moon
/
sync
mirror of https://github.com/calzoneman/sync.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Refactor password change and reset

This commit is contained in:
calzoneman 2013-08-11 18:23:20 -04:00
parent d266175d5b
commit c4588fab49
1 changed files with 112 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

127
api.js
View File

@ -54,6 +54,11 @@ module.exports = function (Server) {
var app = Server.app; var app = Server.app;
/* <https://en.wikipedia.org/wiki/Hyper_Text_Coffee_Pot_Control_Protocol> */
app.get("/api/coffee", function (req, res) {
res.send(418); // 418 I'm a teapot
});
/* REGION channels */ /* REGION channels */
/* data about a specific channel */ /* data about a specific channel */
@ -165,48 +170,62 @@ module.exports = function (Server) {
}); });
}); });
var x = { /* password change */
handlePasswordChange: function (params, req, res) { app.get("/api/account/passwordchange", function (req, res) {
var name = params.name || ""; res.type("application/jsonp");
var oldpw = params.oldpw || "";
var newpw = params.newpw || ""; var name = req.body.name;
if(oldpw == "" || newpw == "") { var oldpw = req.body.oldpw;
this.sendJSON(res, { var newpw = req.body.newpw;
if(!oldpw || !newpw) {
res.jsonp({
success: false, success: false,
error: "Old password and new password cannot be empty" error: "Password cannot be empty"
}); });
return; return;
} }
var row = Auth.login(name, oldpw); var row = Auth.login(name, oldpw);
if(row) { if(!row) {
res.jsonp({
success: false,
error: "Invalid username/password combination"
});
return;
}
ActionLog.record(getIP(req), name, "password-change"); ActionLog.record(getIP(req), name, "password-change");
var success = Auth.setUserPassword(name, newpw); var success = Auth.setUserPassword(name, newpw);
this.sendJSON(res, {
success: success, if(!success) {
error: success ? "" : "Change password failed", res.jsonp({
success: false,
error: "Server error. Please try again or ask an "+
"administrator for assistance."
});
return;
}
res.jsonp({
success: true,
session: row.session_hash session: row.session_hash
}); });
}
else {
this.sendJSON(res, {
success: false,
error: "Invalid username/password"
}); });
}
},
handlePasswordReset: function (params, req, res) { /* password reset */
var name = params.name || ""; app.get("/api/account/passwordreset", function (req, res) {
var email = params.email || ""; res.type("application/jsonp");
var name = req.body.name;
var email = req.body.email;
var ip = getIP(req); var ip = getIP(req);
var hash = false; var hash = false;
try { try {
hash = Server.db.generatePasswordReset(ip, name, email); hash = Server.db.generatePasswordReset(ip, name, email);
ActionLog.record(ip, name, "password-reset-generate", email); ActionLog.record(ip, name, "password-reset-generate", email);
} } catch(e) {
catch(e) { res.jsonp({
this.sendJSON(res, {
success: false, success: false,
error: e error: e
}); });
@ -214,60 +233,54 @@ module.exports = function (Server) {
} }
if(!Server.cfg["enable-mail"]) { if(!Server.cfg["enable-mail"]) {
this.sendJSON(res, { res.jsonp({
success: false, success: false,
error: "This server does not have email enabled. Contact an administrator" error: "This server does not have email recovery enabled."+
" Contact an administrator for assistance."
}); });
return; return;
} }
if(!email) { if(!email) {
this.sendJSON(res, { res.jsonp({
success: false, success: false,
error: "You don't have a recovery email address set. Contact an administrator" error: "You don't have a recovery email address set. "+
"Contact an administrator for assistance."
}); });
return; return;
} }
var msg = [
"A password reset request was issued for your account `", var msg = "A password reset request was issued for your account '"+
name, name + "' on " + Server.cfg["domain"] + ". This request"+
"` on ", " is valid for 24 hours. If you did not initiate this, "+
Server.cfg["domain"], "there is no need to take action. To reset your "+
". This request is valid for 24 hours. ", "password, copy and paste the following link into your "+
"If you did not initiate this, there is no need to take action. ", "browser: " + Server.cfg["domain"] + "/reset.html?"+hash;
"To reset your password, copy and paste the following link into ",
"your browser: ",
Server.cfg["domain"],
"/reset.html?",
hash
].join("");
var mail = { var mail = {
from: "CyTube Services <" + Server.cfg["mail-from"] + ">", from: "CyTube Services <" + Server.cfg["mail-from"] + ">",
to: email, to: emial,
subject: "Password reset request", subject: "Password reset request",
text: msg text: msg
}; };
var api = this;
Server.cfg["nodemailer"].sendMail(mail, function(err, response) { Server.cfg["nodemailer"].sendMail(mai, function (err, response) {
if(err) { if(err) {
Logger.errlog.log("Mail fail: " + err); Logger.errlog.log("mail fail: " + err);
api.sendJSON(res, { res.jsonp({
success: false, success: false,
error: "Email failed. Contact an admin if this persists." error: "Email send failed. Contact an administrator "+
"if this persists"
}); });
} } else {
else { res.jsonp({
api.sendJSON(res, {
success: true success: true
}); });
if(Server.cfg["debug"]) {
Logger.syslog.log(response);
}
} }
}); });
}, });
var x = {
handlePasswordRecover: function (params, req, res) { handlePasswordRecover: function (params, req, res) {
var hash = params.hash || ""; var hash = params.hash || "";
var ip = getIP(req); var ip = getIP(req);