 +145,7 @@ async function setupQuestionnaire (is_docker, db) {
   }
   questions.push({
     name: 'admin.email',
-    message: 'Admin email (a first user with this username will be created, also used as sender address)',
+    message: 'Admin email',
     default: options => {
       const baseurl = new url.URL(options.baseurl)
       return (

server/firstrun.js

@@ -43,7 +43,7 @@ module.exports = {
     }
 
     // create admin user
-    consola.info('Create admin user', admin)
+    consola.info(`Create admin with email: ${admin.email}`)
     await db.user.create({
       email: admin.email,
       password: admin.password,