Added basic profile sanatization for legacy migration data.

2025-10-16 05:48:12 -04:00 · 2025-10-16 05:48:12 -04:00 · 66ec2fabc5
parent 6cbb726764
commit 66ec2fabc5
2 changed files with 10 additions and 6 deletions
--- a/src/schemas/user/migrationSchema.js
+++ b/src/schemas/user/migrationSchema.js
@ -19,6 +19,7 @@ const fs = require('node:fs/promises');

 //NPM Imports
 const {mongoose} = require('mongoose');
+const validator = require('validator');

 //local imports
 const config = require('../../../config.json');
@ -223,7 +224,7 @@ migrationSchema.statics.ingestLegacyUser = async function(rawProfile){
            pass: profileArray[2],
            //Clamp rank to 0 and the max setting allowed by the rank enum
            rank: Math.min(Math.max(0, profileArray[3]), permissionModel.rankEnum.length - 1),
-            email: profileArray[4],
+            email: validator.normalizeEmail(profileArray[4]),
            date: profileArray[7],
        })

@ -233,8 +234,8 @@ migrationSchema.statics.ingestLegacyUser = async function(rawProfile){
            const bioObject = JSON.parse(profileArray[5].replaceAll("\'",'\\\''));

            //Inject bio information into migration profile, only if they're present;
-            migrationProfile.bio = bioObject.text == '' ? undefined : bioObject.text;
-            migrationProfile.image = bioObject.image  == '' ? undefined : bioObject.image;
+            migrationProfile.bio = bioObject.text == '' ? undefined : validator.escape(bioObject.text);
+            migrationProfile.image = bioObject.image  == '' ? undefined : validator.escape(bioObject.image);
        }

        //Build DB Doc from migration Profile hashtable and dump it into the DB
@ -359,13 +360,14 @@ migrationSchema.methods.consume = async function(ip, migration){

    //if we submitted an email
    if(this.email != null && this.email != ''){
-        //Generate new request
+        //Generate new email change request
        const requestDB = await emailChangeModel.create({user: newUser._id, newEmail: this.email, ipHash: ip});

-        //Send confirmation email
+        //Send tokenized confirmation email
        mailUtils.sendAddressVerification(requestDB, newUser, this.email, false, true);
    }

+    //Nuke out miration entry
    await this.deleteOne();
 }

--- a/src/schemas/user/userSchema.js
+++ b/src/schemas/user/userSchema.js
@ -287,9 +287,11 @@ userSchema.statics.register = async function(userObj, ip){

            //if we submitted an email
            if(email != null){
+                //Generate email request token
                const requestDB = await emailChangeModel.create({user: newUser._id, newEmail: email, ipHash: ip});

-                await mailUtil.sendAddressVerification(requestDB, newUser, email, true);
+                //Send tokenized confirmation link to users email address
+                mailUtil.sendAddressVerification(requestDB, newUser, email, true);
            }
        }
    }else{