From a594b197452ce363c4e5ff7448986c88b0ccba40 Mon Sep 17 00:00:00 2001 From: Calvin Montgomery Date: Wed, 15 Mar 2017 23:44:03 -0700 Subject: [PATCH] Fix user join ban check for users with blank names (but clean IPs) --- .gitignore | 1 + .../regressions/checkban-blank-name.js | 130 ++++++++++++++++++ package.json | 5 +- src/channel/kickban.js | 12 +- 4 files changed, 143 insertions(+), 5 deletions(-) create mode 100644 integration_test/regressions/checkban-blank-name.js diff --git a/.gitignore b/.gitignore index 91c1419f..44336c28 100644 --- a/.gitignore +++ b/.gitignore @@ -12,3 +12,4 @@ torlist www/cache google-drive-subtitles lib/ +integration-test-config.json diff --git a/integration_test/regressions/checkban-blank-name.js b/integration_test/regressions/checkban-blank-name.js new file mode 100644 index 00000000..9976a944 --- /dev/null +++ b/integration_test/regressions/checkban-blank-name.js @@ -0,0 +1,130 @@ +const assert = require('assert'); +const KickbanModule = require('../../lib/channel/kickban'); +const db = require('../../lib/database'); +const dbChannels = require('../../lib/database/channels'); +const Promise = require('bluebird'); +const Config = require('../../lib/config'); +const ChannelModule = require('../../lib/channel/module'); +const Flags = require('../../lib/flags'); +const TestConfig = require('../../integration-test-config.json'); +require('../../lib/counters'); + +function randomString(length) { + const chars = 'abcdefgihkmnpqrstuvwxyz0123456789'; + let str = ''; + for (let i = 0; i < length; i++) { + str += chars[Math.floor(Math.random() * chars.length)]; + } + return str; +} + +Config.set('mysql.password', TestConfig.mysql.password); +db.init(); + +describe('onPreUserJoin Ban Check', () => { + const channelName = `test_${randomString(20)}`; + const bannedIP = '1.1.1.1'; + const bannedName = 'troll'; + const mockChannel = { + name: channelName, + modules: {}, + is(flag) { + return flag === Flags.C_REGISTERED; + } + }; + const module = new KickbanModule(mockChannel); + before(done => { + dbChannels.ban(channelName, bannedIP, bannedName, '', '', () => { + dbChannels.ban(channelName, bannedIP, '', '', '', () => { + dbChannels.ban(channelName, '*', bannedName, '', '', () => { + done(); + }); + }); + }); + }); + after(done => { + dbChannels.deleteBans(channelName, null, () => { + done(); + }); + }); + + it('handles a banned IP with a different name', done => { + const user = { + getName() { + return 'anotherTroll'; + }, + + realip: bannedIP + }; + + module.onUserPreJoin(user, null, (error, res) => { + assert.equal(error, null, `Unexpected error: ${error}`); + assert.equal(res, ChannelModule.DENY, 'Expected user to be banned'); + done(); + }); + }); + + it('handles a banned name with a different IP', done => { + const user = { + getName() { + return 'troll'; + }, + + realip: '5.5.5.5' + }; + + module.onUserPreJoin(user, null, (error, res) => { + assert.equal(error, null, `Unexpected error: ${error}`); + assert.equal(res, ChannelModule.DENY, 'Expected user to be banned'); + done(); + }); + }); + + it('handles a banned IP with a blank name', done => { + const user = { + getName() { + return ''; + }, + + realip: bannedIP + }; + + module.onUserPreJoin(user, null, (error, res) => { + assert.equal(error, null, `Unexpected error: ${error}`); + assert.equal(res, ChannelModule.DENY, 'Expected user to be banned'); + done(); + }); + }); + + it('handles a non-banned IP with a blank name', done => { + const user = { + getName() { + return ''; + }, + + realip: '5.5.5.5' + }; + + module.onUserPreJoin(user, null, (error, res) => { + assert.equal(error, null, `Unexpected error: ${error}`); + assert.equal(res, ChannelModule.PASSTHROUGH, 'Expected user not to be banned'); + done(); + }); + }); + + it('handles a non-banned IP with a non-banned name', done => { + const user = { + getName() { + return 'some_user'; + }, + + realip: '5.5.5.5' + }; + + module.onUserPreJoin(user, null, (error, res) => { + assert.equal(error, null, `Unexpected error: ${error}`); + assert.equal(res, ChannelModule.PASSTHROUGH, 'Expected user not to be banned'); + done(); + }); + }); +}); \ No newline at end of file diff --git a/package.json b/package.json index b6a67a6a..89f7428b 100644 --- a/package.json +++ b/package.json @@ -2,7 +2,7 @@ "author": "Calvin Montgomery", "name": "CyTube", "description": "Online media synchronizer and chat", - "version": "3.34.1", + "version": "3.34.2", "repository": { "url": "http://github.com/calzoneman/sync" }, @@ -54,7 +54,8 @@ "postinstall": "./postinstall.sh", "server-dev": "babel -D --watch --source-maps --loose es6.destructuring,es6.forOf --out-dir lib/ src/", "generate-userscript": "$npm_node_execpath gdrive-userscript/generate-userscript $@ > www/js/cytube-google-drive.user.js", - "test": "mocha" + "test": "mocha", + "integration-test": "mocha --recursive integration_test" }, "devDependencies": { "coffee-script": "^1.9.2", diff --git a/src/channel/kickban.js b/src/channel/kickban.js index aedf02c9..c349e9de 100644 --- a/src/channel/kickban.js +++ b/src/channel/kickban.js @@ -59,16 +59,22 @@ KickBanModule.prototype.onUserPreJoin = function (user, data, cb) { return cb(null, ChannelModule.PASSTHROUGH); } - var cname = this.channel.name; - checkBan(cname, user.realip, user.getName(), function (banned) { + const cname = this.channel.name; + const check = (user.getName() !== '') ? checkBan : checkIPBan; + function callback(banned) { if (banned) { cb(null, ChannelModule.DENY); user.kick("You are banned from this channel."); } else { cb(null, ChannelModule.PASSTHROUGH); } - }); + } + if (user.getName() !== '') { + checkBan(cname, user.realip, user.getName(), callback); + } else { + checkIPBan(cname, user.realip, callback); + } }; KickBanModule.prototype.onUserPostJoin = function (user) {