router.use('/', function (req, res, next) {
if(req.session.userId) {
UserModel.findById(req.session.userId).then(function (user) {
req.current_user = user;
next();
});
} else {
console.log("Using empty user");
req.current_user = UserModel.build({});
next();
}
});
app.get('/:user', function (req, res) {
models.User.find(parseInt(req.params.user, 10)).success(function (user) {
if (!user) {
return res.send(404);
}
user.getPhotoes().success(function (photos) {
var data = {
user: user,
photos: photos
};
res.format({
html: function () {
res.render('users/show', data);
},
json: function () {
delete data.user.singlyAccessToken;
res.json(data);
}
});
});
});
});
app.get('/', function (req, res) {
var offset = 0;
var limit = 25;
if (req.param('offset')) {
offset = req.param('offset');
}
if (req.param('limit')) {
limit = req.param('limit');
}
models.User.count().success(function (count) {
models.User.findAll({ offset: 0, limit: 25 }).success(function (users) {
var data = {
users: users,
count: count
};
res.format({
html: function () {
res.render('users/index', data);
},
json: function () {
// TODO: Sanitize for singlyAccessToken
res.json(data);
}
});
});
});
});
action: function * (req, res, next) {
let limit = req.query.limit || ITEMS_PER_PAGE
if (limit > ITEMS_PER_PAGE) limit = ITEMS_PER_PAGE
const username = req.params.username
const users = yield User.filter({ username }).run()
const user = users.pop()
if (!user) return res.status(404).json({message: 'User not found'})
const data = yield Comment.getJoin({ author: true, tutorial: true })
.filter({ authorId: user.id })
.pluck(
'id',
'contentHtml',
'createdAt',
'updatedAt',
{ author: ['id', 'username', 'fullName'] },
{ tutorial: ['id', 'title'] }
)
.orderBy(r.desc('createdAt'))
.limit(limit)
.execute()
res.json(data)
}
export function destroyUserHandler(req, res) {
if (req.user) {
const userId = req.user.id;
Task.findAll({
where: {userId},
}).then(tasks => {
tasks.forEach(task => {
task.destroy();
});
});
Label.findAll({
where: {userId},
}).then(labels => {
labels.forEach(label => {
label.destroy();
});
});
User.findById(userId).then(user => {
user.destroy();
});
req.logout();
}
res.redirect('/');
}
it('should be chainable', function() {
var u = User.build({
email: '*****@*****.**'
});
expect(u.resetPassword()).to.equal(u);
});
it('should alter pwtoken', function() {
var u = User.build({
email: '*****@*****.**'
});
u.resetPassword();
expect(u.pwtoken).to.not.equal(null);
});
module.exports = function (req, res, next) {
if (req.session && req.session.uid) {
User.findById(req.session.uid, function (err, user) {
req._user = user;
res.locals._user = user;
next();
});
} else {
res.locals._user = false;
next();
}
}
sessions.post('/new', function (req, res, next) {
var email = req.body.email;
var password = req.body.password;
User.signin(email, password, function (err, user) {
if (err) return next(err);
req.session.uid = user._id;
res.redirect('/');
});
});
function getCourseList (req, res) {
if (!req.session.user) {
res.json({ status : 'NOT_AUTHENTICATED',
message : 'User not authenticated' });
}
else {
var user = User.deserialize(req.session.user);
user.getCourseList()
.then(function (list) {
res.json(list);
});
}
};
describe('sha256 functionality', function() {
var pw = 'test';
var u = User.build({
salt: 'aaa',
digest: 'e3MjCoP7Oui8bQ+BK+2wWIRmq/OApZ8nXNuv6Kt6qiw='
});
it('should promise-return true for a correct password', function() {
expect(u.checkPassword(pw)).to.eventually.equal(true);
});
it('should promise-return false for an incorrect password', function() {
expect(u.checkPassword(pw + '555')).to.eventually.equal(false);
});
});
describe('bcrypt functionality', function() {
var pw = 'testing-pw';
var u = User.build();
before(function() {
return u.setPassword(pw);
});
it('should promise-return true for a correct password', function() {
expect(u.checkPassword(pw)).to.eventually.equal(true);
});
it('should promise-return false for an incorrect password', function() {
expect(u.checkPassword(pw + '555')).to.eventually.equal(false);
});
});
models.User.count().success(function (count) {
models.User.findAll({ offset: 0, limit: 25 }).success(function (users) {
var data = {
users: users,
count: count
};
res.format({
html: function () {
res.render('users/index', data);
},
json: function () {
// TODO: Sanitize for singlyAccessToken
res.json(data);
}
});
});
});
action: function * (req, res, next) {
let limit = req.query.limit || ITEMS_PER_PAGE
if (limit > ITEMS_PER_PAGE) limit = ITEMS_PER_PAGE
const data = yield User.pluck(
'id',
'username',
'fullName',
'createdAt',
'updatedAt',
'tutorialsCount',
'commentsCount',
'role'
)
.orderBy(r.desc('createdAt'))
.limit(limit)
.execute()
res.json(data)
}
action: function * (req, res, next) {
const { email, password, fullName } = req.body
const username = req.params.username
const users = yield User.filter({ username })
.pluck(
'id',
'username',
'password',
'fullName',
'createdAt',
'updatedAt',
'role'
).run()
const user = users.pop()
if (!user) return res.status(404).json({message: 'User not found'})
const data = yield user.merge({ fullName, email, password }).save()
delete data.password
res.json(data)
}
it('should use bcrypt', function() {
var u = User.build();
return u.setPassword('testing-string').then(function() {
expect(u.digest).to.match(/^\$2/);
});
});
it('should alter digest', function() {
var u = User.build();
return u.setPassword('testing-string').then(function() {
expect(u.digest).to.not.equal(null);
});
});
it('should resolve to user object', function() {
var u = User.build();
expect(u.setPassword('testing-string')).to.eventually.equal(u);
});
authenticate(req, res) {
if (req.body && req.body.user) {
var user = req.body.user
if (user.username && user.password) {
User.findOne({
where: {
email: user.username,
password: Utility.calculateSecureHash(user.password)
}
}).then(user => {
if (user) {
UserRole.findAll({
where: {
rollNo: user.rollNo
},
attributes: ['roleName']
}).then(userRoles => {
user.roles = userRoles.map(role => {
return role.roleName
})
// Token creation may block event loop, not sure BTW.
this.getAccessTokenAsync(user, (err, token) => {
if (err) {
logger.error("Error while creating token for rollNo: " + user.rollNo, err)
res.status(500)
.json({ success: false, error: { code: "SERVER_ERROR" }})
} else {
// Save `token` to database.
AccessToken.create({
token: token,
ttl: config.jwtTTL,
rollNo: user.rollNo
}).then(token => {
res.status(200)
.json({ success: true, token: token.token })
}).catch(err => {
logger.error("Error while saving token to database for rollNo: " + user.rollNo, err)
res.status(500)
.json({ success: false, error: { code: "SERVER_ERROR" }})
})
}
})
}).catch(err => {
logger.error(err)
res.status(500)
.json({ success: false, error: { code: "SERVER_ERROR" }})
})
} else {
res.status(401)
.json({ success: false, error: { code: "INVALID_CREDENTIALS" }})
}
})
} else {
res.status(400)
.json({ success: false, error: { code: "INVALID_AUTH_REQUEST" }})
}
} else {
res.status(400)
.json({ success: false, error: { code: "INVALID_AUTH_REQUEST" }})
}
}