router.use('/', function (req, res, next) { if(req.session.userId) { UserModel.findById(req.session.userId).then(function (user) { req.current_user = user; next(); }); } else { console.log("Using empty user"); req.current_user = UserModel.build({}); next(); } });
app.get('/:user', function (req, res) { models.User.find(parseInt(req.params.user, 10)).success(function (user) { if (!user) { return res.send(404); } user.getPhotoes().success(function (photos) { var data = { user: user, photos: photos }; res.format({ html: function () { res.render('users/show', data); }, json: function () { delete data.user.singlyAccessToken; res.json(data); } }); }); }); });
app.get('/', function (req, res) { var offset = 0; var limit = 25; if (req.param('offset')) { offset = req.param('offset'); } if (req.param('limit')) { limit = req.param('limit'); } models.User.count().success(function (count) { models.User.findAll({ offset: 0, limit: 25 }).success(function (users) { var data = { users: users, count: count }; res.format({ html: function () { res.render('users/index', data); }, json: function () { // TODO: Sanitize for singlyAccessToken res.json(data); } }); }); }); });
action: function * (req, res, next) { let limit = req.query.limit || ITEMS_PER_PAGE if (limit > ITEMS_PER_PAGE) limit = ITEMS_PER_PAGE const username = req.params.username const users = yield User.filter({ username }).run() const user = users.pop() if (!user) return res.status(404).json({message: 'User not found'}) const data = yield Comment.getJoin({ author: true, tutorial: true }) .filter({ authorId: user.id }) .pluck( 'id', 'contentHtml', 'createdAt', 'updatedAt', { author: ['id', 'username', 'fullName'] }, { tutorial: ['id', 'title'] } ) .orderBy(r.desc('createdAt')) .limit(limit) .execute() res.json(data) }
export function destroyUserHandler(req, res) { if (req.user) { const userId = req.user.id; Task.findAll({ where: {userId}, }).then(tasks => { tasks.forEach(task => { task.destroy(); }); }); Label.findAll({ where: {userId}, }).then(labels => { labels.forEach(label => { label.destroy(); }); }); User.findById(userId).then(user => { user.destroy(); }); req.logout(); } res.redirect('/'); }
it('should be chainable', function() { var u = User.build({ email: '*****@*****.**' }); expect(u.resetPassword()).to.equal(u); });
it('should alter pwtoken', function() { var u = User.build({ email: '*****@*****.**' }); u.resetPassword(); expect(u.pwtoken).to.not.equal(null); });
module.exports = function (req, res, next) { if (req.session && req.session.uid) { User.findById(req.session.uid, function (err, user) { req._user = user; res.locals._user = user; next(); }); } else { res.locals._user = false; next(); } }
sessions.post('/new', function (req, res, next) { var email = req.body.email; var password = req.body.password; User.signin(email, password, function (err, user) { if (err) return next(err); req.session.uid = user._id; res.redirect('/'); }); });
function getCourseList (req, res) { if (!req.session.user) { res.json({ status : 'NOT_AUTHENTICATED', message : 'User not authenticated' }); } else { var user = User.deserialize(req.session.user); user.getCourseList() .then(function (list) { res.json(list); }); } };
describe('sha256 functionality', function() { var pw = 'test'; var u = User.build({ salt: 'aaa', digest: 'e3MjCoP7Oui8bQ+BK+2wWIRmq/OApZ8nXNuv6Kt6qiw=' }); it('should promise-return true for a correct password', function() { expect(u.checkPassword(pw)).to.eventually.equal(true); }); it('should promise-return false for an incorrect password', function() { expect(u.checkPassword(pw + '555')).to.eventually.equal(false); }); });
describe('bcrypt functionality', function() { var pw = 'testing-pw'; var u = User.build(); before(function() { return u.setPassword(pw); }); it('should promise-return true for a correct password', function() { expect(u.checkPassword(pw)).to.eventually.equal(true); }); it('should promise-return false for an incorrect password', function() { expect(u.checkPassword(pw + '555')).to.eventually.equal(false); }); });
models.User.count().success(function (count) { models.User.findAll({ offset: 0, limit: 25 }).success(function (users) { var data = { users: users, count: count }; res.format({ html: function () { res.render('users/index', data); }, json: function () { // TODO: Sanitize for singlyAccessToken res.json(data); } }); }); });
action: function * (req, res, next) { let limit = req.query.limit || ITEMS_PER_PAGE if (limit > ITEMS_PER_PAGE) limit = ITEMS_PER_PAGE const data = yield User.pluck( 'id', 'username', 'fullName', 'createdAt', 'updatedAt', 'tutorialsCount', 'commentsCount', 'role' ) .orderBy(r.desc('createdAt')) .limit(limit) .execute() res.json(data) }
action: function * (req, res, next) { const { email, password, fullName } = req.body const username = req.params.username const users = yield User.filter({ username }) .pluck( 'id', 'username', 'password', 'fullName', 'createdAt', 'updatedAt', 'role' ).run() const user = users.pop() if (!user) return res.status(404).json({message: 'User not found'}) const data = yield user.merge({ fullName, email, password }).save() delete data.password res.json(data) }
it('should use bcrypt', function() { var u = User.build(); return u.setPassword('testing-string').then(function() { expect(u.digest).to.match(/^\$2/); }); });
it('should alter digest', function() { var u = User.build(); return u.setPassword('testing-string').then(function() { expect(u.digest).to.not.equal(null); }); });
it('should resolve to user object', function() { var u = User.build(); expect(u.setPassword('testing-string')).to.eventually.equal(u); });
authenticate(req, res) { if (req.body && req.body.user) { var user = req.body.user if (user.username && user.password) { User.findOne({ where: { email: user.username, password: Utility.calculateSecureHash(user.password) } }).then(user => { if (user) { UserRole.findAll({ where: { rollNo: user.rollNo }, attributes: ['roleName'] }).then(userRoles => { user.roles = userRoles.map(role => { return role.roleName }) // Token creation may block event loop, not sure BTW. this.getAccessTokenAsync(user, (err, token) => { if (err) { logger.error("Error while creating token for rollNo: " + user.rollNo, err) res.status(500) .json({ success: false, error: { code: "SERVER_ERROR" }}) } else { // Save `token` to database. AccessToken.create({ token: token, ttl: config.jwtTTL, rollNo: user.rollNo }).then(token => { res.status(200) .json({ success: true, token: token.token }) }).catch(err => { logger.error("Error while saving token to database for rollNo: " + user.rollNo, err) res.status(500) .json({ success: false, error: { code: "SERVER_ERROR" }}) }) } }) }).catch(err => { logger.error(err) res.status(500) .json({ success: false, error: { code: "SERVER_ERROR" }}) }) } else { res.status(401) .json({ success: false, error: { code: "INVALID_CREDENTIALS" }}) } }) } else { res.status(400) .json({ success: false, error: { code: "INVALID_AUTH_REQUEST" }}) } } else { res.status(400) .json({ success: false, error: { code: "INVALID_AUTH_REQUEST" }}) } }