Add password reset emailer

This commit is contained in:
calzoneman 2013-05-30 14:07:29 -04:00
parent c8df4b036c
commit 5205afb9cd
6 changed files with 70 additions and 6 deletions

43
api.js
View File

@ -14,6 +14,7 @@ var Server = require("./server.js");
var Logger = require("./logger.js"); var Logger = require("./logger.js");
var apilog = new Logger.Logger("api.log"); var apilog = new Logger.Logger("api.log");
var Database = require("./database.js"); var Database = require("./database.js");
var Config = require("./config.js");
var fs = require("fs"); var fs = require("fs");
var plainHandlers = { var plainHandlers = {
@ -250,10 +251,52 @@ function handlePasswordReset(params, req, res) {
return; return;
} }
if(!Config.MAIL) {
sendJSON(res, {
success: false,
error: "This server does not have email enabled. Contact an administrator"
});
return;
}
var msg = [
"A password reset request was issued for your account `",
name,
"` on ",
Config.DOMAIN,
". This request is valid for 24 hours. ",
"If you did not initiate this, there is no need to take action. ",
"To reset your password, copy and paste the following link into ",
"your browser: ",
Config.DOMAIN,
"/reset.html?",
hash
].join("");
var mail = {
from: "CyTube Services <" + Config.MAIL_FROM + ">",
to: email,
subject: "Password reset request",
text: msg
};
Config.MAIL.sendMail(mail, function(err, response) {
if(err) {
Logger.errlog.log("Mail fail: " + err);
sendJSON(res, {
success: false,
error: "Email failed. Contact an admin if this persists."
});
}
else {
sendJSON(res, { sendJSON(res, {
success: true success: true
}); });
if(Config.DEBUG) {
Logger.syslog.log(response);
}
}
});
} }
function handlePasswordRecover(params, req, res) { function handlePasswordRecover(params, req, res) {

View File

@ -17,3 +17,21 @@ exports.IO_PORT = 1337; // Socket.IO port, DO NOT USE PORT 80.
exports.WEBSERVER_PORT = 8080; // Webserver port. Binding port 80 requires root permissions exports.WEBSERVER_PORT = 8080; // Webserver port. Binding port 80 requires root permissions
exports.MAX_PER_IP = 10; exports.MAX_PER_IP = 10;
exports.GUEST_LOGIN_DELAY = 60; // Seconds exports.GUEST_LOGIN_DELAY = 60; // Seconds
var nodemailer = require("nodemailer");
exports.MAIL = false;
/* Example for setting up email:
exports.MAIL = nodemailer.createTransport("SMTP", {
service: "Gmail",
auth: {
user: "some.user@gmail.com",
pass: "supersecretpassword"
}
});
See https://github.com/andris9/Nodemailer
*/
exports.MAIL_FROM = "some.user@gmail.com";
// Domain for password reset link
// Email sent goes to exports.DOMAIN/reset.html?resethash
exports.DOMAIN = "http://localhost";

View File

@ -655,8 +655,8 @@ function generatePasswordReset(ip, name, email) {
"`ip`, `name`, `hash`, `email`, `expire`", "`ip`, `name`, `hash`, `email`, `expire`",
") VALUES (", ") VALUES (",
"?, ?, ?, ?, ?", "?, ?, ?, ?, ?",
") ON DUPLICATE KEY UPDATE `expire`=?"].join(""), ") ON DUPLICATE KEY UPDATE `hash`=?,`expire`=?"].join(""),
[ip, name, hash, email, exp, exp] [ip, name, hash, email, exp, hash, exp]
); );
results = db.querySync(query); results = db.querySync(query);

View File

@ -11,6 +11,7 @@
"express": ">=3.2", "express": ">=3.2",
"mysql-libmysqlclient": "*", "mysql-libmysqlclient": "*",
"node_hash": "*", "node_hash": "*",
"bcrypt": "*" "bcrypt": "*",
"nodemailer": "*"
} }
} }

View File

@ -9,7 +9,7 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/ */
const VERSION = "1.9.2"; const VERSION = "1.9.3";
var fs = require("fs"); var fs = require("fs");
var Logger = require("./logger.js"); var Logger = require("./logger.js");

View File

@ -267,6 +267,7 @@ $("#cebtn").click(function() {
}); });
$("#rpbtn").click(function() { $("#rpbtn").click(function() {
$("#rpbtn").text("Sending...");
$("#pwresetpane").find(".alert-error").remove(); $("#pwresetpane").find(".alert-error").remove();
$("#pwresetpane").find(".alert-success").remove(); $("#pwresetpane").find(".alert-success").remove();
var name = $("#rpusername").val(); var name = $("#rpusername").val();
@ -278,6 +279,7 @@ $("#rpbtn").click(function() {
"email=" + email "email=" + email
].join("&") + "&callback=?"; ].join("&") + "&callback=?";
$.getJSON(url, function(data) { $.getJSON(url, function(data) {
$("#rpbtn").text("Send Reset");
if(data.success) { if(data.success) {
$("<div/>").addClass("alert alert-success") $("<div/>").addClass("alert alert-success")
.text("Password reset link issued. Check your email.") .text("Password reset link issued. Check your email.")