From fefab766bae52fecf20736852eccefbae6a021e9 Mon Sep 17 00:00:00 2001
From: Marcelo Schmidt <marcelo.schmidt@gmail.com>
Date: Tue, 1 Dec 2015 15:49:04 -0200
Subject: [PATCH] Secret URL registration. Closes #1507

---
 client/routes/router.coffee                      | 16 +++++++++++++++-
 i18n/en.i18n.json                                |  3 +++
 packages/rocketchat-lib/package.js               |  1 +
 .../methods/checkRegistrationSecretURL.coffee    |  4 ++++
 .../assets/stylesheets/base.less                 | 12 ++++++++++++
 packages/rocketchat-ui-login/login/form.coffee   | 13 ++++++++++++-
 .../rocketchat-ui-master/master/blankLayout.html | 12 ++++++++++++
 packages/rocketchat-ui-master/package.js         |  3 ++-
 packages/rocketchat-ui/package.js                |  1 +
 .../views/404/invalidSecretURL.html              |  8 ++++++++
 server/methods/registerUser.coffee               |  3 +++
 11 files changed, 73 insertions(+), 3 deletions(-)
 create mode 100644 packages/rocketchat-lib/server/methods/checkRegistrationSecretURL.coffee
 create mode 100644 packages/rocketchat-ui-master/master/blankLayout.html
 create mode 100644 packages/rocketchat-ui/views/404/invalidSecretURL.html

diff --git a/client/routes/router.coffee b/client/routes/router.coffee
index 951fba472127..a0c46837f1e6 100644
--- a/client/routes/router.coffee
+++ b/client/routes/router.coffee
@@ -100,6 +100,20 @@ FlowRouter.route '/room-not-found/:type/:name',
 
 FlowRouter.route '/fxos',
 	name: 'firefox-os-install'
-	
+
 	action: ->
 		BlazeLayout.render 'fxOsInstallPrompt'
+
+FlowRouter.route '/register/:hash',
+	name: 'register-secret-url'
+	action: (params) ->
+		if RocketChat.settings.get('Accounts_RegistrationForm') is 'Secret URL'
+			Meteor.call 'checkRegistrationSecretURL', params.hash, (err, success) ->
+				if success
+					Session.set 'loginDefaultState', 'register'
+					BlazeLayout.render 'main', {center: 'home'}
+					KonchatNotification.getDesktopPermission()
+				else
+					BlazeLayout.render 'blankLayout', { render: 'invalidSecretURL' }
+		else
+			BlazeLayout.render 'blankLayout', { render: 'invalidSecretURL' }
diff --git a/i18n/en.i18n.json b/i18n/en.i18n.json
index 786afad2d49f..fd9b9d2b84f3 100644
--- a/i18n/en.i18n.json
+++ b/i18n/en.i18n.json
@@ -54,6 +54,7 @@
   "Accounts_RegistrationForm_LinkReplacementText": "Registration Form Link Replacement Text",
   "Accounts_RegistrationForm_Secret_URL" : "Secret URL",
   "Accounts_RegistrationForm_SecretURL" : "Registration Form Secret URL",
+  "Accounts_RegistrationForm_SecretURL_Description" : "You must provide a random string that will be added to your registration URL. Example: https://demo.rocket.chat/register/[secret_hash]",
   "Accounts_RegistrationRequired" : "Registration Required",
   "Accounts_RequireNameForSignUp" : "Require Name For Signup",
   "Accounts_Enrollment_Email" : "Enrollment E-mail",
@@ -168,6 +169,8 @@
   "Install_FxOs_error" : "Sorry, that did not work as intended! The following error appeared:",
   "Install_FxOs_follow_instructions" : "Please confirm the app installation on your device (press \"Install\" when prompted).",
   "Invalid_confirm_pass" : "The password confirmation does not match password",
+  "Invalid_Secret_URL" : "Invalid Secret URL",
+  "Invalid_secret_URL_message" : "The URL provided is invalid.",
   "Invalid_email" : "The e-mail entered is invalid",
   "Invalid_name" : "The name must not be empty",
   "Invalid_pass" : "The password must not be empty",
diff --git a/packages/rocketchat-lib/package.js b/packages/rocketchat-lib/package.js
index 82eabf206787..253ef074f5e5 100644
--- a/packages/rocketchat-lib/package.js
+++ b/packages/rocketchat-lib/package.js
@@ -53,6 +53,7 @@ Package.onUse(function(api) {
 
 	// SERVER METHODS
 	api.addFiles('server/methods/addOAuthService.coffee', 'server');
+	api.addFiles('server/methods/checkRegistrationSecretURL.coffee', 'server');
 	api.addFiles('server/methods/joinDefaultChannels.coffee', 'server');
 	api.addFiles('server/methods/removeOAuthService.coffee', 'server');
 	api.addFiles('server/methods/robotMethods.coffee', 'server');
diff --git a/packages/rocketchat-lib/server/methods/checkRegistrationSecretURL.coffee b/packages/rocketchat-lib/server/methods/checkRegistrationSecretURL.coffee
new file mode 100644
index 000000000000..a69c22fffe43
--- /dev/null
+++ b/packages/rocketchat-lib/server/methods/checkRegistrationSecretURL.coffee
@@ -0,0 +1,4 @@
+Meteor.methods
+	checkRegistrationSecretURL: (hash) ->
+		console.log '[method] checkRegistrationSecretURL'.green, hash
+		return hash is RocketChat.settings.get 'Accounts_RegistrationForm_SecretURL'
diff --git a/packages/rocketchat-theme/assets/stylesheets/base.less b/packages/rocketchat-theme/assets/stylesheets/base.less
index 0fce46b4c8fe..bfa3d0bf2610 100644
--- a/packages/rocketchat-theme/assets/stylesheets/base.less
+++ b/packages/rocketchat-theme/assets/stylesheets/base.less
@@ -4055,3 +4055,15 @@ a.github-fork {
 .inline-video {
 	max-height: 200px;
 }
+
+.attention-message {
+	color: white;
+	padding-top: 50px;
+	font-size: 24px;
+
+	i {
+		display: block;
+		margin-bottom: 20px;
+		font-size: 40px;
+	}
+}
diff --git a/packages/rocketchat-ui-login/login/form.coffee b/packages/rocketchat-ui-login/login/form.coffee
index 27055085b1ae..2a74b14ccfe0 100644
--- a/packages/rocketchat-ui-login/login/form.coffee
+++ b/packages/rocketchat-ui-login/login/form.coffee
@@ -52,7 +52,7 @@ Template.loginForm.helpers
 		return RocketChat.settings.get 'Layout_Login_Terms'
 
 	registrationAllowed: ->
-		return RocketChat.settings.get('Accounts_RegistrationForm') is 'Public'
+		return RocketChat.settings.get('Accounts_RegistrationForm') is 'Public' or Template.instance().validSecretURL?.get()
 
 	linkReplacementText: ->
 		return RocketChat.settings.get('Accounts_RegistrationForm_LinkReplacementText')
@@ -81,6 +81,7 @@ Template.loginForm.events
 				return
 
 			if instance.state.get() is 'register'
+				formData.secretURL = FlowRouter.getParam 'hash'
 				Meteor.call 'registerUser', formData, (error, result) ->
 					RocketChat.Button.reset(button)
 
@@ -125,8 +126,13 @@ Template.loginForm.onCreated ->
 	instance = @
 	if Meteor.settings.public.sandstorm
 		@state = new ReactiveVar('sandstorm')
+	else if Session.get 'loginDefaultState'
+		@state = new ReactiveVar(Session.get 'loginDefaultState')
 	else
 		@state = new ReactiveVar('login')
+
+	@validSecretURL = new ReactiveVar(false)
+
 	@validate = ->
 		formData = $("#login-card").serializeArray()
 		formObj = {}
@@ -162,7 +168,12 @@ Template.loginForm.onCreated ->
 		$("#login-card input.error").removeClass "error"
 		return formObj
 
+	if FlowRouter.getParam('hash')
+		Meteor.call 'checkRegistrationSecretURL', FlowRouter.getParam('hash'), (err, success) =>
+			@validSecretURL.set true
+
 Template.loginForm.onRendered ->
+	Session.set 'loginDefaultState'
 	Tracker.autorun =>
 		switch this.state.get()
 			when 'login', 'forgot-password', 'email-verification'
diff --git a/packages/rocketchat-ui-master/master/blankLayout.html b/packages/rocketchat-ui-master/master/blankLayout.html
new file mode 100644
index 000000000000..a75928f8866c
--- /dev/null
+++ b/packages/rocketchat-ui-master/master/blankLayout.html
@@ -0,0 +1,12 @@
+<template name="blankLayout">
+	<section class="full-page">
+		<div class="wrapper">
+			<header>
+				<a class="logo" href="/">
+					<img src="/images/logo/logo.svg?v=3" />
+				</a>
+			</header>
+			{{> Template.dynamic template=render}}
+		</div>
+	</section>
+</template>
diff --git a/packages/rocketchat-ui-master/package.js b/packages/rocketchat-ui-master/package.js
index 280af721a3fa..506a740b7dd0 100644
--- a/packages/rocketchat-ui-master/package.js
+++ b/packages/rocketchat-ui-master/package.js
@@ -25,6 +25,7 @@ Package.onUse(function(api) {
 	api.addFiles('master/main.html', 'client');
 	api.addFiles('master/loading.html', 'client');
 	api.addFiles('master/error.html', 'client');
+	api.addFiles('master/blankLayout.html', 'client');
 
 	api.addFiles('master/main.coffee', 'client');
-});
\ No newline at end of file
+});
diff --git a/packages/rocketchat-ui/package.js b/packages/rocketchat-ui/package.js
index 97aa9cda8346..55c85b1c1e41 100644
--- a/packages/rocketchat-ui/package.js
+++ b/packages/rocketchat-ui/package.js
@@ -73,6 +73,7 @@ Package.onUse(function(api) {
 	api.addFiles('views/fxos.html', 'client');
 	api.addFiles('views/modal.html', 'client');
 	api.addFiles('views/404/roomNotFound.html', 'client');
+	api.addFiles('views/404/invalidSecretURL.html', 'client');
 	api.addFiles('views/app/audioNotification.html', 'client');
 	api.addFiles('views/app/burguer.html', 'client');
 	api.addFiles('views/app/home.html', 'client');
diff --git a/packages/rocketchat-ui/views/404/invalidSecretURL.html b/packages/rocketchat-ui/views/404/invalidSecretURL.html
new file mode 100644
index 000000000000..e3482d4500f6
--- /dev/null
+++ b/packages/rocketchat-ui/views/404/invalidSecretURL.html
@@ -0,0 +1,8 @@
+<template name="invalidSecretURL">
+	<div class="content">
+		<div class="attention-message">
+			<i class="icon-attention"></i>
+			{{_ 'Invalid_secret_URL_message'}}
+		</div>
+	</div>
+</template>
diff --git a/server/methods/registerUser.coffee b/server/methods/registerUser.coffee
index 08513c97b3a2..d441143015d1 100644
--- a/server/methods/registerUser.coffee
+++ b/server/methods/registerUser.coffee
@@ -3,6 +3,9 @@ Meteor.methods
 		if RocketChat.settings.get('Accounts_RegistrationForm') is 'Disabled'
 			throw new Meteor.Error 'registration-disabled', 'User registration is disabled'
 
+		else if RocketChat.settings.get('Accounts_RegistrationForm') is 'Secret URL' and (not formData.secretURL or formData.secretURL isnt RocketChat.settings.get('Accounts_RegistrationForm_SecretURL'))
+			throw new Meteor.Error 'registration-disabled', 'User registration is only allowed via Secret URL'
+
 		userData =
 			email: formData.email
 			password: formData.pass