From 0f9c2018d948d6ad7c4d0b6631d298a2e54fff1b Mon Sep 17 00:00:00 2001
From: Pierre Lehnen <pierre.lehnen@rocket.chat>
Date: Tue, 12 May 2020 03:38:09 -0300
Subject: [PATCH] [FIX] Secret Registration not properly validating URL

---
 server/methods/registerUser.js | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/server/methods/registerUser.js b/server/methods/registerUser.js
index d95098efcae06..4dcce06944575 100644
--- a/server/methods/registerUser.js
+++ b/server/methods/registerUser.js
@@ -46,12 +46,14 @@ Meteor.methods({
 		}
 
 		if (settings.get('Accounts_RegistrationForm') === 'Secret URL' && (!formData.secretURL || formData.secretURL !== settings.get('Accounts_RegistrationForm_SecretURL'))) {
-			if (formData.secretURL) {
-				try {
-					validateInviteToken(formData.secretURL);
-				} catch (e) {
-					throw new Meteor.Error('error-user-registration-secret', 'User registration is only allowed via Secret URL', { method: 'registerUser' });
-				}
+			if (!formData.secretURL) {
+				throw new Meteor.Error('error-user-registration-secret', 'User registration is only allowed via Secret URL', { method: 'registerUser' });
+			}
+
+			try {
+				validateInviteToken(formData.secretURL);
+			} catch (e) {
+				throw new Meteor.Error('error-user-registration-secret', 'User registration is only allowed via Secret URL', { method: 'registerUser' });
 			}
 		}