From 768352b804a6b523478f0c154d46a0b7acba3728 Mon Sep 17 00:00:00 2001
From: Kayne Ruse <kayneruse@gmail.com>
Date: Wed, 28 Apr 2021 21:00:48 +1000
Subject: [PATCH] Hopefully plugged an undefined username hole

---
 server/admin/ban-user.js              | 4 ++--
 server/admin/grant-admin.js           | 2 +-
 server/admin/grant-mod.js             | 2 +-
 server/admin/index.js                 | 2 +-
 server/admin/remove-admin.js          | 2 +-
 server/admin/remove-mod.js            | 2 +-
 server/auth/index.js                  | 2 +-
 server/auth/login.js                  | 2 +-
 server/auth/signup.js                 | 2 +-
 server/auth/validation.js             | 4 ++--
 server/utilities/validate-username.js | 4 ++--
 11 files changed, 14 insertions(+), 14 deletions(-)

diff --git a/server/admin/ban-user.js b/server/admin/ban-user.js
index 1128979..3980c33 100644
--- a/server/admin/ban-user.js
+++ b/server/admin/ban-user.js
@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			},
 			admin: {
 				[Op.not]: true
@@ -27,7 +27,7 @@ const route = async (req, res) => {
 	//forcibly logout
 	tokens.destroy({
 		where: {
-			username: req.body.username
+			username: req.body.username || ''
 		}
 	});
 
diff --git a/server/admin/grant-admin.js b/server/admin/grant-admin.js
index a67dc39..5440f1c 100644
--- a/server/admin/grant-admin.js
+++ b/server/admin/grant-admin.js
@@ -10,7 +10,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});
diff --git a/server/admin/grant-mod.js b/server/admin/grant-mod.js
index 85c08ef..785d3ae 100644
--- a/server/admin/grant-mod.js
+++ b/server/admin/grant-mod.js
@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});
diff --git a/server/admin/index.js b/server/admin/index.js
index 0ca330d..38c6751 100644
--- a/server/admin/index.js
+++ b/server/admin/index.js
@@ -12,7 +12,7 @@ router.use(tokenAuth);
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
-			username: req.user.username
+			username: req.user.username || ''
 		}
 	});
 
diff --git a/server/admin/remove-admin.js b/server/admin/remove-admin.js
index 8e4c53d..08fd22e 100644
--- a/server/admin/remove-admin.js
+++ b/server/admin/remove-admin.js
@@ -9,7 +9,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});
diff --git a/server/admin/remove-mod.js b/server/admin/remove-mod.js
index bebd220..bcd9814 100644
--- a/server/admin/remove-mod.js
+++ b/server/admin/remove-mod.js
@@ -10,7 +10,7 @@ const route = async (req, res) => {
 	}, {
 		where: {
 			username: {
-				[Op.eq]: req.body.username
+				[Op.eq]: req.body.username || ''
 			}
 		}
 	});
diff --git a/server/auth/index.js b/server/auth/index.js
index b0a79c6..fd445a1 100644
--- a/server/auth/index.js
+++ b/server/auth/index.js
@@ -20,7 +20,7 @@ router.use(tokenAuth);
 router.use(async (req, res, next) => {
 	const record = await accounts.findOne({
 		where: {
-			username: req.user.username
+			username: req.user.username || ''
 		}
 	});
 
diff --git a/server/auth/login.js b/server/auth/login.js
index 061a8b2..d88fb12 100644
--- a/server/auth/login.js
+++ b/server/auth/login.js
@@ -19,7 +19,7 @@ const route = async (req, res) => {
 	//get the existing account
 	const account = await accounts.findOne({
 		where: {
-			email: req.body.email
+			email: req.body.email || ''
 		}
 	});
 
diff --git a/server/auth/signup.js b/server/auth/signup.js
index 82bfe31..3779a62 100644
--- a/server/auth/signup.js
+++ b/server/auth/signup.js
@@ -70,7 +70,7 @@ const validateDetails = async (body) => {
 	//check for existing username
 	const usernameRecord = await accounts.findOne({
 		where: {
-			username: body.username
+			username: body.username || ''
 		}
 	});
 
diff --git a/server/auth/validation.js b/server/auth/validation.js
index 75bf13e..0227d4b 100644
--- a/server/auth/validation.js
+++ b/server/auth/validation.js
@@ -5,7 +5,7 @@ const route = async (req, res) => {
 	//get the existing pending signup
 	const info = await pendingSignups.findOne({
 		where: {
-			username: req.query.username
+			username: req.query.username || ''
 		}
 	});
 
@@ -29,7 +29,7 @@ const route = async (req, res) => {
 	//delete the pending signup
 	pendingSignups.destroy({
 		where: {
-			username: req.query.username
+			username: req.query.username || ''
 		}
 	});
 
diff --git a/server/utilities/validate-username.js b/server/utilities/validate-username.js
index 62e8f80..a890006 100644
--- a/server/utilities/validate-username.js
+++ b/server/utilities/validate-username.js
@@ -6,11 +6,11 @@ module.exports = username => {
 	if (username.length < 8 && username.length > 100) {
 		return false;
 	}
-	
+
 	if (!isAlpha(username)) {
 		return false;
 	}
-	
+
 	return true;
 }