Skip to content

Commit

Permalink
Merge pull request #10 from revalo/master
Browse files Browse the repository at this point in the history
Security Patch
  • Loading branch information
jlin816 authored Mar 26, 2017
2 parents 74f5174 + a6ff7f2 commit c1a2d12
Showing 1 changed file with 27 additions and 1 deletion.
28 changes: 27 additions & 1 deletion app/server/controllers/UserController.js
Original file line number Diff line number Diff line change
Expand Up @@ -287,6 +287,27 @@ UserController.updateProfileById = function (id, profile, callback){
return callback({message: 'invalid profile'});
}

// Check if its within the registration window.
Settings.getRegistrationTimes(function(err, times){
if (err) {
callback(err);
}

var now = Date.now();

if (now < times.timeOpen){
return callback({
message: "Registration opens in " + moment(times.timeOpen).fromNow() + "!"
});
}

if (now > times.timeClose){
return callback({
message: "Sorry, registration is closed."
});
}
});

User.findOneAndUpdate({
_id: id,
verified: true
Expand Down Expand Up @@ -439,13 +460,18 @@ UserController.createOrJoinTeam = function(id, code, callback){
});
}

if (typeof code !== 'string') {
return callback({
message: "Get outta here, punk!"
});
}

User.find({
teamCode: code
})
.select('profile.name')
.exec(function(err, users){
// Check to see if this team is joinable (< team max size)

if (users.length >= maxTeamSize){
return callback({
message: "Team is full."
Expand Down

0 comments on commit c1a2d12

Please sign in to comment.