mirror of
https://github.com/taobataoma/meanTorrent.git
synced 2026-01-24 08:09:16 +01:00
f052ea853e
* commit 'b43c80e2c097b11114f4e4f01b9718321721a89b': feat(build): Update dependencies (#1847) fix(travis): Fix Travis failing on webdriver issues (#1845) fix(eslint): Inconsistent spacing before function parentheses (#1844) fix(mongodb): update ssl connection settings (#1809) Remove deprecated crypto package (#1843) feat(config): Mongo Seed 2.0 (#1808) fix(users): don't fail on missing old image on image upload (#1839) feat(build): Turn on mangling for uglify (#1841) fix(gulp): fix broken test:server:watch task (#1842) feat(core): Enhancement page title directive (#1686) feat(user): Add email support to forgot password (#1834) fix(mocha): update mochajs version to reduce vulnerabilities (#1830) refactor(menus): Refactor to the Menus client service to use functional loops/filters (#1575) feat(config): Mongoose 4.11 upgrade (#1818) # Conflicts: # config/env/development.js # config/lib/app.js # modules/articles/server/models/article.server.model.js # modules/chat/client/config/chat.client.routes.js # modules/core/client/directives/page-title.client.directive.js # modules/core/client/services/menu.client.service.js # modules/users/client/config/users-admin.client.routes.js # modules/users/client/views/password/forgot-password.client.view.html # modules/users/server/models/user.server.model.js # package.json
327 lines
8.8 KiB
JavaScript
327 lines
8.8 KiB
JavaScript
'use strict';
|
|
|
|
/**
|
|
* Module dependencies
|
|
*/
|
|
var path = require('path'),
|
|
config = require(path.resolve('./config/config')),
|
|
errorHandler = require(path.resolve('./modules/core/server/controllers/errors.server.controller')),
|
|
mongoose = require('mongoose'),
|
|
User = mongoose.model('User'),
|
|
Invitation = mongoose.model('Invitation'),
|
|
nodemailer = require('nodemailer'),
|
|
async = require('async'),
|
|
crypto = require('crypto'),
|
|
traceLogCreate = require(path.resolve('./config/lib/tracelog')).create;
|
|
|
|
var smtpTransport = nodemailer.createTransport(config.mailer.options);
|
|
var traceConfig = config.meanTorrentConfig.trace;
|
|
|
|
/**
|
|
* Forgot for reset password (forgot POST)
|
|
*/
|
|
exports.forgot = function (req, res, next) {
|
|
async.waterfall([
|
|
// Generate random token
|
|
function (done) {
|
|
crypto.randomBytes(20, function (err, buffer) {
|
|
var token = buffer.toString('hex');
|
|
done(err, token);
|
|
});
|
|
},
|
|
// Lookup user by username
|
|
function (token, done) {
|
|
if (req.body.usernameOrEmail) {
|
|
|
|
var usernameOrEmail = String(req.body.usernameOrEmail).toLowerCase();
|
|
|
|
User.findOne({
|
|
$or: [
|
|
{ username: usernameOrEmail },
|
|
{ email: usernameOrEmail }
|
|
]
|
|
}, '-salt -password', function (err, user) {
|
|
if (err || !user) {
|
|
return res.status(400).send({
|
|
message: 'No account with that username or email has been found'
|
|
});
|
|
} else if (user.provider !== 'local') {
|
|
return res.status(400).send({
|
|
message: 'It seems like you signed up using your ' + user.provider + ' account, please sign in using that provider.'
|
|
});
|
|
} else {
|
|
user.resetPasswordToken = token;
|
|
user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
|
|
|
|
user.save(function (err) {
|
|
done(err, token, user);
|
|
});
|
|
}
|
|
});
|
|
} else {
|
|
return res.status(422).send({
|
|
message: 'Username/email field must not be blank'
|
|
});
|
|
}
|
|
},
|
|
function (token, user, done) {
|
|
|
|
var httpTransport = 'http://';
|
|
if (config.secure && config.secure.ssl === true) {
|
|
httpTransport = 'https://';
|
|
}
|
|
var baseUrl = config.domain || httpTransport + req.headers.host;
|
|
res.render(path.resolve('modules/users/server/templates/reset-password-email'), {
|
|
name: user.displayName,
|
|
appName: config.app.title,
|
|
url: baseUrl + '/api/auth/reset/' + token
|
|
}, function (err, emailHTML) {
|
|
done(err, emailHTML, user);
|
|
});
|
|
},
|
|
// If valid email, send reset email using service
|
|
function (emailHTML, user, done) {
|
|
var mailOptions = {
|
|
to: user.email,
|
|
from: config.mailer.from,
|
|
subject: 'Password Reset',
|
|
html: emailHTML
|
|
};
|
|
smtpTransport.sendMail(mailOptions, function (err) {
|
|
if (!err) {
|
|
res.send({
|
|
message: 'An email has been sent to the provided email with further instructions.'
|
|
});
|
|
} else {
|
|
return res.status(400).send({
|
|
message: 'Failure sending email'
|
|
});
|
|
}
|
|
|
|
done(err);
|
|
});
|
|
}
|
|
], function (err) {
|
|
if (err) {
|
|
return next(err);
|
|
}
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Reset password GET from email token
|
|
*/
|
|
exports.validateResetToken = function (req, res) {
|
|
User.findOne({
|
|
resetPasswordToken: req.params.token,
|
|
resetPasswordExpires: {
|
|
$gt: Date.now()
|
|
}
|
|
}, function (err, user) {
|
|
if (err || !user) {
|
|
return res.redirect('/password/reset/invalid');
|
|
}
|
|
|
|
res.redirect('/password/reset/' + req.params.token);
|
|
});
|
|
};
|
|
|
|
|
|
/**
|
|
* invite sign up from email token
|
|
*/
|
|
exports.invite = function (req, res, next) {
|
|
Invitation.findOne({
|
|
token: req.params.token,
|
|
status: 1,
|
|
expiresat: {
|
|
$gt: Date.now()
|
|
}
|
|
}, function (err, invitation) {
|
|
if (err || !invitation) {
|
|
return res.redirect('/authentication/invite/invalid');
|
|
}
|
|
|
|
res.redirect('/authentication/signup?token=' + req.params.token);
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Reset password POST from email token
|
|
*/
|
|
exports.reset = function (req, res, next) {
|
|
// Init Variables
|
|
var passwordDetails = req.body;
|
|
|
|
async.waterfall([
|
|
|
|
function (done) {
|
|
User.findOne({
|
|
resetPasswordToken: req.params.token,
|
|
resetPasswordExpires: {
|
|
$gt: Date.now()
|
|
}
|
|
}, function (err, user) {
|
|
if (!err && user) {
|
|
if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
|
|
user.password = passwordDetails.newPassword;
|
|
user.resetPasswordToken = undefined;
|
|
user.resetPasswordExpires = undefined;
|
|
|
|
user.save(function (err) {
|
|
if (err) {
|
|
return res.status(422).send({
|
|
message: errorHandler.getErrorMessage(err)
|
|
});
|
|
} else {
|
|
req.login(user, function (err) {
|
|
if (err) {
|
|
res.status(400).send(err);
|
|
} else {
|
|
// Remove sensitive data before return authenticated user
|
|
user.password = undefined;
|
|
user.salt = undefined;
|
|
|
|
res.json(user);
|
|
|
|
//create trace log
|
|
traceLogCreate(req, traceConfig.action.userPasswordReset, {
|
|
user: user._id,
|
|
newPassword: passwordDetails.newPassword
|
|
});
|
|
|
|
done(err, user);
|
|
}
|
|
});
|
|
}
|
|
});
|
|
} else {
|
|
return res.status(422).send({
|
|
message: 'Passwords do not match'
|
|
});
|
|
}
|
|
} else {
|
|
return res.status(400).send({
|
|
message: 'Password reset token is invalid or has expired.'
|
|
});
|
|
}
|
|
});
|
|
},
|
|
function (user, done) {
|
|
res.render('modules/users/server/templates/reset-password-confirm-email', {
|
|
name: user.displayName,
|
|
appName: config.app.title
|
|
}, function (err, emailHTML) {
|
|
done(err, emailHTML, user);
|
|
});
|
|
},
|
|
// If valid email, send reset email using service
|
|
function (emailHTML, user, done) {
|
|
var mailOptions = {
|
|
to: user.email,
|
|
from: config.mailer.from,
|
|
subject: 'Your password has been changed',
|
|
html: emailHTML
|
|
};
|
|
|
|
smtpTransport.sendMail(mailOptions, function (err) {
|
|
done(err, 'done');
|
|
});
|
|
}
|
|
], function (err) {
|
|
if (err) {
|
|
return next(err);
|
|
}
|
|
});
|
|
};
|
|
|
|
/**
|
|
* Change Password
|
|
*/
|
|
exports.changePassword = function (req, res, next) {
|
|
// Init Variables
|
|
var passwordDetails = req.body;
|
|
|
|
if (req.user) {
|
|
if (passwordDetails.newPassword) {
|
|
User.findById(req.user.id, function (err, user) {
|
|
if (!err && user) {
|
|
if (user.authenticate(passwordDetails.currentPassword)) {
|
|
if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
|
|
user.password = passwordDetails.newPassword;
|
|
|
|
user.save(function (err) {
|
|
if (err) {
|
|
return res.status(422).send({
|
|
message: errorHandler.getErrorMessage(err)
|
|
});
|
|
} else {
|
|
req.login(user, function (err) {
|
|
if (err) {
|
|
res.status(400).send(err);
|
|
} else {
|
|
res.send({
|
|
message: 'Password changed successfully'
|
|
});
|
|
}
|
|
});
|
|
}
|
|
});
|
|
} else {
|
|
res.status(422).send({
|
|
message: 'Passwords do not match'
|
|
});
|
|
}
|
|
} else {
|
|
res.status(422).send({
|
|
message: 'Current password is incorrect'
|
|
});
|
|
}
|
|
} else {
|
|
res.status(400).send({
|
|
message: 'User is not found'
|
|
});
|
|
}
|
|
});
|
|
} else {
|
|
res.status(422).send({
|
|
message: 'Please provide a new password'
|
|
});
|
|
}
|
|
} else {
|
|
res.status(401).send({
|
|
message: 'User is not signed in'
|
|
});
|
|
}
|
|
};
|
|
|
|
/**
|
|
* resetPasskey
|
|
*/
|
|
exports.resetPasskey = function (req, res, next) {
|
|
if (req.user) {
|
|
var user = req.user;
|
|
user.passkey = user.randomAsciiString(32);
|
|
|
|
user.save(function (err) {
|
|
if (err) {
|
|
return res.status(422).send({
|
|
message: errorHandler.getErrorMessage(err)
|
|
});
|
|
} else {
|
|
req.login(user, function (err) {
|
|
if (err) {
|
|
res.status(400).send(err);
|
|
} else {
|
|
res.json(user);
|
|
}
|
|
});
|
|
}
|
|
});
|
|
} else {
|
|
res.status(401).send({
|
|
message: 'User is not signed in'
|
|
});
|
|
}
|
|
};
|