github-mirror/framework
2
0
Fork 0
mirror of https://github.com/flarum/framework.git synced 2024-11-24 17:57:53 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

Prevent editing fields in sign up modal according to identification data

Browse Source
This commit is contained in:
Clark Winkelmann 2018-01-02 00:13:33 +01:00
parent 40ebc13292
commit fa9d89d690
2 changed files with 14 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
js/forum/src/components/SignUpModal.js
View File

@ -60,6 +60,10 @@ export default class SignUpModal extends Modal {
];
}
fieldCantBeEdited(field) {
return this.props.identification_fields && this.props.identification_fields.indexOf(field) !== -1;
}
body() {
return [
this.props.token ? '' : <LogInButtons/>,
@ -69,14 +73,14 @@ export default class SignUpModal extends Modal {
<input className="FormControl" name="username" type="text" placeholder={extractText(app.translator.trans('core.forum.sign_up.username_placeholder'))}
value={this.username()}
onchange={m.withAttr('value', this.username)}
disabled={this.loading} />
disabled={this.loading || this.fieldCantBeEdited('username')} />
</div>
<div className="Form-group">
<input className="FormControl" name="email" type="email" placeholder={extractText(app.translator.trans('core.forum.sign_up.email_placeholder'))}
value={this.email()}
onchange={m.withAttr('value', this.email)}
disabled={this.loading || (this.props.token && this.props.email)} />
disabled={this.loading || this.fieldCantBeEdited('email')} />
</div>
{this.props.token ? '' : (

9
src/Forum/AuthenticationResponseFactory.php
View File

@ -104,7 +104,14 @@ class AuthenticationResponseFactory
$token = AuthToken::generate($identification);
$token->save();
$payload = array_merge($identification, $suggestions, ['token' => $token->id]);
$payload = array_merge(
$identification,
$suggestions,
['token' => $token->id],
// List of the fields that can't be edited during sign up
// Only includes attributes on the sign up form, otherwise this could leak private attribute names
['identification_fields' => array_only(array_keys($identification), ['username', 'email'])]
);
}
return $payload;