Start updating auth dependencies

This commit is contained in:
calzoneman 2013-08-16 11:01:31 -05:00
parent f523649f54
commit f46169fbe3
3 changed files with 161 additions and 103 deletions

14
acp.js
View File

@ -9,8 +9,6 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
var Auth = require("./auth");
module.exports = function (Server) {
var db = Server.db;
var ActionLog = require("./actionlog")(Server);
@ -68,7 +66,8 @@ module.exports = function (Server) {
});
user.socket.on("acp-reset-password", function(data) {
if(Auth.getGlobalRank(data.name) >= user.global_rank)
db.getGlobalRank(data.name, function (err, rank) {
if(err || rank >= user.global_rank)
return;
db.genPasswordReset(user.ip, data.name, data.email,
@ -88,22 +87,25 @@ module.exports = function (Server) {
"acp-reset-password", data.name);
});
});
});
user.socket.on("acp-set-rank", function(data) {
if(data.rank < 1 || data.rank >= user.global_rank)
return;
if(Auth.getGlobalRank(data.name) >= user.global_rank)
db.getGlobalRank(data.name, function (err, rank) {
if(err || rank >= user.global_rank)
return;
db.setGlobalRank(data.name, data.rank, function (err, res) {
db.setGlobalRank(data.name, data.rank,
function (err, res) {
ActionLog.record(user.ip, user.name, "acp-set-rank",
data);
if(!err)
user.socket.emit("acp-set-rank", data);
});
});
});
user.socket.on("acp-list-loaded", function() {
var chans = [];

103
api.js
View File

@ -9,7 +9,6 @@ The above copyright notice and this permission notice shall be included in all c
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
*/
var Auth = require("./auth");
var Logger = require("./logger");
var ActionLog = require("./actionlog");
var fs = require("fs");
@ -94,21 +93,40 @@ module.exports = function (Server) {
if(filter !== "public") {
var name = query.name || "";
var session = query.session || "";
var row = Auth.login(name, "", session);
if(!row || row.global_rank < 255) {
db.userLoginSession(name, session, function (err, row) {
if(err) {
if(err !== "Invalid session" &&
err !== "Session expired") {
res.send(500);
} else {
res.send(403);
}
return;
}
if(row.global_rank < 255) {
res.send(403);
return;
}
var channels = [];
for(var key in Server.channels) {
var channel = Server.channels[key];
if(channel.opts.show_public) {
channels.push(getChannelData(channel));
} else if(filter !== "public") {
channels.push(getChannelData(channel));
}
res.type("application/jsonp");
res.jsonp(channels);
});
}
// If we get here, the filter is public channels
var channels = [];
for(var key in Server.channels) {
var channel = Server.channels[key];
if(channel.opts.show_public)
channels.push(getChannelData(channel));
}
res.type("application/jsonp");
@ -136,26 +154,18 @@ module.exports = function (Server) {
return;
}
var row = Auth.login(name, pw, session);
if(!row) {
if(session && !pw) {
db.userLogin(name, pw, session, function (err, row) {
if(err) {
if(err !== "Session expired")
ActionLog.record(getIP(req), name, "login-failure");
res.jsonp({
success: false,
error: "Session expired"
error: err
});
return;
} else {
ActionLog.record(getIP(req), name, "login-failure",
"invalid_password");
res.jsonp({
success: false,
error: "Provided username/password pair is invalid"
});
return;
}
}
// record the login if the user is an administrator
// Only record login-success for admins
if(row.global_rank >= 255)
ActionLog.record(getIP(req), name, "login-success");
@ -165,6 +175,7 @@ module.exports = function (Server) {
session: row.session_hash
});
});
});
/* register an account */
app.post("/api/register", function (req, res) {
@ -195,7 +206,8 @@ module.exports = function (Server) {
return;
}
if(!Auth.validateName(name)) {
if(!$util.isValidUserName(name)) {
ActionLog.record(ip, name, "register-failure", "Invalid name");
res.jsonp({
success: false,
@ -206,21 +218,12 @@ module.exports = function (Server) {
return;
}
if(Auth.isRegistered(name)) {
ActionLog.record(ip, name, "register-failure", "Name taken");
// db.registerUser checks if the name is taken already
db.registerUser(name, pw, function (err, session) {
if(err) {
res.jsonp({
success: false,
error: "That username is already taken"
});
return;
}
var session = Auth.register(name, pw);
if(!session) {
res.jsonp({
success: false,
error: "Registration error. Contact an administrator "+
"for assistance."
error: err
});
return;
}
@ -231,6 +234,7 @@ module.exports = function (Server) {
session: session
});
});
});
/* password change */
app.post("/api/account/passwordchange", function (req, res) {
@ -248,30 +252,29 @@ module.exports = function (Server) {
return;
}
var row = Auth.login(name, oldpw, "");
if(!row) {
db.userLoginPassword(name, oldpw, function (err, row) {
if(err) {
res.jsonp({
success: false,
error: "Invalid username/password combination"
error: err
});
return;
}
db.setUserPassword(name, newpw, function (err, row) {
if(err) {
res.jsonp({
success: false,
error: err
});
return;
}
ActionLog.record(getIP(req), name, "password-change");
var success = Auth.setUserPassword(name, newpw);
if(!success) {
res.jsonp({
success: false,
error: "Server error. Please try again or ask an "+
"administrator for assistance."
success: true
});
});
return;
}
res.jsonp({
success: true,
session: row.session_hash
});
});
@ -393,11 +396,11 @@ module.exports = function (Server) {
app.post("/api/account/profile", function (req, res) {
res.type("application/jsonp");
var name = req.body.name;
var pw = req.body.pw;
var session = req.body.session;
var img = req.body.profile_image;
var text = req.body.profile_text;
db.userLoginSession(name, session, function (err, row) {
var row = Auth.login(name, pw, session);
if(!row) {
res.jsonp({

View File

@ -682,6 +682,24 @@ Database.prototype.registerUser = function (name, pw, callback) {
return;
}
var postRegister = function (err, res) {
if(err) {
callback(err, null);
return;
}
self.createLoginSession(name, function (err, hash) {
if(err) {
// Don't confuse people into thinking the registration
// failed when it was the session that failed
callback(null, "");
return;
}
callback(null, hash);
});
};
self.isUsernameTaken(name, function (err, taken) {
if(err) {
callback(err, null);
@ -702,9 +720,7 @@ Database.prototype.registerUser = function (name, pw, callback) {
var query = "INSERT INTO registrations VALUES " +
"(NULL, ?, ?, 1, '', 0, '', '', '')";
self.query(query, [name, hash], function (err, res) {
callback(err, res);
});
self.query(query, [name, hash], postRegister);
});
});
};
@ -842,6 +858,43 @@ Database.prototype.createLoginSession = function (name, callback) {
});
};
Database.prototype.setUserPassword = function (name, pw, callback) {
var self = this;
if(typeof callback !== "function")
callback = blackHole;
bcrypt.hash(pw, 10, function (err, hash) {
if(err) {
callback(err, null);
return;
}
var query = "UPDATE registrations SET pw=? WHERE uname=?";
self.query(query, [hash, name], callback);
});
};
Database.prototype.getGlobalRank = function (name, callback) {
var self = this;
if(typeof callback !== "function")
return;
var query = "SELECT global_rank FROM registrations WHERE uname=?";
self.query(query, function (err, res) {
if(err) {
callback(err, null);
return;
}
if(res.length == 0) {
callback("User does not exist", null);
return;
}
callback(null, res[0].global_rank);
});
};
/* END REGION */
/* REGION users */