diff --git a/lib/web/account.js b/lib/web/account.js index d17ab2cb..2d2c803f 100644 --- a/lib/web/account.js +++ b/lib/web/account.js @@ -239,7 +239,7 @@ function handleNewChannel(req, res) { }); return; } - + db.channels.register(name, user.name, function (err, channel) { db.channels.listUserChannels(loginName, function (err2, channels) { sendJade(res, 'account-channels', { @@ -284,7 +284,7 @@ function handleDeleteChannel(req, res) { }); return; } - + db.channels.lookup(name, function (err, channel) { if (channel.owner !== user.name && user.global_rank < 255) { db.channels.listUserChannels(loginName, function (err2, channels) { @@ -330,7 +330,7 @@ function handleAccountProfilePage(req, res) { } db.users.getProfile(loginName, function (err, profile) { - if (err) { + if (err) { sendJade(res, 'account-profile', { loggedIn: true, loginName: loginName, @@ -355,7 +355,56 @@ function handleAccountProfilePage(req, res) { * Handles a POST request to edit a profile */ function handleAccountProfile(req, res) { - res.send(500); + logRequest(req); + + var loginName = false; + if (req.cookies.auth) { + loginName = req.cookies.auth.split(':')[0]; + } else { + sendJade(res, 'account-profile', { + loggedIn: false, + profileImage: "", + profileText: "", + profileError: "You must be logged in to edit your profile", + }); + return; + } + + var image = req.body.image; + var text = req.body.text; + + db.users.verifyAuth(req.cookies.auth, function (err, user) { + if (err) { + sendJade(res, 'account-profile', { + loggedIn: false, + profileImage: "", + profileText: "", + profileError: err + }); + return; + } + + db.users.setProfile(user.name, { image: image, text: text }, function (err) { + if (err) { + sendJade(res, 'account-profile', { + loggedIn: true, + loginName: user.name, + profileImage: "", + profileText: "", + profileError: err + }); + return; + } + + sendJade(res, 'account-profile', { + loggedIn: true, + loginName: user.name, + profileImage: image, + profileText: text, + profileError: false + }); + }); + }); } module.exports = { diff --git a/lib/web/auth.js b/lib/web/auth.js index 1015e3d1..3a12cbe5 100644 --- a/lib/web/auth.js +++ b/lib/web/auth.js @@ -4,14 +4,14 @@ * @author Calvin Montgomery */ -var jade = require('jade'); -var fs = require('fs'); -var path = require('path'); -var webserver = require('./webserver'); -var sendJade = require('./jade').sendJade; -var Logger = require('../logger'); -var $util = require('../utilities'); -var db = require('../database'); +var jade = require("jade"); +var fs = require("fs"); +var path = require("path"); +var webserver = require("./webserver"); +var sendJade = require("./jade").sendJade; +var Logger = require("../logger"); +var $util = require("../utilities"); +var db = require("../database"); /** * Processes a login request. Sets a cookie upon successful authentication @@ -20,7 +20,7 @@ function handleLogin(req, res) { var name = req.body.name; var password = req.body.password; - if (typeof name !== 'string' || typeof password !== 'string') { + if (typeof name !== "string" || typeof password !== "string") { res.send(400); return; } @@ -29,20 +29,42 @@ function handleLogin(req, res) { db.users.verifyLogin(name, password, function (err, user) { if (err) { - if (err === 'Invalid username/password combination') { - Logger.syslog.log('Login failed (bad password): ' + name - + '@' + webserver.ipForRequest(req)); + if (err === "Invalid username/password combination") { + Logger.syslog.log("Login failed (bad password): " + name + + "@" + webserver.ipForRequest(req)); } - sendJade(res, 'login', { + sendJade(res, "login", { loggedIn: false, loginError: err }); } else { - res.cookie('auth', user.name + ':' + user.hash, { + res.cookie("auth", user.name + ":" + user.hash, { expires: new Date(Date.now() + 60*60*1000), httpOnly: true }); - res.redirect("back"); + + // Try to find an appropriate redirect + var ref = req.header("referrer"); + if (!ref) { + ref = req.body.redirect; + } + + if (typeof ref !== "string") { + ref = ""; + } + + if (ref.match(/login|logout/)) { + ref = ""; + } + + if (ref) { + res.redirect(ref); + } else { + sendJade(res, "login", { + loggedIn: true, + loginName: user.name + }); + } } }); } @@ -52,9 +74,9 @@ function handleLogin(req, res) { */ function handleLoginPage(req, res) { if (req.cookies.auth) { - var split = req.cookies.auth.split(':'); + var split = req.cookies.auth.split(":"); if (split.length === 2) { - sendJade(res, 'login', { + sendJade(res, "login", { wasAlreadyLoggedIn: true, loggedIn: true, loginName: split[0] @@ -62,9 +84,9 @@ function handleLoginPage(req, res) { return; } } - sendJade(res, 'login', { + sendJade(res, "login", { loggedIn: false, - redirect: req.header('Referrer') + redirect: req.header("Referrer") }); } @@ -72,13 +94,26 @@ function handleLoginPage(req, res) { * Handles a request for /logout. Clears auth cookie */ function handleLogout(req, res) { - res.clearCookie('auth'); - res.redirect("back"); - /* - sendJade(res, 'logout', { - redirect: req.body.redirect || req.header('Referrer') - }); - */ + res.clearCookie("auth"); + // Try to find an appropriate redirect + var ref = req.header("referrer"); + if (!ref) { + ref = req.body.redirect; + } + + if (typeof ref !== "string") { + ref = ""; + } + + if (ref.match(/login|logout/)) { + ref = ""; + } + + if (ref) { + res.redirect(ref); + } else { + sendJade(res, "logout", {}); + } } /** @@ -86,16 +121,16 @@ function handleLogout(req, res) { */ function handleRegisterPage(req, res) { if (req.cookies.auth) { - var split = req.cookies.auth.split(':'); + var split = req.cookies.auth.split(":"); if (split.length === 2) { - sendJade(res, 'register', { + sendJade(res, "register", { loggedIn: true, loginName: split[0] }); return; } } - sendJade(res, 'register', { + sendJade(res, "register", { registered: false, registerError: false }); @@ -108,26 +143,26 @@ function handleRegister(req, res) { var name = req.body.name; var password = req.body.password; var email = req.body.email; - if (typeof email !== 'string') { - email = ''; + if (typeof email !== "string") { + email = ""; } var ip = webserver.ipForRequest(req); - if (typeof name !== 'string' || typeof password !== 'string') { + if (typeof name !== "string" || typeof password !== "string") { res.send(400); return; } if (name.length === 0) { - sendJade(res, 'register', { - registerError: 'Username must not be empty' + sendJade(res, "register", { + registerError: "Username must not be empty" }); return; } if (password.length === 0) { - sendJade(res, 'register', { - registerError: 'Password must not be empty' + sendJade(res, "register", { + registerError: "Password must not be empty" }); return; } @@ -135,21 +170,21 @@ function handleRegister(req, res) { password = password.substring(0, 100); if (email.length > 0 && !$util.isValidEmail(email)) { - sendJade(res, 'register', { - registerError: 'Invalid email address' + sendJade(res, "register", { + registerError: "Invalid email address" }); return; } db.users.register(name, password, email, ip, function (err) { if (err) { - sendJade(res, 'register', { + sendJade(res, "register", { registerError: err }); } else { - Logger.syslog.log(ip + ' registered account: ' + name + - (email.length > 0 ? ' <' + email + '>' : '')); - sendJade(res, 'register', { + Logger.syslog.log(ip + " registered account: " + name + + (email.length > 0 ? " <" + email + ">" : "")); + sendJade(res, "register", { registered: true, registerName: name, redirect: req.body.redirect @@ -163,10 +198,10 @@ module.exports = { * Initializes auth callbacks */ init: function (app) { - app.get('/login', handleLoginPage); - app.post('/login', handleLogin); - app.get('/logout', handleLogout); - app.get('/register', handleRegisterPage); - app.post('/register', handleRegister); + app.get("/login", handleLoginPage); + app.post("/login", handleLogin); + app.get("/logout", handleLogout); + app.get("/register", handleRegisterPage); + app.post("/register", handleRegister); } }; diff --git a/templates/account-profile.jade b/templates/account-profile.jade index ec853e04..ef7025ea 100644 --- a/templates/account-profile.jade +++ b/templates/account-profile.jade @@ -26,11 +26,10 @@ html(lang="en") .alert.alert-danger.center.messagebox strong Profile Error p= profileError - .media - a.pull-left(href="#") - img.media-object(src=profileImage, alt="Profile Image") - .media-body - = profileText + .profile-box(style="position: inherit") + img.profile-image(src=profileImage) + strong= loginName + p= profileText h3 Edit Profile form(action="/account/profile", method="post", role="form") .form-group @@ -38,8 +37,10 @@ html(lang="en") input#profileimage.form-control(type="text", name="image") .form-group label.control-label(for="profiletext") Text - textarea#profiletext.form-control(cols="10") + textarea#profiletext.form-control(cols="10", name="text")= profileText button.btn.btn-primary.btn-block(type="submit") Save include footer mixin footer() + script(type="text/javascript"). + $("#profileimage").val("#{profileImage}");