Merge pull request #10905 from nanaya/client-check-reg

Add client check on registration and allow enabling both registration modes

.env.example

@@ -225,6 +225,8 @@ CLIENT_CHECK_VERSION=false
 # CHAT_PUBLIC_BACKLOG_LIMIT_HOURS=24
 
 # ALLOW_REGISTRATION=true
+# REGISTRATION_MODE_CLIENT=true
+# REGISTRATION_MODE_WEB=false
 
 # USER_ALLOW_EMAIL_LOGIN=true
 # USER_BYPASS_VERIFICATION=false

app/Http/Controllers/UsersController.php

@@ -9,6 +9,7 @@
 use App\Exceptions\UserProfilePageLookupException;
 use App\Exceptions\ValidationException;
 use App\Http\Middleware\RequestCost;
+use App\Libraries\ClientCheck;
 use App\Libraries\RateLimiter;
 use App\Libraries\Search\ForumSearch;
 use App\Libraries\Search\ForumSearchRequestParams;
@@ -33,6 +34,7 @@
 use NoCaptcha;
 use Request;
 use Sentry\State\Scope;
+use Symfony\Component\HttpKernel\Exception\HttpException;
 
 /**
  * @group Users
@@ -103,6 +105,14 @@ public function __construct()
         parent::__construct();
     }
 
+    private static function storeClientDisabledError()
+    {
+        return response([
+            'error' => osu_trans('users.store.from_web'),
+            'url' => route('users.create'),
+        ], 403);
+    }
+
     public function card($id)
     {
         try {
@@ -116,7 +126,7 @@ public function card($id)
 
     public function create()
     {
-        if ($GLOBALS['cfg']['osu']['user']['registration_mode'] !== 'web') {
+        if (!$GLOBALS['cfg']['osu']['user']['registration_mode']['web']) {
             return abort(403, osu_trans('users.store.from_client'));
         }
 
@@ -210,23 +220,28 @@ public function extraPages($_id, $page)
 
     public function store()
     {
-        if ($GLOBALS['cfg']['osu']['user']['registration_mode'] !== 'client') {
-            return response([
-                'error' => osu_trans('users.store.from_web'),
-                'url' => route('users.create'),
-            ], 403);
+        if (!$GLOBALS['cfg']['osu']['user']['registration_mode']['client']) {
+            return static::storeClientDisabledError();
         }
 
-        if (!starts_with(Request::header('User-Agent'), $GLOBALS['cfg']['osu']['client']['user_agent'])) {
+        $request = \Request::instance();
+
+        if (!starts_with($request->header('User-Agent'), $GLOBALS['cfg']['osu']['client']['user_agent'])) {
             return error_popup(osu_trans('users.store.from_client'), 403);
         }
 
-        return $this->storeUser(request()->all());
+        try {
+            ClientCheck::parseToken($request);
+        } catch (HttpException $e) {
+            return static::storeClientDisabledError();
+        }
+
+        return $this->storeUser($request->all());
     }
 
     public function storeWeb()
     {
-        if ($GLOBALS['cfg']['osu']['user']['registration_mode'] !== 'web') {
+        if (!$GLOBALS['cfg']['osu']['user']['registration_mode']['web']) {
             return error_popup(osu_trans('users.store.from_client'), 403);
         }
 
@@ -984,13 +999,13 @@ private function storeUser(array $rawParams)
                 );
             }
 
-            if ($GLOBALS['cfg']['osu']['user']['registration_mode'] === 'web') {
+            if (is_json_request()) {
+                return json_item($user->fresh(), new CurrentUserTransformer());
+            } else {
                 $this->login($user);
                 session()->flash('popup', osu_trans('users.store.saved'));
 
                 return ujs_redirect(route('home'));
-            } else {
-                return json_item($user->fresh(), new CurrentUserTransformer());
             }
         } catch (ValidationException $e) {
             return ModelNotSavedException::makeResponse($e, [

config/osu.php

@@ -270,14 +270,18 @@
             'key_length' => 8,
             'tries' => 8,
         ],
-        'registration_mode' => presence(env('REGISTRATION_MODE')) ?? 'client',
         'super_friendly' => array_map('intval', explode(' ', env('SUPER_FRIENDLY', '3'))),
         'ban_persist_days' => get_int(env('BAN_PERSIST_DAYS')) ?? 28,
 
         'country_change' => [
             'max_mixed_months' => get_int(env('USER_COUNTRY_CHANGE_MAX_MIXED_MONTHS')) ?? 2,
             'min_months' => get_int(env('USER_COUNTRY_CHANGE_MIN_MONTHS')) ?? 6,
         ],
+
+        'registration_mode' => [
+            'client' => get_bool(env('REGISTRATION_MODE_CLIENT')) ?? true,
+            'web' => get_bool(env('REGISTRATION_MODE_WEB')) ?? false,
+        ],
     ],
     'user_report_notification' => [
         'endpoint_cheating' => presence(env('USER_REPORT_NOTIFICATION_ENDPOINT_CHEATING')),

tests/Controllers/UsersControllerTest.php

@@ -50,9 +50,10 @@ public function testStore()
         $this->assertSame($previousCount + 1, User::count());
     }
 
-    public function testStoreRegModeWeb()
+    public function testStoreRegModeWebOnly()
     {
-        config_set('osu.user.registration_mode', 'web');
+        config_set('osu.user.registration_mode.client', false);
+        config_set('osu.user.registration_mode.web', true);
         $this->expectCountChange(fn () => User::count(), 0);
 
         $this
@@ -131,8 +132,11 @@ public function testStoreInvalid()
         $this->assertSame($previousCount, User::count());
     }
 
-    public function testStoreWebRegModeClient()
+    public function testStoreWebRegModeClientOnly()
     {
+        config_set('osu.user.registration_mode.client', true);
+        config_set('osu.user.registration_mode.web', false);
+
         $this->expectCountChange(fn () => User::count(), 0);
 
         $this->post(route('users.store'), [
@@ -149,7 +153,7 @@ public function testStoreWebRegModeClient()
 
     public function testStoreWeb(): void
     {
-        config_set('osu.user.registration_mode', 'web');
+        config_set('osu.user.registration_mode.web', true);
         $this->expectCountChange(fn () => User::count(), 1);
 
         $this->post(route('users.store-web'), [
@@ -168,7 +172,7 @@ public function testStoreWeb(): void
      */
     public function testStoreWebInvalidParams($username, $email, $emailConfirmation, $password, $passwordConfirmation): void
     {
-        config_set('osu.user.registration_mode', 'web');
+        config_set('osu.user.registration_mode.web', true);
         $this->expectCountChange(fn () => User::count(), 0);
 
         $this->post(route('users.store-web'), [
@@ -184,7 +188,7 @@ public function testStoreWebInvalidParams($username, $email, $emailConfirmation,
 
     public function testStoreWebLoggedIn(): void
     {
-        config_set('osu.user.registration_mode', 'web');
+        config_set('osu.user.registration_mode.web', true);
         $user = User::factory()->create();
 
         $this->expectCountChange(fn () => User::count(), 0);