.then(function(rows) {
if(rows.length) { // if the user exists
var user = rows[0];
// ensure the password matches the hashed password in the database
if(passwordHash.verify(req.body.password, user.password)) {
res.status(200)
.send({
login: "******",
auth: genToken(user)
});
} else { // invalid password
res.status(400)
.send({
login: "******"
});
}
} else { // user doesn't exist
res.status(400)
.send({
login: "******"
});
}
});
}).then(function(user) {
if (!user) {
res.status(401).json({
errors: {
password: '******'
}
});
} else if (user) {
// check if password matches
if (passwordHash.verify(req.body.password, user.password)) {
user.token = jwt.sign(user, process.env.APP_KEY);
//user.token = jwt.sign(user, process.env.APP_KEY);
user.save().then(function(user1) {
res.json({
data: user1,
token: user1.token
});
});
} else {
res.status(401).json({
errors: {
password: '******'
}
});
}
}
}, function(err) {
function handleVolunteer(status){
if(status.status === StatusProvider.OK){
var volunteer = status.data;
if(hash.verify(password, volunteer.password)){
log.info(ResponseProvider.SUCCESS_LOGIN, target);
var role = CheckinService.getRole(username);
var token = generate_key();
saveToken(username, token);
var publicVolunteer = new PublicVolunteer(volunteer);
callback({status: StatusProvider.OK, message: ResponseProvider.SUCCESS_LOGIN, data: publicVolunteer, meta: {token: token, role: role}});
} else {
log.warn(ResponseProvider.WRONG_PASS, target);
callback({status: StatusProvider.FAILED, message: ResponseProvider.WRONG_PASS});
}
} else {
log.warn(ResponseProvider.WRONG_USERNAME, target);
callback({status: StatusProvider.FAILED, message: ResponseProvider.WRONG_USERNAME});
}
}
function(err, result) {
if(err) {
done();
console.error(err);
res.sendStatus(406).end();
}else if(!result || result.rows.length === 0) {
done();
res.sendStatus(404).end();
}else {
var hashpass = '******' + result.rows[0].salt + '$1$' + result.rows[0].pass;
// If authorized
if(passHash.verify(req.body.pass, hashpass)) {
client.query('DELETE FROM group_posts WHERE groupname=\'' +
group.body.groupname + '\'AND id=\'' + group.body.id + '\';',
function(err, result) {
done();
if(err) {
console.error(err);
res.sendStatus(406).end();
// If finished, send Accepted
} else {
res.sendStatus(201).end();
}
});
}else {
done();
res.sendStatus(403).end();
}
}
});
database.getUserPW(username, function(ret){
if(ret != null){
callback(passwordHash.verify(userpw, ret));
}else{
callback(false);
}
});
}, function (err, data) {
if (err) {
self.sendResponse(res, err, data);
} else {
if (data.length) {
if (passwordHash.verify(req.body.password, data[0].password)) {
req.session.user = true;
res.send(200, {
status: 'success',
data: data[0]._id
});
} else {
res.send(401, {
status: 'error',
message: 'Incorrect password'
});
}
} else {
res.send(401, {
status: 'error',
message: 'Incorrect email'
});
}
}
});
.findOne({email: req.body.email}, function (err, doc) {
if(err){
return res.status(404).json({
title: 'An error occurred',
error: err
});
}
if(!doc){
return res.status(404).json({
title: 'No user found',
error: {message: 'User could not be found'}
});
}
if(!passwordHash.verify(req.body.password, doc.password)){
return res.status(404).json({
title: 'Could not signin',
error: {message: 'Invalid User and/or Password'}
});
}
//User authenticated
var token = jwt.sign({user: doc.email}, 'secret', {expiresIn: 7200});
res.status(200).json({
message: 'Success',
token: token,
userId: doc._id
});
});
client.query('SELECT "_id", "nickname", "avatar","password","profile_level" from "User" WHERE email like \''+email+'\'', function(err, result) {
if(handleError(err)) return;
if(result.rows.length > 0) { // SIGN IN. check password.
var hash_password = hash.generate(password);
done();
if(hash.verify(password, result.rows[0].password)) { // sign in success. return token.
if(result.rows[0].profile_level >= 1) {
var token = jsonwebtoken.sign({ _id: result.rows[0]._id, nickname : result.rows[0].nickname, avatar : result.rows[0].avatar}, jwt_secret);
res.jsonp({retcod: 0, token : token, avatar : result.rows[0].avatar, nickname : result.rows[0].nickname});
} else {
res.jsonp({retcod: 1, id : result.rows[0]._id});
}
} else { // sign in false. return 403 error.
res.jsonp({retcod: -1});
}
} else { // there is no record for this user, SIGN UP then login by return token
var hash_password = hash.generate(password);
client.query('INSERT INTO "User"(email, password) VALUES(\''+email+'\', \''+hash_password+'\') RETURNING _id', function(err, result) {
if(handleError(err)) return;
done();
console.log('Success Create new Account but have to Register basic before can use. id = ' + result.rows[0]._id);
res.jsonp({retcod: 1, id : result.rows[0]._id});
client.end();
});
}
client.end();
});
query("SELECT id,username,password,secret_key,token,token_create_time FROM user WHERE id=?",[id]).then(function (data) {
var queryResult = data[0][0];
if(data[0] && queryResult && passwordHash.verify(oldPassword, queryResult.password)){
var tokenValidates = speakeasy.totp.verify({
secret: queryResult.secret_key,
token: dynamicPassword
});
if(tokenValidates){
var hashedPassword = passwordHash.generate(newPassword,{algorithm:"sha512",saltLength:20});
query("UPDATE user SET password = ? WHERE id = ?",[hashedPassword,id])
.then(function(data){
//一切顺利返回用户信息
res.success(data);
}).error(function(err){
res.error(ResultState.SERVER_EXCEPTION_ERROR_CODE, err);
})
}
else{
res.error(ResultState.SERVER_EXCEPTION_ERROR_CODE, "动态密码错误");
}
}
else{
res.error(ResultState.BUSINESS_ERROR_CODE, "密码错误");
}
}).error(function (error) {
module.exports.createUser = function(body, callback) {
if(body.company == null || body.email == null || body.password == null || body.confirmPass == null) {
console.log("Make sure all required fields are filled out.");
console.log("Required fields are: company, email, password, and confirmPass");
callback(true, null);
} else {
var company = body.company;
var email = body.email.toLowerCase().trim();
var password = hashp(body.password);
var confirmPass = body.confirmPass;
var passMatch = hashPass.verify(confirmPass, password);
var description = body.description;
if(!passMatch) {
callback(true, null);
} else {
var newEmployer = new Employer({
company : company,
email : email,
password : password,
description : description
});
newEmployer.save(callback);
}
}
}
app.post('/api/profile/password', authenticate, function(req, res) {
var settings = req.body;
// verify fields
if (!settings.pwdOld || settings.pwdOld.length === 0 ||
!settings.pwdNew || settings.pwdNew.length === 0 ||
!settings.pwdConfirm || settings.pwdConfirm.length === 0 ||
settings.pwdNew !== settings.pwdConfirm) {
res.send(400, 'Incorrect password values.');
return;
}
// verify old password
if (!passwordHash.verify(settings.pwdOld, req.user.password)) {
res.send(400, 'Invalid old password.');
return;
}
if (settings.pwdOld === settings.pwdNew) {
res.send(400, 'New password is the same as old one.');
return;
}
repository.setAccountPassword(req.user.id, settings.pwdNew, function (err, hash) {
if (err || !hash) {
res.send(400, 'Error setting password.');
return;
}
req.user.password = hash;
res.send(200, 'Password has been successfully changed.');
});
});
User.findOne({ email: req.body.email }, function(err, doc) {
if (err) {
return res.status(400).json({
title: 'An error occured',
error: err
});
}
if (!doc) {
return res.status(400).json({
title: 'An error occured',
error: 'User not found'
});
}
if (!passwordHash.verify(req.body.password, doc.password)) {
return res.status(404).json({
title: 'Validation Error',
error: 'Invalid password'
});
}
var token = jwt.sign({user: doc}, 'secret', {expiresIn: Date.now() + 1});
res.status(200).json({
message: 'Successfully logged in',
token: token,
userName: doc.userName,
userId: doc._id
});
});
}, function(err, user) {
if (err) throw err;
if(err) {
res.status(500).json({error: "Internal server error"});
}
if (!user) {
res.status(500).json({error: "Authentication failed. User not found."});
//res.json({ ok: false, message: 'Authentication failed. User not found.' });
} else if (user) {
// check if password matches
if (!passwordHash.verify(req.body.password, user.password)) {
res.status(500).json({error: "Authentication failed. Wrong password."});
} else {
// if user is found and password is right
// create a token
var token = jwt.sign(user, 'moveon', {
expiresIn: "2d"
});
var expirationDate = moment().add(1,'d').toDate();
// return the information including token as JSON
res.json({
ok: true,
access_token: token,
userName: user.username,
userType: user.type,
salesman: user.salesman,
expires: expirationDate
});
}
}
});
exports.User.prototype.validPassword = function (pw) {
if (typeof (pw) !== 'string' || pw.length === 0) {
return false;
}
return passwordHash.verify(pw, this.PasswordHash);
};
User.findOne({name: user.username}, function(err, doc){
if (err) {
res.send(err);
}
else {
if (doc == null) {
console.log('no trobat');
res.send(req.params.userName + " no és cap user");
}
else {
if (passwordHash.verify(user.password, doc.password)) {
console.log('Login Acceptat');
res.send({authorizationToken: util.tokenizer.generateToken({username: user.username
, grup: doc.grup}),
username: user.username});
}
else {
console.log('envian un 401 de tornada');
res.send(401);
}
}
}
});
query("SELECT id,username,password,secret_key,token,token_create_time FROM user WHERE username=?",[username]).then(function (data) {
var queryResult = data[0][0];
if(data[0] && queryResult && passwordHash.verify(password, queryResult.password)){
var userInfo = {
username:queryResult.username,
//重新生成token
token:speakeasy.generateSecret().base32,
id:queryResult.id
};
//刷新token
query("UPDATE user SET token = ?,token_create_time = ? WHERE id = ?",[userInfo.token, new Date(),userInfo.id])
.then(function(data){
//一切顺利返回用户信息
res.success(userInfo);
return;
}).error(function(err){
res.error(ResultState.SERVER_EXCEPTION_ERROR_CODE, err);
return;
})
}
else{
res.error(ResultState.BUSINESS_ERROR_CODE, "密码错误");
}
}).error(function (error) {
User.findOne({name: user}, function(err, doc){
if (err) {
res.send(err);
}
else {
if (doc == null) {
console.log('no trobat');
res.send(req.params.userName + " no és cap user");
}
else {
if (passwordHash.verify(antiga, doc.password)) {
var query = {name: doc.name};
var update = {password: passwordHash.generate(nova1)};
var options = {new: true};
User.findOneAndUpdate(query, update, options, function(err, user) {
if (err)
console.log(err);
else
res.send({resolucio: 'Contrasenya modificada correctament.'});
});
}
else
res.send({resolucio: 'Contrasenya antiga incorrecte!'});
}
}
});
User.findOne({email: email}, function foundUser(err, user) {
var hasher = require("password-hash");
if (err) return next(err);
if (user && hasher.verify(password, user.password)) {
req.session.user = user;
// Fetch character
Characters.findOne({id:req.session.user.character_id}, function(err, chrctr) {
if (err) return next(err);
if (chrctr) {
req.session.character = chrctr;
Item.query("SELECT Item.id, Item.name FROM Item INNER JOIN Inventory ON Inventory.item_id = Item.id INNER JOIN Characters ON Characters.weapon_item = Inventory.id AND Characters.id = " + req.session.user.character_id + " WHERE Characters.weapon_item = " + req.session.character.weapon_item, function(err, weapon) {
if (err) return next(err);
console.log("...............__:_:_:_:::::.....");
console.log(weapon[0]);
if (weapon[0] !== undefined) {
req.session.equipped = weapon[0].id;
console.log(req.session);
return res.redirect('/');
} else {
return res.redirect('/');
}
});
}
});
} else {
req.session.message = 'Your email or password is incorrect!';
req.session.message_page = '/user/login';
return res.redirect('/user/login');
}
});
verify: function(password, hash) {
if (hash.match(/^a15/)) {
// bc with Apostrophe 1.5 hashed passwords. The salt is
// implemented differently, it's just prepended to the
// password before hashing. Whatever createHmac is doing
// in the password-hash module, it's not that. Fortunately
// it isn't hard to do directly
var components = hash.split(/\$/);
if (components.length !== 3) {
return false;
}
// Allow for a variety of algorithms coming over from A1.5
var hashType = components[0].substr(3);
var salt = components[1];
var hashed = components[2];
try {
var shasum = crypto.createHash(hashType);
shasum.update(salt + password);
var digest = shasum.digest('hex');
return (digest === hashed);
} catch (e) {
console.log(e);
return false;
}
} else {
return passwordHash.verify(password, hash);
}
}
confirm: function(callback) {
// confirm oldPassword matches what's in the DB
if (!passwordHash.verify(oldPassword, person.password)) {
return callback(__('Old password was incorrect'));
}
return callback(null);
},
function(err, result) {
if(err) {
done();
console.error(err);
res.sendStatus(406).end();
}else if(!result || result.rows.length === 0) {
done();
res.sendStatus(404).end();
}else {
var hashpass = '******' + result.rows[0].salt + '$1$' + result.rows[0].pass;
// If authorized
if(passHash.verify(req.body.pass, hashpass)) {
client.query('INSERT INTO group_posts (groupname, username, text, timestamp) VALUES (\'' +
req.body.groupname + '\', \'' + req.body.username + '\', \'' + req.body.text + '\', \'' + req.body.timestamp + '\');',
function(err, result) {
done();
// If error, send client error
if(err) {
console.log(err);
res.sendStatus(406).end();
// Else, return Created
} else {
res.sendStatus(202).end();
}
});
}else {
done();
res.sendStatus(403).end();
}
}
});
db.query(sql, function(err, rows, fields){
if(passwordHash.verify(pass,rows[0].pass)){
defer.resolve(true).promise();
} else {
defer.resolve(false).promise();
}
});
.then(function(user){
if(user){
if(!passwordHash.verify(password, user.password)){
res.status(400).json({error: 'Bạn nhập mật khẩu sai'});
}else{
var today = moment();
var today_token_expire = moment().add(Config.request_timeout,'minutes');
var token_login = uuid.v4();
models.users.update({
token_login: token_login,
last_login_at: today.format('YYYY-MM-DD HH:mm:ss'),
token_expire_at: today_token_expire.format('YYYY-MM-DD HH:mm:ss')
}, {
where: {email: email}
})
.then(function(modelsUpdated){
if(modelsUpdated){
res.json({email: email, token: token_login, token_expire: today_token_expire});
}
})
}
}else{
res.status(400).json({error: 'Bạn nhập email hay mật khẩu sai'});
}
})
}, function (err, found) {
if (err) {
throw err.$animate
}
if (!found) {
res.render('settings/settings', {
prompt: 'Error',
session: req.session
});
} else {
var hashed = found['password'];
if (passwordHash.verify(req.body.pass, hashed)) {
users.update({
'username': username
}, {
$set: {
password: newpass
}
});
res.render('settings/settings', {
prompt: "updated",
session: req.session,
});
} else {
res.render('settings/settings', {
prompt: "Incorrect Password",
session: req.session
});
}
}
});
pm.authGet(pid, app.app, function(err, auth){
if(err) logger.warn("error fetching ",pid,err);
console.log(auth);
// also allowing here a mistaken registration w/ the same user and pass to just succeed like a normal login, be nice
if(auth && pwhash.verify(pass, auth.password)) return cbAuthed(null, auth);
// registration flow check
if(req.path.indexOf("register") > 0)
{ // we must error out if the pid exists already in a registration flow
if(auth) return res.json(lutil.jsonErr("user already exists"), 403);
// new auth!
auth = auther();
auth.registered = Date.now();
return cbAuthed(null, auth);
}
if(req.path.indexOf("set") > 0)
{
if(app.secret !== req.param('client_secret')) return res.json(lutil.jsonErr("app not verified"), 401);
// app-forced password set
auth = auther();
auth.set = Date.now();
return cbAuthed(null, auth);
}
res.json(lutil.jsonErr("login failed"), 401);
});
}).then(function(users) {
if (users.length > 0) {
var hasher = require("password-hash");
if (hasher.verify(password, users[0].password)) {
var remember_me = 'yes';//req.param("remember_me");
if (remember_me == 'yes') {
var token = [users[0].id, require('crypto').createHash('sha512').update(users[0].password).digest('hex')].join('$');
res.cookie('remember_token', token, {httpOnly: true });
}
util.login_as({
user: users[0],
req: req,
res: res
});
util.redirect_back_or_default({
'default': '/',
req: req,
res: res
});
} else {
req.options.err= sails.__("errors")['messages']['current_password_no_match'];
res.view('session/new');
}
} else {
req.options.err="Wrong User Or Password";
res.view('session/new');
}
}).catch(function(err) {
UserSchema.methods.verify_password = function(given_password){
if(password_hash.verify(given_password, this.password)){
return true;
}
return false;
};
User.findOne({email: req.body.email}, function(err, doc) {
if (err) {
return res.status(400).json({
title: 'An error occurred',
error: err
});
}
if (!doc) {
return res.status(404).json({
title: 'User Not Found!',
error: { message: 'Sorry, we could not find that user.' }
});
}
if (!passwordHash.verify(req.body.password, doc.password)) {
return res.status(400).json({
title: 'Could Not Sign You In!',
error: {message: 'Please check the password you entered.'}
});
}
var token = jwt.sign({user: doc}, 'secret', {expiresIn: 7200});
res.status(200).json({
message: 'Success',
token: token,
userId: doc._id
});
});
User.findOne({email: req.body.email}, function(err, doc) {
if (err) {
return res.status(404).json({ // need to return to stop execution
title: 'An error occurred',
error: err // contains a message inside of the err object
});
}
if (!doc) {
return res.status(404).json({ // need to return to stop execution
title: 'No User found',
error: {message: 'User could not be found'}
});
}
// Verify password
if (!passwordHash.verify(req.body.password, doc.password)) {
return res.status(404).json({ // need to return to stop execution
title: 'Could not sign you in',
error: {message: 'Invalid credentials'}
});
}
// Correct password, create web token
var token = jwt.sign({user: doc}, 'secret', {expiresIn: 7200}); // Expires in 2 hours
res.status(200).json({
message: 'Success',
obj: token,
userId: doc._id
});
});
}, function (err, found) {
if (err) {
throw err.$animate
}
if (!found) {
res.render('login', {
cookie: cookie,
title: 'Login',
prompt: 'Input your credentials below!',
error: "username",
session: req.session
});
} else {
var hashed = found['password'];
if (passwordHash.verify(password, hashed)) {
req.session.id = found["_id"];
req.session.user = found["username"];
req.session.loggedin = true;
cookie = true;
res.redirect("/home");
} else {
res.render('login', {
cookie: cookie,
title: 'Login',
prompt: "Input your credentials below!",
error: "matching",
session: req.session
});
}
}
});