1
0
Fork 0

Merge branch 'back' into 'master'

Back

See merge request LETU/LETU!10
This commit is contained in:
Ethanell 2020-11-03 08:26:54 +01:00
commit 8519d16331
12 changed files with 127 additions and 14 deletions

View file

@ -57,6 +57,13 @@ module.exports = (sequelize, DataTypes) => {
this.setDataValue("passwordHash", hash(value, this.email));
}
},
passwordToken: {
type: DataTypes.STRING,
unique: true
},
passwordTokenDate: {
type: DataTypes.DATE
},
permissions: {
type: DataTypes.INTEGER,
defaultValue: 0,

View file

@ -2,11 +2,13 @@ const express = require("express");
const router = express.Router();
const models = require("../models");
const error = require("./utils/error");
const sessionCheck = require("./utils/sessionCheck");
router.get("/check", async (req, res) => {
if (!req.query.token)
return error(req, res, "Missing argument", 400);
let user = await models.User.findOne({where: {"emailToken": req.query.token}});
let user = await models.User.findOne({where: {emailToken: req.query.token}});
if (user) {
user.emailVerified = true;
if (user.email.endsWith("@etu.univ-lyon1.fr"))
@ -16,8 +18,21 @@ router.get("/check", async (req, res) => {
await user.save();
res.redirect("/");
} else
return error(req, res, "Invalid token", 4000);
return error(req, res, "Invalid token", 400);
});
router.get("/forget", sessionCheck(-1), async (req, res) => {
if (!req.query.token)
res.render("forget", {title: "L'ETU"});
else {
let user = await models.User.findOne({where: {passwordToken: data.token}});
if (!user)
return error(req, res, "Invalid token", 400);
else if (user.passwordTokenDate && ((new Date().getTime() - user.passwordTokenDate.getTime()) / 1000 > 3600))
return error(req, res, "Token expired", 400);
else
res.render("forget", {title: "L'ETU - Forget password"});
}
});
module.exports = router;

View file

@ -1,7 +1,8 @@
let express = require("express");
let router = express.Router();
const sessionCheck = require("./utils/sessionCheck");
router.get("/", (req, res) => {
router.get("/",sessionCheck(-1), (req, res) => {
res.render("login", { title: "L'ETU" });
});

View file

@ -2,12 +2,14 @@ let error = require("./error");
function sessionCheck(permission) {
return (req, res, next) => {
if (!req.session.user) {
if (permission === -1 && req.session.user) {
res.redirect(req.session.lastUrl);
} if (!req.session.user) {
req.session.lastUrl = req.originalUrl;
req.session.save(() => res.redirect("/login"));
} else if (req.session.user.permissions < permission)
} else if (req.session.user.permissions < permission) {
return error(req, res, "Permission denied !", 403);
else
} else
next();
}
}

View file

@ -1,9 +1,9 @@
const modules = require("../../models");
const models = require("../../models");
const emailCheck = require("../utils/emailCheck");
module.exports = socket => {
return async (data) => {
let user = await modules.User.findByPk(data.email);
let user = await models.User.findByPk(data.email);
if (!user)
socket.emit("checkResend", {error: {message: "not_found"}});
else if (user.emailVerified)

View file

@ -0,0 +1,13 @@
const models = require("../../models");
const emailPassword = require("../utils/emailPassword");
module.exports = socket => {
return async (data) => {
let user = await models.User.findByPk(data.email);
if (!user)
socket.emit("forgotPassword", {error: {message: "not_found"}});
else
await emailPassword(socket, user, null);
}
}

View file

@ -0,0 +1,19 @@
const models = require("../../models");
module.exports = socket => {
return async (data) => {
let user = await models.User.findOne({where: {passwordToken: data.token}});
if (!user)
socket.emit("setPassword", {error: {message: "invalid_token"}})
else if (user.passwordTokenDate && ((new Date().getTime() - user.passwordTokenDate.getTime()) / 1000 > 3600))
socket.emit("setPassword", {error: {message: "expired_token"}});
else {
user.passwordToken = null;
user.passwordTokenDate = null;
user.passwordHash = data.password;
await user.save();
socket.emit("setPassword", true);
}
}
}

View file

@ -1,6 +1,13 @@
module.exports = socket => {
console.log("New connection !");
if (!socket.request.session.user) {
socket.on("login", require("./login")(socket));
socket.on("register", require("./register")(socket));
socket.on("checkResend", require("./email/checkResend")(socket));
socket.on("forgotPassword", require("./email/forgotPassword")(socket));
socket.on("setPassword", require("./email/setPassword")(socket));
} else {
socket.on("profileEdit", require("./profile/edit")(socket));
}
socket.emit("connected");
}

View file

@ -1,8 +1,8 @@
const modules = require("../models");
const models = require("../models");
module.exports = socket => {
return async (data) => {
let user = await modules.User.findByPk(data.email);
let user = await models.User.findByPk(data.email);
if (!user)
socket.emit("login", {error: {message: "not_found"}});
else if (!user.checkPassword(data.password))

22
sockets/profile/edit.js Normal file
View file

@ -0,0 +1,22 @@
const models = require("../../models");
module.exports = socket => {
return async (data) => {
let user = await models.User.findByPk(data.email);
if (!user)
socket.emit("profileEdit", {error: {message: "not_found"}});
else if (!user.checkPassword(data.oldPassword))
socket.emit("profileEdit", {error: {message: "invalid_password"}})
else {
if (data.firstName !== user.firstName)
user.firstName = data.firstName;
if (data.lastName !== user.lastName)
user.lastName = data.lastName;
if (data.password && !user.checkPassword(data.password))
user.passwordHash = data.password
socket.request.session.user = user;
socket.request.session.save();
socket.emit("profileEdit", user)
}
}
}

View file

@ -1,9 +1,9 @@
const modules = require("../models");
const models = require("../models");
const emailCheck = require("./utils/emailCheck");
module.exports = socket => {
return async (data) => {
if (await modules.User.findByPk(data.email))
if (await models.User.findByPk(data.email))
socket.emit("register", {error: {message: "email_used"}});
else if ((!data.email.endsWith("@univ-lyon1.fr")) && (!data.email.endsWith("@etu.univ-lyon1.fr")))
socket.emit("register", {error: {message: "invalid_email"}});

View file

@ -0,0 +1,27 @@
let crypto = require("crypto");
let models = require("../../models");
let Message = require("emailjs").Message;
const config = require("../../config/config.json");
module.exports = async (socket, user, callBack) => {
let token = crypto.randomBytes(16).toString("hex");
while (await models.User.findOne({where: {passwordToken: token}}))
token = crypto.randomBytes(16).toString("hex");
socket.server.mailClient.send( new Message({
text: `${config.email.mailPath}/email/forget?token=${token}`,
from: config.email.from,
to: user.email,
subject: "forgot password"
}), async (err, message) => {
if (err)
socket.emit("forgotPassword", {error: {message: "fail_send_mail"}})
else {
user.passwordToken = token;
user.passwordTokenDate = new Date();
await user.save();
socket.emit("forgotPassword", true);
}
});
};