From 65ef082a643689708276b7ec304eadc88ffaf31c Mon Sep 17 00:00:00 2001 From: calzoneman Date: Thu, 23 Jan 2014 22:59:08 -0600 Subject: [PATCH] SSL fixes; work on password reset --- lib/web/account.js | 78 +++++++++++++++++++++++++++- templates/account-passwordreset.jade | 37 +++++++++++++ templates/channel.jade | 2 +- www/assets/js/callbacks.js | 27 +++++----- www/assets/js/util.js | 2 +- 5 files changed, 129 insertions(+), 17 deletions(-) create mode 100644 templates/account-passwordreset.jade diff --git a/lib/web/account.js b/lib/web/account.js index 5591409c..f06de7ae 100644 --- a/lib/web/account.js +++ b/lib/web/account.js @@ -9,7 +9,6 @@ var logRequest = webserver.logRequest; var sendJade = require('./jade').sendJade; var Logger = require('../logger'); var db = require('../database'); -//var dbchannels = require('../database/channels'); var $util = require('../utilities'); /** @@ -419,6 +418,81 @@ function handleAccountProfile(req, res) { }); } +/** + * Handles a GET request for /account/passwordreset + */ +function handlePasswordResetPage(req, res) { + if (webserver.redirectHttps(req, res)) { + return; + } + + logRequest(req); + + sendJade(res, "account-passwordreset", { + reset: false, + resetEmail: "", + resetErr: false + }); +} + +/** + * Handles a POST request to reset a user's password + */ +function handlePasswordReset(req, res) { + logRequest(req); + + var name = req.body.name, + email = req.body.email; + + if (typeof name !== "string" || typeof email !== "string") { + res.send(400); + return; + } + + if (!$util.isValidUserName(name)) { + sendJade(res, "account-passwordreset", { + reset: false, + resetEmail: "", + resetErr: "Invalid username '" + name + "'" + }); + return; + } + + db.users.getEmail(name, function (err, actualEmail) { + if (err) { + sendJade(res, "account-passwordreset", { + reset: false, + resetEmail: "", + resetErr: err + }); + return; + } + + if (actualEmail !== email.trim()) { + sendJade(res, "account-passwordreset", { + reset: false, + resetEmail: "", + resetErr: "Provided email does not match the email address on record for " + name + }); + return; + } else if (actualEmail === "") { + sendJade(res, "account-passwordreset", { + reset: false, + resetEmail: "", + resetErr: name + " doesn't have an email address on record. Please contact an " + + "administrator to manually reset your password." + }); + return; + } + + sendJade(res, "account-passwordreset", { + reset: true, + resetEmail: user.email, + resetErr: false + }); + }); +} + module.exports = { /** * Initialize the module @@ -430,5 +504,7 @@ module.exports = { app.post('/account/channels', handleAccountChannel); app.get('/account/profile', handleAccountProfilePage); app.post('/account/profile', handleAccountProfile); + app.get("/account/passwordreset", handlePasswordResetPage); + app.post("/account/passwordreset", handlePasswordReset); } }; diff --git a/templates/account-passwordreset.jade b/templates/account-passwordreset.jade new file mode 100644 index 00000000..def05b12 --- /dev/null +++ b/templates/account-passwordreset.jade @@ -0,0 +1,37 @@ +doctype html +html(lang="en") + head + include head + mixin head() + body + #wrap + nav.navbar.navbar-inverse.navbar-fixed-top(role="navigation") + include nav + mixin navheader() + #nav-collapsible.collapse.navbar-collapse + ul.nav.navbar-nav + mixin navdefaultlinks("/account/passwordreset") + mixin navloginlogout("/account/passwordreset") + section#mainpage + .container + .col-lg-6.col-lg-offset-3.col-md-6.col-md-offset-3 + h3 Reset Password + if reset + .alert.alert-success.center.messagebox + strong Password reset request sent + p Please check #{resetEmail} for your recovery link. + else if resetErr + .alert.alert-danger.center.messagebox + strong Error + p= resetErr + form(action="/account/passwordreset", method="post", role="form") + .form-group + label.control-label(for="username") Username + input#username.form-control(type="text", name="name") + .form-group + label.control-label(for="email") Email address + input#email.form-control(type="email", name="email") + button.btn.btn-primary.btn-block(type="submit") Send reset request + + include footer + mixin footer() diff --git a/templates/channel.jade b/templates/channel.jade index e82a4e09..b7efb4f8 100644 --- a/templates/channel.jade +++ b/templates/channel.jade @@ -186,8 +186,8 @@ html(lang="en") include footer mixin footer() script(src=sioSource) - script(src="/sioconfig") script(src="/assets/js/data.js") + script(src="/sioconfig") script(src="/assets/js/util.js") script(src="/assets/js/player.js") script(src="/assets/js/paginator.js") diff --git a/www/assets/js/callbacks.js b/www/assets/js/callbacks.js index dc307642..c555a92f 100644 --- a/www/assets/js/callbacks.js +++ b/www/assets/js/callbacks.js @@ -1040,20 +1040,19 @@ setupCallbacks = function() { } } -$.getScript(IO_URL+"/socket.io/socket.io.js", function() { - try { - if(NO_WEBSOCKETS || USEROPTS.altsocket) { - var i = io.transports.indexOf("websocket"); - if(i >= 0) - io.transports.splice(i, 1); +try { + if (NO_WEBSOCKETS || USEROPTS.altsocket) { + var i = io.transports.indexOf("websocket"); + if (i >= 0) { + io.transports.splice(i, 1); } - var opts = {}; - if (location.protocol === "https:") - opts.secure = true; - socket = io.connect(IO_URL); - setupCallbacks(); } - catch(e) { - Callbacks.disconnect(); + var opts = {}; + if (location.protocol === "https:" || USEROPTS.secure_connection) { + opts.secure = true; } -}); + socket = io.connect(IO_URL, opts); + setupCallbacks(); +} catch (e) { + Callbacks.disconnect(); +} diff --git a/www/assets/js/util.js b/www/assets/js/util.js index 9d536924..04c8511e 100644 --- a/www/assets/js/util.js +++ b/www/assets/js/util.js @@ -829,7 +829,6 @@ function handleModPermissions() { setParentVisible("a[href='#cs-filtereditor']", CLIENT.rank >= 3); setParentVisible("a[href='#cs-chanranks']", CLIENT.rank >= 3); setParentVisible("a[href='#cs-chanlog']", CLIENT.rank >= 3); - $("#qlockbtn").attr("disabled", !hasPermission("playlistlock")); $("#cs-chatfilters-import").attr("disabled", !hasPermission("filterimport")); } @@ -838,6 +837,7 @@ function handlePermissionChange() { handleModPermissions(); } + $("#qlockbtn").attr("disabled", !hasPermission("playlistlock")); setVisible("#showchansettings", CLIENT.rank >= 2); setVisible("#playlistmanagerwrap", CLIENT.rank >= 1); setVisible("#modflair", CLIENT.rank >= 2);