Merge pull request #238 from williamboman/fix/safer-add-user

clientManager: don't write user configs outside of lounge's users dir
This commit is contained in:
Jérémie Astori 2016-05-08 13:21:01 -04:00
commit 29e0717d8c

View File

@ -3,6 +3,7 @@ var fs = require("fs");
var Client = require("./client"); var Client = require("./client");
var mkdirp = require("mkdirp"); var mkdirp = require("mkdirp");
var Helper = require("./helper"); var Helper = require("./helper");
var path = require("path");
module.exports = ClientManager; module.exports = ClientManager;
@ -67,19 +68,25 @@ ClientManager.prototype.addUser = function(name, password) {
return false; return false;
} }
try { try {
var path = Helper.HOME + "/users"; var usersPath = path.join(Helper.HOME, "users");
mkdirp.sync(usersPath);
if (path.basename(name) !== name) {
throw new Error(name + " is an invalid username.");
}
var user = { var user = {
user: name, user: name,
password: password || "", password: password || "",
log: false, log: false,
networks: [] networks: []
}; };
mkdirp.sync(path);
fs.writeFileSync( fs.writeFileSync(
path + "/" + name + ".json", path.join(usersPath, name + ".json"),
JSON.stringify(user, null, " ") JSON.stringify(user, null, " ")
); );
} catch (e) { } catch (e) {
log.error("Failed to add user " + name, e);
throw e; throw e;
} }
return true; return true;