{satellite/console,web/satellite}: change invite text in register page
This change removes the project name and inviter name from the registration page's invitation text in order to prevent phishing attempts using these values from succeeding. Resolves storj-private#431 Change-Id: I08636d712b6b273d484cf0594d395c9d7c02ebfa
This commit is contained in:
parent
9587e09c78
commit
ae91fa3ce4
@ -921,24 +921,11 @@ func (server *Server) handleInvited(w http.ResponseWriter, r *http.Request) {
|
||||
server.serveError(w, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
name := inviter.ShortName
|
||||
if name == "" {
|
||||
name = inviter.FullName
|
||||
}
|
||||
params.Add("inviter", name)
|
||||
params.Add("inviter_email", inviter.Email)
|
||||
|
||||
server.analytics.TrackInviteLinkClicked(inviter.Email, invite.Email)
|
||||
}
|
||||
|
||||
proj, err := server.service.GetProjectNoAuth(ctx, invite.ProjectID)
|
||||
if err != nil {
|
||||
server.log.Error("error getting invitation project", zap.Error(err))
|
||||
server.serveError(w, http.StatusInternalServerError)
|
||||
return
|
||||
}
|
||||
params.Add("project", proj.Name)
|
||||
|
||||
http.Redirect(w, r, server.config.ExternalAddress+"signup?"+params.Encode(), http.StatusTemporaryRedirect)
|
||||
}
|
||||
|
||||
|
@ -138,7 +138,7 @@ func TestInvitedRouting(t *testing.T) {
|
||||
|
||||
// Valid invite for nonexistent user should redirect to registration page with
|
||||
// query parameters containing invitation information.
|
||||
params := "email=invited%40mail.test&inviter=Project+Owner&inviter_email=owner%40mail.test&project=Test+Project"
|
||||
params := "email=invited%40mail.test&inviter_email=owner%40mail.test"
|
||||
checkInvitedRedirect("Invited - Nonexistent user", baseURL+"signup?"+params, token)
|
||||
|
||||
_, err = sat.AddUser(ctx, console.CreateUser{
|
||||
|
@ -90,7 +90,7 @@
|
||||
</div>
|
||||
</div>
|
||||
<p v-if="isInvited" class="register-area__input-area__container__invitation-text">
|
||||
{{ inviterName }} ({{ inviterEmail }}) has invited you to the project {{ projectName }} on Storj. Create an account on the {{ satelliteName }} region to join {{ inviterName }} in the project.
|
||||
{{ inviterEmail }} has invited you to a project on Storj. Create an account on the {{ satelliteName }} region to join it.
|
||||
</p>
|
||||
<div class="register-area__input-area__toggle__container">
|
||||
<ul class="register-area__input-area__toggle__wrapper">
|
||||
@ -331,9 +331,7 @@ const viewConfig = ref<ViewConfig | null>(null);
|
||||
const secret = queryRef('token');
|
||||
|
||||
const email = queryRef('email');
|
||||
const inviterName = queryRef('inviter');
|
||||
const inviterEmail = queryRef('inviter_email');
|
||||
const projectName = queryRef('project');
|
||||
|
||||
const isTermsAccepted = ref(false);
|
||||
const password = ref('');
|
||||
@ -542,7 +540,7 @@ const partneredSatellites = computed((): PartneredSatellite[] => {
|
||||
* redirected from a project invitation link.
|
||||
*/
|
||||
const isInvited = computed((): boolean => {
|
||||
return !!inviterName.value && !!inviterEmail.value && !!projectName.value && !!email.value;
|
||||
return !!inviterEmail.value && !!email.value;
|
||||
});
|
||||
|
||||
/**
|
||||
|
Loading…
Reference in New Issue
Block a user