}, function (req, res, next) {
var form = req.body;
if (!validator.isEmail(form['email'])) {
res.json({'status': '422', 'message':'Email address invalid'});
}
form['email'] = validator.normalizeEmail(form['email']);
form['message'] = validator.escape(form['message']);
next();
}, function (req, res, next) {
auth.post('/api/auth/signInWithEmail', bodyParser, async (ctx) => {
const {email, path} = ctx.request.body;
if (!validator.isIn(path, ['/', '/users/me']) // hard-code white-list redirect paths
|| !validator.isEmail(email)) {
ctx.throw(400);
}
const emailToken = base58.encode(crypto.randomBytes(16));
if (!emailTokenCache.set(emailToken, {email: validator.normalizeEmail(email), path})) {
ctx.throw(500);
}
const cbUrl = `${process.env.HOST_URL}/et/${emailToken}`;
sparkPost.transmissions.send({
transmissionBody: {
content: {
from: {
name: "cutlog",
email: "*****@*****.**"
},
subject: 'e-mail sign-in',
reply_to: 'Amit Portnoy <*****@*****.**>',
text: `
Sign-in to cutlog with the following link:
${cbUrl}
`,
html: `
<div>Sign-in to cutlog with the following link:
<br><br>
<a href="${cbUrl}">${cbUrl}</a>
</div>
`
},
recipients: [{address: {email}}]
}
}, function (err, res) {
if (err) {
console.log('Whoops! Something went wrong');
console.error(err);
} else {
console.log(res.body);
}
});
// next if anyone calls /et/<emailToken> before exp it will be redirected to path
console.log('passwordless sent: ' + emailToken);
ctx.status = 202; //(Accepted)
});
getUser: function (email, password, done) {
var username = validator.normalizeEmail(email);
User.findByUsername(username, function (err, user) {
if(err) return done(err);
if(!user) return done();
user.validatePassword(password, function (err, valid) {
if(err) return done(err);
if(!valid) return done();
done(null, {
id: user.id
});
});
});
},
function(err, results) {
if (err) {
next(err);
} else {
var document = results[0];
var bridges = results[1];
if (document) {
if ( ! hasPermissionToEdit( req.user, document )) {
res.status(500);
next(new Error('No permission to edit that user.'));
return;
} else {
if (document.email)
document.gravatar = crypto.createHash('md5').update(validator.normalizeEmail(document.email)).digest("hex");
if (req.user._id.equals(document._id))
document.pronouned = "me";
else
document.pronouned = document.name;
if (document.birthday) {
document.formattedBirthday = moment(new Date(document.birthday)).format('MMMM D, YYYY');
}
res.format({
html: function(){
console.log(document);
res.render('user/edit', { userId: req.params.id,
user: req.user,
bridges: bridges,
script: "user/profile",
person: document,
whyVisible: "Visible to you because " + hasPermissionToView( req.user, document ),
editable: hasPermissionToEdit(req.user, document),
title: 'Profile' } );
},
});
}
}
else {
res.status(404).json({});
}
}
});
return new Promise((resolve, reject) => {
let newUser = _newUser;
newUser = {
firstname: newUser.firstname || undefined,
lastname: newUser.lastname || undefined,
gender: newUser.gender || undefined,
birt: new Date(`${newUser.birthMonth}/${newUser.birthDay}/${newUser.birthYear}`) != 'Invalid Date' || undefined,
username: validator.escape(newUser.username.trim()),
email: validator.escape(newUser.email.trim()),
password1: newUser.password1,
password2: newUser.password2,
legals: newUser.legals,
about: newUser.about || undefined,
country: newUser.country || undefined,
error: [],
};
if (newUser.username.length === 0 ||
newUser.username.length < 3 ||
newUser.username.length > 40) {
newUser.error.push('Check username length');
} else {
newUser.username = newUser.username.toLowerCase();
}
if (!validator.isEmail(newUser.email)) {
newUser.error.push('Use a valid Email');
} else {
newUser.email = validator.normalizeEmail(newUser.email, {
lowercase: true,
remove_dots: true,
remove_extension: true,
});
}
if (newUser.password1 !== newUser.password2) {
newUser.error.push('The passwords must be equal');
}
if (newUser.password1.length < 8) {
newUser.error.push('The password needs to be 8 characters at least');
}
// (newUser.error.length) ? reject(newUser.error) : resolve(newUser)
resolve(newUser);
});
create: function (req, res, next) {
var email = req.body.email || '',
emailCheck = validator.isEmail(email),
password = req.body.password || '',
passwordCheck = validator.isLength(password, {min: 6, max: 60}),
firstName = validator.whitelist(req.body.first_name, 'a-zA-Zа-яА-ЯёЁ') || '',
firstNameCheck = validator.isLength(firstName, {min: 2, max: 60});
/* secondName = validator.whitelist(req.body.secondName, 'a-zA-Zа-яА-ЯёЁ') || '',
middleName = validator.whitelist(req.body.middleName, 'a-zA-Zа-яА-ЯёЁ') || '';*/
if (emailCheck && passwordCheck && firstNameCheck) {
email = validator.normalizeEmail(email);
UsersModel.findOne({email: email}, function (error, data) {
if (error) return Response.error(res, 500, error);
if (data) {
//Пользователь существует
Response.warning(res, 2, {user: 1});
} else {
var passwordSalt = AuthHelpers.getSalt();
password = AuthHelpers.encryptPassword(password, passwordSalt);
UsersModel.create({
email: email,
firstName: firstName,
password: password,
passwordSalt: passwordSalt
}, function (error, data) {
if (error) Response.error(res, 500, error);
Response.success(res, data);
});
}
});
} else {
Response.warning(res, 1, {
email: email,
emailCheck: emailCheck,
password: password,
passwordCheck: passwordCheck,
firstName: firstName,
firstNameCheck: firstNameCheck
});
}
},
function validateSignup(firstname, lastname, username, email, password) {
if (validator.isNull(firstname) ||
validator.isNull(lastname) ||
validator.isNull(username) ||
validator.isNull(email) ||
validator.isNull(password)) {
console.log("One or more of the fields is/are NULL");
return false;
}
firstname = validator.trim(firstname);
lastname = validator.trim(lastname);
var name = validator.trim(firstname + lastname);
if (!validator.isAlpha(name)) {
console.log("name: " + name + " is alpha? " + validator.isAlpha(name));
return false;
}
username = validator.trim(username);
if (!validator.isAlphanumeric(username)) {
console.log("username: "******" is alphanumeric? " + validator.isAlphanumeric(username));
return false;
}
email = validator.normalizeEmail(email);
if (!validator.isEmail(email)) {
console.log("email: " + email + " is email? " + validator.isEmail(email));
return false;
}
// TODO: check if email already exists
// done on the front end
if ((!validator.isAlphanumeric(password)) && (password.length > 3)) {
console.log("password: "******" is alphanumeric? " + validator.isAlphanumeric(password) + " length is greater than 3? " + password.length > 3);
return false;
}
console.log("No errors!");
return true;
}
}, (email, password, done) => {
//Clean input
validator.escape(email);
validator.escape(password);
if (!validator.isEmail(email)) return done(null, false, { message: 'Not a valid email address' });
validator.normalizeEmail(email);
//Check if user exists
User.findUser(email, (exists, err) => {
if (!exists) {
//User does not exist, exit
console.log('USER DOESNT EXIST: ' + email);
return done(null, false, { message: 'User does not exist' })
} else {
console.log('SIGNING IN USER' + email)
//User exists, check if password is valid
const user = new User(email, password);
user.checkValidPassword(password, (isValidPass, err) => {
if (!err) {
if (isValidPass) {
console.log("AUTHENTICATED");
return done(null, user);
} else {
return done(null, false, { message: 'Invalid Password' });
}
}
});
}
});
}));
it('should include new email', function () {
user.should.have.property('email');
validator.normalizeEmail(user.email).should.equal( validator.normalizeEmail(updatedData.email) );
});
function(err, connection){
if (err) {
return cb(err);
}
console.log("\n[DB] Connected to database !\n");
connection.execute(
'insert into SITEUSERS ( ' +
' user_email, ' +
' user_password, ' +
' user_role, ' +
' user_firstname, '+
' user_lastname '+
') ' +
'values (' +
' :user_email, ' +
' :user_password, ' +
' \'BASE\', ' +
' :user_firstname, '+
' :user_lastname '+
') ' +
'returning ' +
' user_id, ' +
' user_email, ' +
' user_role, ' +
' user_firstname, '+
' user_lastname '+
'into ' +
' :user_rid, ' +
' :user_remail, ' +
' :user_rrole, '+
' :user_rfirstname, '+
' :user_rlastname'
,
{
user_email: validator.normalizeEmail(user.user_email),
user_firstname: user.user_firstname,
user_password: user.hashedPassword,
user_lastname:user.user_lastname,
user_rid: {
type: oracledb.NUMBER,
dir: oracledb.BIND_OUT
},
user_remail: {
type: oracledb.STRING,
dir: oracledb.BIND_OUT
},
user_rrole: {
type: oracledb.STRING,
dir: oracledb.BIND_OUT
},
user_rfirstname: {
type: oracledb.STRING,
dir: oracledb.BIND_OUT
},
user_rlastname: {
type: oracledb.STRING,
dir: oracledb.BIND_OUT
}
},
{
autoCommit: true
},
function(err, results){
if (err) {
connection.release(function(err) {
if (err) {
console.error(err.message);
}
});
return cb(err);
}
cb(null, {
user_id: results.outBinds.user_rid[0],
user_email: results.outBinds.user_remail[0],
role: results.outBinds.user_rrole[0],
user_firstname: results.outBinds.user_rfirstname[0],
user_lastname: results.outBinds.user_rlastname[0]
});
connection.release(function(err) {
if (err) {
console.error("[DB] " + err.message);
} else {
console.log("\n[DB] Disconnected from the database !\n");
}
});
});
}
users.forEach( function(user) {
if (user.email)
user.gravatar = crypto.createHash('md5').update(validator.normalizeEmail(user.email)).digest("hex");
});
function(err, results) {
if (err) {
next(err);
} else {
var document = results[0];
var bridges = results[1];
if (document) {
if ( ! hasPermissionToEdit( req.user, document )) {
res.status(403);
next(new Error('No permission to access other users.'));
return;
} else {
if (req.user._id.toString() == id)
document.pronouned = "me";
else
document.pronouned = document.name;
var hash = {};
if (req.body.displayName)
document.displayName = hash.displayName = validator.toString(req.body.displayName);
else
document.displayName = hash.displayName = '';
if (req.body.visibility)
if (validator.isIn(req.body.visibility, ["none", "users", "everyone"]))
document.visibility = hash.visibility = req.body.visibility;
if ((req.body.email) && (validator.isEmail(req.body.email)))
document.email = hash.email = validator.normalizeEmail(req.body.email);
else
document.email = hash.email = '';
if ((req.body.website) && (validator.isURL(req.body.website)))
document.website = hash.website = req.body.website;
else
document.website = hash.website = '';
if (req.body.birthday)
document.birthday = hash.birthday = validator.toDate(req.body.birthday);
else
document.birthday = '';
if (document.birthday) {
document.formattedBirthday = moment(new Date(document.birthday)).format('MMMM D, YYYY');
}
if (req.body.biography)
document.biography = hash.biography = validator.toString(req.body.biography);
else
document.biography = hash.biography = '';
if (req.body.location)
document.location = hash.location = validator.toString(req.body.location);
if (document.email)
document.gravatar = crypto.createHash('md5').update(validator.normalizeEmail(document.email)).digest("hex");
// Only superusers can edit flags
if (req.user.superuser) {
if (req.body.isInstructor)
document.isInstructor = hash.isInstructor = true;
else
document.isInstructor = hash.isInstructor = false;
if (req.body.isAuthor)
document.isAuthor = hash.isAuthor = true;
else
document.isAuthor = hash.isAuthor = false;
if (req.body.isGuest)
document.isGuest = hash.isGuest = true;
else
document.isGuest = hash.isGuest = false;
if (req.body.superuser)
document.superuser = hash.superuser = true;
else
document.superuser = hash.superuser = false;
}
mdb.User.update( {_id: new mongo.ObjectID(id)}, {$set: hash},
function(err, d) {
if (err)
res.send(500);
else {
res.render('user/profile', { userId: req.params.id,
user: req.user,
updated: true,
bridges: bridges,
script: "user/profile",
person: document,
editable: true,
title: 'Profile' } );
}
});
}
}
else {
res.status(404).json({});
}
}
});
function(err, results) {
if (err) {
next(err);
} else {
var document = results[0];
var bridges = results[1];
if (!document) {
res.status(404).render('404', { status: 404, url: req.url });
return;
}
var viewerPermission = hasPermissionToView( req.user, document );
if ( ! viewerPermission ) {
next(new Error('No permission to access other users.'));
return;
} else {
// Add one view to the count of profileViews
mdb.User.update({_id: new mongo.ObjectID(id)},
{ $inc: { profileViews: 1 } });
if (document.email)
document.gravatar = crypto.createHash('md5').update(validator.normalizeEmail(document.email)).digest("hex");
if (document.birthday) {
document.formattedBirthday = moment(new Date(document.birthday)).format('MMMM D, YYYY');
}
if (req.user._id.equals(document._id))
document.pronouned = "me";
else
document.pronouned = document.name;
if (!hasPermissionToEdit(req.user, document)) {
document.googleOpenId = undefined;
document.courseraOAuthId = undefined;
document.githubId = undefined;
document.twitterOAuthId = undefined;
document.apiKey = "";
document.apiSecret = "";
document.password = "";
}
res.format({
html: function(){
res.render('user/profile', { userId: req.params.id,
user: req.user,
script: "user/profile",
person: document,
bridges: bridges,
whyVisible: "Visible to you because " + viewerPermission,
editable: hasPermissionToEdit(req.user, document),
title: 'Profile' } );
},
json: function(){
res.json(document);
}
});
}
}
});
normalizeEmail: function (str, options) {
return validator.normalizeEmail(str, typeof options === 'object' ? options : undefined);
},
module.exports.cleanseEmail = function(email) {
if ( typeof email !== 'string' || !(v.isEmail(email)) ) {
return '';
}
return v.normalizeEmail(email);
};