IUT_Informatique/letu
Archived
1
0
Fork 0
Code Activity

Merge branch 'back' into 'master'

Browse source 
Back

See merge request LETU/LETU!10
This commit is contained in:
Ethanell 2020-11-03 08:26:54 +01:00
commit 8519d16331
12 changed files with 127 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
models/user.js
View file

@ -57,6 +57,13 @@ module.exports = (sequelize, DataTypes) => {
this.setDataValue("passwordHash", hash(value, this.email)); this.setDataValue("passwordHash", hash(value, this.email));
} }
}, },
passwordToken: {
type: DataTypes.STRING,
unique: true
},
passwordTokenDate: {
type: DataTypes.DATE
},
permissions: { permissions: {
type: DataTypes.INTEGER, type: DataTypes.INTEGER,
defaultValue: 0, defaultValue: 0,

19
routes/email.js
View file

@ -2,11 +2,13 @@ const express = require("express");
const router = express.Router(); const router = express.Router();
const models = require("../models"); const models = require("../models");
const error = require("./utils/error"); const error = require("./utils/error");
const sessionCheck = require("./utils/sessionCheck");
router.get("/check", async (req, res) => { router.get("/check", async (req, res) => {
if (!req.query.token) if (!req.query.token)
return error(req, res, "Missing argument", 400); return error(req, res, "Missing argument", 400);
let user = await models.User.findOne({where: {"emailToken": req.query.token}}); let user = await models.User.findOne({where: {emailToken: req.query.token}});
if (user) { if (user) {
user.emailVerified = true; user.emailVerified = true;
if (user.email.endsWith("@etu.univ-lyon1.fr")) if (user.email.endsWith("@etu.univ-lyon1.fr"))
@ -16,8 +18,21 @@ router.get("/check", async (req, res) => {
await user.save(); await user.save();
res.redirect("/"); res.redirect("/");
} else } else
return error(req, res, "Invalid token", 4000); return error(req, res, "Invalid token", 400);
}); });
router.get("/forget", sessionCheck(-1), async (req, res) => {
if (!req.query.token)
res.render("forget", {title: "L'ETU"});
else {
let user = await models.User.findOne({where: {passwordToken: data.token}});
if (!user)
return error(req, res, "Invalid token", 400);
else if (user.passwordTokenDate && ((new Date().getTime() - user.passwordTokenDate.getTime()) / 1000 > 3600))
return error(req, res, "Token expired", 400);
else
res.render("forget", {title: "L'ETU - Forget password"});
}
});
module.exports = router; module.exports = router;

3
routes/login.js
View file

@ -1,7 +1,8 @@
let express = require("express"); let express = require("express");
let router = express.Router(); let router = express.Router();
const sessionCheck = require("./utils/sessionCheck");
router.get("/", (req, res) => { router.get("/",sessionCheck(-1), (req, res) => {
res.render("login", { title: "L'ETU" }); res.render("login", { title: "L'ETU" });
}); });

8
routes/utils/sessionCheck.js
View file

@ -2,12 +2,14 @@ let error = require("./error");
function sessionCheck(permission) { function sessionCheck(permission) {
return (req, res, next) => { return (req, res, next) => {
if (!req.session.user) { if (permission === -1 && req.session.user) {
res.redirect(req.session.lastUrl);
} if (!req.session.user) {
req.session.lastUrl = req.originalUrl; req.session.lastUrl = req.originalUrl;
req.session.save(() => res.redirect("/login")); req.session.save(() => res.redirect("/login"));
} else if (req.session.user.permissions < permission) } else if (req.session.user.permissions < permission) {
return error(req, res, "Permission denied !", 403); return error(req, res, "Permission denied !", 403);
else } else
next(); next();
} }
} }

4
sockets/email/checkResend.js
View file

@ -1,9 +1,9 @@
const modules = require("../../models"); const models = require("../../models");
const emailCheck = require("../utils/emailCheck"); const emailCheck = require("../utils/emailCheck");
module.exports = socket => { module.exports = socket => {
return async (data) => { return async (data) => {
let user = await modules.User.findByPk(data.email); let user = await models.User.findByPk(data.email);
if (!user) if (!user)
socket.emit("checkResend", {error: {message: "not_found"}}); socket.emit("checkResend", {error: {message: "not_found"}});
else if (user.emailVerified) else if (user.emailVerified)

13
sockets/email/forgotPassword.js Normal file
View file

@ -0,0 +1,13 @@
const models = require("../../models");
const emailPassword = require("../utils/emailPassword");
module.exports = socket => {
return async (data) => {
let user = await models.User.findByPk(data.email);
if (!user)
socket.emit("forgotPassword", {error: {message: "not_found"}});
else
await emailPassword(socket, user, null);
}
}

19
sockets/email/setPassword.js Normal file
View file

@ -0,0 +1,19 @@
const models = require("../../models");
module.exports = socket => {
return async (data) => {
let user = await models.User.findOne({where: {passwordToken: data.token}});
if (!user)
socket.emit("setPassword", {error: {message: "invalid_token"}})
else if (user.passwordTokenDate && ((new Date().getTime() - user.passwordTokenDate.getTime()) / 1000 > 3600))
socket.emit("setPassword", {error: {message: "expired_token"}});
else {
user.passwordToken = null;
user.passwordTokenDate = null;
user.passwordHash = data.password;
await user.save();
socket.emit("setPassword", true);
}
}
}

7
sockets/index.js
View file

@ -1,6 +1,13 @@
module.exports = socket => { module.exports = socket => {
console.log("New connection !"); console.log("New connection !");
if (!socket.request.session.user) {
socket.on("login", require("./login")(socket)); socket.on("login", require("./login")(socket));
socket.on("register", require("./register")(socket)); socket.on("register", require("./register")(socket));
socket.on("checkResend", require("./email/checkResend")(socket));
socket.on("forgotPassword", require("./email/forgotPassword")(socket));
socket.on("setPassword", require("./email/setPassword")(socket));
} else {
socket.on("profileEdit", require("./profile/edit")(socket));
}
socket.emit("connected"); socket.emit("connected");
} }

4
sockets/login.js
View file

@ -1,8 +1,8 @@
const modules = require("../models"); const models = require("../models");
module.exports = socket => { module.exports = socket => {
return async (data) => { return async (data) => {
let user = await modules.User.findByPk(data.email); let user = await models.User.findByPk(data.email);
if (!user) if (!user)
socket.emit("login", {error: {message: "not_found"}}); socket.emit("login", {error: {message: "not_found"}});
else if (!user.checkPassword(data.password)) else if (!user.checkPassword(data.password))

22
sockets/profile/edit.js Normal file
View file

@ -0,0 +1,22 @@
const models = require("../../models");
module.exports = socket => {
return async (data) => {
let user = await models.User.findByPk(data.email);
if (!user)
socket.emit("profileEdit", {error: {message: "not_found"}});
else if (!user.checkPassword(data.oldPassword))
socket.emit("profileEdit", {error: {message: "invalid_password"}})
else {
if (data.firstName !== user.firstName)
user.firstName = data.firstName;
if (data.lastName !== user.lastName)
user.lastName = data.lastName;
if (data.password && !user.checkPassword(data.password))
user.passwordHash = data.password
socket.request.session.user = user;
socket.request.session.save();
socket.emit("profileEdit", user)
}
}
}

4
sockets/register.js
View file

@ -1,9 +1,9 @@
const modules = require("../models"); const models = require("../models");
const emailCheck = require("./utils/emailCheck"); const emailCheck = require("./utils/emailCheck");
module.exports = socket => { module.exports = socket => {
return async (data) => { return async (data) => {
if (await modules.User.findByPk(data.email)) if (await models.User.findByPk(data.email))
socket.emit("register", {error: {message: "email_used"}}); socket.emit("register", {error: {message: "email_used"}});
else if ((!data.email.endsWith("@univ-lyon1.fr")) && (!data.email.endsWith("@etu.univ-lyon1.fr"))) else if ((!data.email.endsWith("@univ-lyon1.fr")) && (!data.email.endsWith("@etu.univ-lyon1.fr")))
socket.emit("register", {error: {message: "invalid_email"}}); socket.emit("register", {error: {message: "invalid_email"}});

27
sockets/utils/emailPassword.js Normal file
View file

@ -0,0 +1,27 @@
let crypto = require("crypto");
let models = require("../../models");
let Message = require("emailjs").Message;
const config = require("../../config/config.json");
module.exports = async (socket, user, callBack) => {
let token = crypto.randomBytes(16).toString("hex");
while (await models.User.findOne({where: {passwordToken: token}}))
token = crypto.randomBytes(16).toString("hex");
socket.server.mailClient.send( new Message({
text: `${config.email.mailPath}/email/forget?token=${token}`,
from: config.email.from,
to: user.email,
subject: "forgot password"
}), async (err, message) => {
if (err)
socket.emit("forgotPassword", {error: {message: "fail_send_mail"}})
else {
user.passwordToken = token;
user.passwordTokenDate = new Date();
await user.save();
socket.emit("forgotPassword", true);
}
});
};