commit
8519d16331
12 changed files with 127 additions and 14 deletions
|
@ -57,6 +57,13 @@ module.exports = (sequelize, DataTypes) => {
|
||||||
this.setDataValue("passwordHash", hash(value, this.email));
|
this.setDataValue("passwordHash", hash(value, this.email));
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
passwordToken: {
|
||||||
|
type: DataTypes.STRING,
|
||||||
|
unique: true
|
||||||
|
},
|
||||||
|
passwordTokenDate: {
|
||||||
|
type: DataTypes.DATE
|
||||||
|
},
|
||||||
permissions: {
|
permissions: {
|
||||||
type: DataTypes.INTEGER,
|
type: DataTypes.INTEGER,
|
||||||
defaultValue: 0,
|
defaultValue: 0,
|
||||||
|
|
|
@ -2,11 +2,13 @@ const express = require("express");
|
||||||
const router = express.Router();
|
const router = express.Router();
|
||||||
const models = require("../models");
|
const models = require("../models");
|
||||||
const error = require("./utils/error");
|
const error = require("./utils/error");
|
||||||
|
const sessionCheck = require("./utils/sessionCheck");
|
||||||
|
|
||||||
|
|
||||||
router.get("/check", async (req, res) => {
|
router.get("/check", async (req, res) => {
|
||||||
if (!req.query.token)
|
if (!req.query.token)
|
||||||
return error(req, res, "Missing argument", 400);
|
return error(req, res, "Missing argument", 400);
|
||||||
let user = await models.User.findOne({where: {"emailToken": req.query.token}});
|
let user = await models.User.findOne({where: {emailToken: req.query.token}});
|
||||||
if (user) {
|
if (user) {
|
||||||
user.emailVerified = true;
|
user.emailVerified = true;
|
||||||
if (user.email.endsWith("@etu.univ-lyon1.fr"))
|
if (user.email.endsWith("@etu.univ-lyon1.fr"))
|
||||||
|
@ -16,8 +18,21 @@ router.get("/check", async (req, res) => {
|
||||||
await user.save();
|
await user.save();
|
||||||
res.redirect("/");
|
res.redirect("/");
|
||||||
} else
|
} else
|
||||||
return error(req, res, "Invalid token", 4000);
|
return error(req, res, "Invalid token", 400);
|
||||||
});
|
});
|
||||||
|
|
||||||
|
router.get("/forget", sessionCheck(-1), async (req, res) => {
|
||||||
|
if (!req.query.token)
|
||||||
|
res.render("forget", {title: "L'ETU"});
|
||||||
|
else {
|
||||||
|
let user = await models.User.findOne({where: {passwordToken: data.token}});
|
||||||
|
if (!user)
|
||||||
|
return error(req, res, "Invalid token", 400);
|
||||||
|
else if (user.passwordTokenDate && ((new Date().getTime() - user.passwordTokenDate.getTime()) / 1000 > 3600))
|
||||||
|
return error(req, res, "Token expired", 400);
|
||||||
|
else
|
||||||
|
res.render("forget", {title: "L'ETU - Forget password"});
|
||||||
|
}
|
||||||
|
});
|
||||||
|
|
||||||
module.exports = router;
|
module.exports = router;
|
||||||
|
|
|
@ -1,7 +1,8 @@
|
||||||
let express = require("express");
|
let express = require("express");
|
||||||
let router = express.Router();
|
let router = express.Router();
|
||||||
|
const sessionCheck = require("./utils/sessionCheck");
|
||||||
|
|
||||||
router.get("/", (req, res) => {
|
router.get("/",sessionCheck(-1), (req, res) => {
|
||||||
res.render("login", { title: "L'ETU" });
|
res.render("login", { title: "L'ETU" });
|
||||||
});
|
});
|
||||||
|
|
||||||
|
|
|
@ -2,12 +2,14 @@ let error = require("./error");
|
||||||
|
|
||||||
function sessionCheck(permission) {
|
function sessionCheck(permission) {
|
||||||
return (req, res, next) => {
|
return (req, res, next) => {
|
||||||
if (!req.session.user) {
|
if (permission === -1 && req.session.user) {
|
||||||
|
res.redirect(req.session.lastUrl);
|
||||||
|
} if (!req.session.user) {
|
||||||
req.session.lastUrl = req.originalUrl;
|
req.session.lastUrl = req.originalUrl;
|
||||||
req.session.save(() => res.redirect("/login"));
|
req.session.save(() => res.redirect("/login"));
|
||||||
} else if (req.session.user.permissions < permission)
|
} else if (req.session.user.permissions < permission) {
|
||||||
return error(req, res, "Permission denied !", 403);
|
return error(req, res, "Permission denied !", 403);
|
||||||
else
|
} else
|
||||||
next();
|
next();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,9 +1,9 @@
|
||||||
const modules = require("../../models");
|
const models = require("../../models");
|
||||||
const emailCheck = require("../utils/emailCheck");
|
const emailCheck = require("../utils/emailCheck");
|
||||||
|
|
||||||
module.exports = socket => {
|
module.exports = socket => {
|
||||||
return async (data) => {
|
return async (data) => {
|
||||||
let user = await modules.User.findByPk(data.email);
|
let user = await models.User.findByPk(data.email);
|
||||||
if (!user)
|
if (!user)
|
||||||
socket.emit("checkResend", {error: {message: "not_found"}});
|
socket.emit("checkResend", {error: {message: "not_found"}});
|
||||||
else if (user.emailVerified)
|
else if (user.emailVerified)
|
||||||
|
|
13
sockets/email/forgotPassword.js
Normal file
13
sockets/email/forgotPassword.js
Normal file
|
@ -0,0 +1,13 @@
|
||||||
|
const models = require("../../models");
|
||||||
|
const emailPassword = require("../utils/emailPassword");
|
||||||
|
|
||||||
|
|
||||||
|
module.exports = socket => {
|
||||||
|
return async (data) => {
|
||||||
|
let user = await models.User.findByPk(data.email);
|
||||||
|
if (!user)
|
||||||
|
socket.emit("forgotPassword", {error: {message: "not_found"}});
|
||||||
|
else
|
||||||
|
await emailPassword(socket, user, null);
|
||||||
|
}
|
||||||
|
}
|
19
sockets/email/setPassword.js
Normal file
19
sockets/email/setPassword.js
Normal file
|
@ -0,0 +1,19 @@
|
||||||
|
const models = require("../../models");
|
||||||
|
|
||||||
|
|
||||||
|
module.exports = socket => {
|
||||||
|
return async (data) => {
|
||||||
|
let user = await models.User.findOne({where: {passwordToken: data.token}});
|
||||||
|
if (!user)
|
||||||
|
socket.emit("setPassword", {error: {message: "invalid_token"}})
|
||||||
|
else if (user.passwordTokenDate && ((new Date().getTime() - user.passwordTokenDate.getTime()) / 1000 > 3600))
|
||||||
|
socket.emit("setPassword", {error: {message: "expired_token"}});
|
||||||
|
else {
|
||||||
|
user.passwordToken = null;
|
||||||
|
user.passwordTokenDate = null;
|
||||||
|
user.passwordHash = data.password;
|
||||||
|
await user.save();
|
||||||
|
socket.emit("setPassword", true);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,6 +1,13 @@
|
||||||
module.exports = socket => {
|
module.exports = socket => {
|
||||||
console.log("New connection !");
|
console.log("New connection !");
|
||||||
socket.on("login", require("./login")(socket));
|
if (!socket.request.session.user) {
|
||||||
socket.on("register", require("./register")(socket));
|
socket.on("login", require("./login")(socket));
|
||||||
|
socket.on("register", require("./register")(socket));
|
||||||
|
socket.on("checkResend", require("./email/checkResend")(socket));
|
||||||
|
socket.on("forgotPassword", require("./email/forgotPassword")(socket));
|
||||||
|
socket.on("setPassword", require("./email/setPassword")(socket));
|
||||||
|
} else {
|
||||||
|
socket.on("profileEdit", require("./profile/edit")(socket));
|
||||||
|
}
|
||||||
socket.emit("connected");
|
socket.emit("connected");
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,8 +1,8 @@
|
||||||
const modules = require("../models");
|
const models = require("../models");
|
||||||
|
|
||||||
module.exports = socket => {
|
module.exports = socket => {
|
||||||
return async (data) => {
|
return async (data) => {
|
||||||
let user = await modules.User.findByPk(data.email);
|
let user = await models.User.findByPk(data.email);
|
||||||
if (!user)
|
if (!user)
|
||||||
socket.emit("login", {error: {message: "not_found"}});
|
socket.emit("login", {error: {message: "not_found"}});
|
||||||
else if (!user.checkPassword(data.password))
|
else if (!user.checkPassword(data.password))
|
||||||
|
|
22
sockets/profile/edit.js
Normal file
22
sockets/profile/edit.js
Normal file
|
@ -0,0 +1,22 @@
|
||||||
|
const models = require("../../models");
|
||||||
|
|
||||||
|
module.exports = socket => {
|
||||||
|
return async (data) => {
|
||||||
|
let user = await models.User.findByPk(data.email);
|
||||||
|
if (!user)
|
||||||
|
socket.emit("profileEdit", {error: {message: "not_found"}});
|
||||||
|
else if (!user.checkPassword(data.oldPassword))
|
||||||
|
socket.emit("profileEdit", {error: {message: "invalid_password"}})
|
||||||
|
else {
|
||||||
|
if (data.firstName !== user.firstName)
|
||||||
|
user.firstName = data.firstName;
|
||||||
|
if (data.lastName !== user.lastName)
|
||||||
|
user.lastName = data.lastName;
|
||||||
|
if (data.password && !user.checkPassword(data.password))
|
||||||
|
user.passwordHash = data.password
|
||||||
|
socket.request.session.user = user;
|
||||||
|
socket.request.session.save();
|
||||||
|
socket.emit("profileEdit", user)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -1,9 +1,9 @@
|
||||||
const modules = require("../models");
|
const models = require("../models");
|
||||||
const emailCheck = require("./utils/emailCheck");
|
const emailCheck = require("./utils/emailCheck");
|
||||||
|
|
||||||
module.exports = socket => {
|
module.exports = socket => {
|
||||||
return async (data) => {
|
return async (data) => {
|
||||||
if (await modules.User.findByPk(data.email))
|
if (await models.User.findByPk(data.email))
|
||||||
socket.emit("register", {error: {message: "email_used"}});
|
socket.emit("register", {error: {message: "email_used"}});
|
||||||
else if ((!data.email.endsWith("@univ-lyon1.fr")) && (!data.email.endsWith("@etu.univ-lyon1.fr")))
|
else if ((!data.email.endsWith("@univ-lyon1.fr")) && (!data.email.endsWith("@etu.univ-lyon1.fr")))
|
||||||
socket.emit("register", {error: {message: "invalid_email"}});
|
socket.emit("register", {error: {message: "invalid_email"}});
|
||||||
|
|
27
sockets/utils/emailPassword.js
Normal file
27
sockets/utils/emailPassword.js
Normal file
|
@ -0,0 +1,27 @@
|
||||||
|
let crypto = require("crypto");
|
||||||
|
let models = require("../../models");
|
||||||
|
let Message = require("emailjs").Message;
|
||||||
|
const config = require("../../config/config.json");
|
||||||
|
|
||||||
|
|
||||||
|
module.exports = async (socket, user, callBack) => {
|
||||||
|
let token = crypto.randomBytes(16).toString("hex");
|
||||||
|
while (await models.User.findOne({where: {passwordToken: token}}))
|
||||||
|
token = crypto.randomBytes(16).toString("hex");
|
||||||
|
|
||||||
|
socket.server.mailClient.send( new Message({
|
||||||
|
text: `${config.email.mailPath}/email/forget?token=${token}`,
|
||||||
|
from: config.email.from,
|
||||||
|
to: user.email,
|
||||||
|
subject: "forgot password"
|
||||||
|
}), async (err, message) => {
|
||||||
|
if (err)
|
||||||
|
socket.emit("forgotPassword", {error: {message: "fail_send_mail"}})
|
||||||
|
else {
|
||||||
|
user.passwordToken = token;
|
||||||
|
user.passwordTokenDate = new Date();
|
||||||
|
await user.save();
|
||||||
|
socket.emit("forgotPassword", true);
|
||||||
|
}
|
||||||
|
});
|
||||||
|
};
|
Reference in a new issue