improve login validation

lib/Auth/endpoints/setLoginRequestHandler.ts

@@ -39,7 +39,7 @@ export function setLoginRequestHandler(this: AuthHandler, app: e.Express) {
   });
 }
 
-const parseLoginData = (bodyData: any): AuthRequest.LoginData | { error: string } => {
+export const parseLoginData = (bodyData: any): AuthRequest.LoginData | { error: string } => {
   const loginData: AuthRequest.LoginData = {
     username: "",
     remember_me: !!bodyData?.remember_me,

lib/Auth/endpoints/setRegisterRequestHandler.ts

@@ -4,6 +4,7 @@ import { AUTH_ROUTES_AND_PARAMS, HTTP_FAIL_CODES } from "../AuthHandler";
 import type { AuthRegistrationConfig } from "../AuthTypes";
 import { sendEmail } from "../sendEmail";
 import { getClientRequestIPsInfo } from "../utils/getClientRequestIPsInfo";
+import { parseLoginData } from "./setLoginRequestHandler";
 
 type ReturnType =
   | AuthResponse.MagicLinkAuthFailure
@@ -19,20 +20,26 @@ export const setRegisterRequestHandler = (
   app: e.Express
 ) => {
   const registerRequestHandler = async (req: Request, res: Response<ReturnType>) => {
-    const { username, password } = req.body;
+    const dataOrError = parseLoginData(req.body);
+    if ("error" in dataOrError) {
+      return res
+        .status(HTTP_FAIL_CODES.BAD_REQUEST)
+        .json({ success: false, code: "something-went-wrong", message: dataOrError.error });
+    }
+    const { username, password } = dataOrError;
     const sendResponse = (response: ReturnType) => {
       if (response.success) {
         res.json(response);
       } else {
         res.status(HTTP_FAIL_CODES.BAD_REQUEST).json(response);
       }
     };
-    if (!username || typeof username !== "string") {
+    if (!username) {
       return sendResponse({ success: false, code: "username-missing" });
     }
     if (emailAuthConfig.signupType === "withPassword") {
       const { minPasswordLength = 8 } = emailAuthConfig;
-      if (typeof password !== "string") {
+      if (!password) {
         return sendResponse({ success: false, code: "password-missing" });
       } else if (password.length < minPasswordLength) {
         return sendResponse({
@@ -47,13 +54,14 @@ export const setRegisterRequestHandler = (
       const { smtp } = emailAuthConfig;
       const errCodeOrResult =
         emailAuthConfig.signupType === "withPassword" ?
-          await emailAuthConfig.onRegister({
-            email: username,
-            password,
-            confirmationUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.confirmEmail}`,
-            clientInfo,
-            req: httpReq,
-          })
+          !password ? "weak-password"
+          : await emailAuthConfig.onRegister({
+              email: username,
+              password,
+              confirmationUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.confirmEmail}`,
+              clientInfo,
+              req: httpReq,
+            })
         : await emailAuthConfig.onRegister({
             email: username,
             magicLinkUrlPath: `${websiteUrl}${AUTH_ROUTES_AND_PARAMS.magicLinksRoute}`,

package.json

@@ -1,6 +1,6 @@
 {
   "name": "prostgles-server",
-  "version": "4.2.201",
+  "version": "4.2.202",
   "description": "",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",