Merge pull request #238 from williamboman/fix/safer-add-user

clientManager: don't write user configs outside of lounge's users dir
This commit is contained in:
Jérémie Astori 2016-05-08 13:21:01 -04:00
commit 29e0717d8c

View File

@ -3,6 +3,7 @@ var fs = require("fs");
var Client = require("./client");
var mkdirp = require("mkdirp");
var Helper = require("./helper");
var path = require("path");
module.exports = ClientManager;
@ -67,19 +68,25 @@ ClientManager.prototype.addUser = function(name, password) {
return false;
}
try {
var path = Helper.HOME + "/users";
var usersPath = path.join(Helper.HOME, "users");
mkdirp.sync(usersPath);
if (path.basename(name) !== name) {
throw new Error(name + " is an invalid username.");
}
var user = {
user: name,
password: password || "",
log: false,
networks: []
};
mkdirp.sync(path);
fs.writeFileSync(
path + "/" + name + ".json",
path.join(usersPath, name + ".json"),
JSON.stringify(user, null, " ")
);
} catch (e) {
log.error("Failed to add user " + name, e);
throw e;
}
return true;