exports.addTeamToOrg = function(request, reply) { var orgName = request.params.org; var loggedInUser = request.loggedInUser && request.loggedInUser.name; var teamName = request.payload["team-name"]; var description = request.payload.description; var members = request.payload.member || []; members = Array.isArray(members) ? members : [].concat(members); if (invalidUserName(orgName)) { return handleUserError(request, reply, '/org', "Invalid Org Name."); } if (invalidUserName(teamName)) { return handleUserError(request, reply, '/org/' + orgName + '/team', "Invalid Team Name."); } return Org(loggedInUser) .get(orgName) .then(function() { return Org(loggedInUser) .addTeam({ orgScope: orgName, teamName: teamName, description: description }); }) .then(function() { // add members return members.length ? Team(loggedInUser) .addUsers({ teamName: teamName, scope: orgName, users: members }) : P.resolve(null); }) .then(function() { return reply.redirect('/org/' + orgName + '/team/' + teamName); }) .catch(function(err) { request.logger.error(err); if (err.statusCode === 404) { return reply.view('errors/not-found', err).code(404); } else if (err.statusCode < 500) { return handleUserError(request, reply, '/org', err.message); } else { return reply.view('errors/internal', err); } }); };
exports.getAddTeamPackagePage = function(request, reply) { if (invalidUserName(request.params.org)) { return reply.view('errors/not-found').code(404); } if (invalidUserName(request.params.teamName)) { return reply.view('errors/not-found').code(404); } return exports._handleTeamAdditions(request, reply, 'team/add-package'); };
Joi.validate(data, schema, joiOptions, function (err, value) { if (err) { opts.errors.push(err.details); } if (data.password !== data.verify) { opts.errors.push(new Error("Passwords don't match")); } userValidate.username(data.name) && opts.errors.push(userValidate.username(data.name)); if (opts.errors.length) { timer.end = Date.now(); addLatencyMetric(timer, 'signup-form-error'); addMetric({name: 'signup-form-error'}); return reply.view('user/signup-form', opts); } delSession(value, function (er) { if (er) { return showError(request, reply, 'Unable to set the session for user ' + data.name, 500, er); } signupUser(value, function (er, user) { if (er) { return showError(request, reply, 'Failed to create account', 403, er); } setSession(user, function (err) { if (err) { return showError(request, reply, 'Unable to set the session for user ' + opts.user.name, 500, err); } timer.end = Date.now(); addLatencyMetric(timer, 'signup'); addMetric({name: 'signup'}); return reply.redirect('/profile-edit'); }); }); }); });
req.on('form', function (data) { td.data = data td.hiring = req.model.whoshiring var name = data.name , password = data.password , verify = data.verify , email = data.email , errors = [] if (!name || !password || !verify || !email) { errors.push(new Error('All fields are required')) } else if (password !== verify) { errors.push(new Error("Passwords don't match")) } //colloect other errors userValidate.username(name) && errors.push(userValidate.username(name)) userValidate.pw(password) && errors.push(userValidate.pw(password)) userValidate.email(email) && errors.push(userValidate.email(email)) if (errors && errors.length) { td.errors = errors return res.template('signup-form.ejs', td, 400) } // ok, looks maybe ok. var acct = { name: name, password: password, email: email } req.session.del(function (er) { if (er) return res.error(er) req.couch.signup(acct, function (er, cr, data) { if (er || cr && cr.statusCode >= 400 || data && data.error) { td.error = "Failed creating account. CouchDB said: " + ((er && er.message) || (data && data.error)) return res.template('signup-form.ejs', td, 400) } req.session.set('profile', data, function (er) { if (er) return res.error(er, 500) req.metrics.counter('users>signups') // it worked! now let them add some details return res.redirect('/profile-edit') }) }) }) })
function handle(request, reply) { var opts = { user: request.auth.credentials, hiring: request.server.methods.getRandomWhosHiring() }; var data = request.payload; if (data.selected_name) { return lookupUserByUsername(data.selected_name, request, reply); } if (!data.name_email) { opts.error = "All fields are required"; return reply.view('password-recovery-form', opts).code(400); } var nameEmail = data.name_email.trim(); if (userValidate.username(nameEmail) && userValidate.email(nameEmail)) { opts.error = "Need a valid username or email address"; return reply.view('password-recovery-form', opts).code(400); } // look up the user if (nameEmail.indexOf('@') !== -1) { return lookupUserByEmail(nameEmail, request, reply); } else { return lookupUserByUsername(nameEmail, request, reply); } }
Joi.validate(data, schema, joiOptions, function (err, value) { if (err) { opts.errors.push(err.details); } if (data.password !== data.verify) { opts.errors.push(new Error("Passwords don't match")); } userValidate.username(data.name) && opts.errors.push(userValidate.username(data.name)); if (opts.errors.length) { return reply.view('signup-form', opts); } request.auth.session.clear(); signupUser(value, function (er, user) { if (er) { opts.errors.push(er); return reply.view('signup-form', opts); } var sid = murmurhash.v3(user.name, 55).toString(16); user.sid = sid; request.server.app.cache.set(sid, user, 0, function (err) { if (err) { console.log(err) reply(err); } request.auth.session.set({sid: sid}); return reply().redirect('/profile-edit'); }); }); });
function readUsername (msg, username, opts, isRetry) { if (!msg) msg = 'npm username: '******''}) .then((username) => readUsername(msg, username, opts, true)) }
function handle(request, reply) { var opts = { user: request.auth.credentials, namespace: NAMESPACE }; var data = request.payload; if (data.selected_name) { return lookupUserByUsername(data.selected_name, request, reply); } if (!data.name_email) { opts.error = "All fields are required"; timer.end = Date.now(); metrics.addPageLatencyMetric(timer, 'password-recovery-error'); metrics.addMetric({ name: 'password-recovery-error' }); return reply.view('user/password-recovery-form', opts).code(400); } var nameEmail = data.name_email.trim(); if (userValidate.username(nameEmail) && userValidate.email(nameEmail)) { opts.error = "Need a valid username or email address"; timer.end = Date.now(); metrics.addPageLatencyMetric(timer, 'password-recovery-error'); metrics.addMetric({ name: 'password-recovery-error' }); return reply.view('user/password-recovery-form', opts).code(400); } // look up the user if (nameEmail.indexOf('@') !== -1) { return lookupUserByEmail(nameEmail, request, reply); } else { return lookupUserByUsername(nameEmail, request, reply); } }
function handle(request, reply) { var opts = { }; var data = request.payload; if (data.selected_name) { return lookupUserByUsername(data.selected_name, request, reply); } if (!data.name_email) { opts.error = "All fields are required"; request.timing.page = 'password-recovery-error'; request.metrics.metric({ name: 'password-recovery-error' }); return reply.view('user/password-recovery-form', opts).code(400); } var nameEmail = data.name_email.trim(); if (userValidate.username(nameEmail) && userValidate.email(nameEmail)) { opts.error = "Need a valid username or email address"; request.timing.page = 'password-recovery-error'; request.metrics.metric({ name: 'password-recovery-error' }); return reply.view('user/password-recovery-form', opts).code(400); } // look up the user if (nameEmail.indexOf('@') !== -1) { return lookupUserByEmail(nameEmail, request, reply); } else { return lookupUserByUsername(nameEmail, request, reply); } }
exports.getTeamCreationPage = function(request, reply) { var orgName = request.params.org; var loggedInUser = request.loggedInUser && request.loggedInUser.name; if (invalidUserName(orgName)) { return reply.view('errors/not-found').code(404); } Org(loggedInUser) .get(orgName) .then(function(org) { var currentUserIsAdmin = org.users.items.filter(function(user) { return user.role && user.role.match(/admin/); }).some(function(admin) { return admin.name === loggedInUser; }); if (currentUserIsAdmin) { return reply.view('org/add-team', { org: request.params.org }); } else { return handleUserError(request, reply, '/org/' + orgName, "You do not have access to that page"); } }) .catch(function(err) { request.logger.error(err); if (err.statusCode === 404) { return reply.view('errors/not-found', err).code(404); } else if (err.statusCode < 500) { return handleUserError(request, reply, '/org/' + orgName, err.message); } else { return reply.view('errors/internal', err); } }); };
var invalidURL = referrer.split("/").some(function(path) { return !!invalidUserName(path); });
Joi.validate(data, schema, joiOptions, function (err, value) { if (err) { opts.errors.push(err.details); } if (data.password !== data.verify) { opts.errors.push(new Error("Passwords don't match")); } userValidate.username(data.name) && opts.errors.push(userValidate.username(data.name)); if (opts.errors.length) { return reply.view('signup-form', opts); } var timer = { start: Date.now() }; delSession(value, function (er) { timer.end = Date.now(); addMetric({ name: 'latency', value: timer.end - timer.start, type: 'redis', action: 'delSession' }); if (er) { return showError(request, reply, 'Unable to set the session for user ' + opts.user.name, 500, er); } timer.start = Date.now(); signupUser(value, function (er, user) { timer.end = Date.now(); addMetric({ name: 'latency', value: timer.end - timer.start, type: 'couchdb', action: 'signupUser' }); if (er) { return showError(request, reply, 'Failed to create account', 403, er); } timer.start = Date.now(); setSession(user, function (err) { timer.end = Date.now(); addMetric({ name: 'latency', value: timer.end - timer.start, type: 'redis', action: 'setSession' }); if (err) { return showError(request, reply, 'Unable to set the session for user ' + opts.user.name, 500, err); } addMetric({name: 'signup'}); return reply.redirect('/profile-edit'); }); }); }); });
function subscribeToOrg() { var newUser = planData['new-user']; if (newUser && invalidUserName(newUser)) { var err = new Error("User name must be valid"); request.logger.error(err); return request.saveNotifications([ P.reject(err.message) ]).then(function(token) { var url = '/org/transfer-user-name'; var param = token ? "?notice=" + token : ""; param = param + "&orgScope=" + request.query.orgScope; url = url + param; return reply.redirect(url); }).catch(function(err) { request.logger.error(err); }); } // check if the org name works as a package name var valid = validate('@' + planData.orgScope + '/foo'); if (!valid.errors) { // now check if the org name works on its own valid = validate(planData.orgScope); } if (valid.errors) { return reply.view('org/create', { stripePublicKey: process.env.STRIPE_PUBLIC_KEY, notices: valid.errors }); } Org(loggedInUser) .get(planData.orgScope).then(function() { var err = new Error("Org already exists"); err.isUserError = true; throw err; }).catch(function(err) { if (err.statusCode !== 404) { throw err; } // org doesn't yet exist, transfer user then create org var start = newUser ? User.new(request).toOrg(loggedInUser, newUser) : P.resolve(null); return start.then(function(newUserData) { var setSession = P.promisify(request.server.methods.user.setSession(request)); var delSession = P.promisify(request.server.methods.user.delSession(request)); loggedInUser = newUserData ? newUser : loggedInUser; if (newUserData) { return delSession(request.loggedInUser) .then(function() { request.logger.info("setting session to: " + loggedInUser); return setSession({ name: loggedInUser }); }) } else { return Org(loggedInUser) .create({ scope: planData.orgScope, humanName: planData["human-name"] }); } }).then(function() { planInfo.npm_org = planData.orgScope; return Customer(loggedInUser).createSubscription(planInfo) .tap(function(subscription) { if (typeof subscription === 'string') { request.logger.info("created subscription: ", planInfo); } return new P(function(accept, reject) { User.new(request).dropCache(loggedInUser, function(err) { if (err) { request.logger.error(err); return reject(err); } return accept(); }); }); }).then(function(subscription) { return Customer(loggedInUser).extendSponsorship(subscription.license_id, loggedInUser); }).then(function(extendedSponsorship) { return Customer(loggedInUser).acceptSponsorship(extendedSponsorship.verification_key); }).then(function() { return reply.redirect('/org/' + planData.orgScope); }); }) .catch(function(err) { request.logger.error(err); throw err; }); }).catch(function(err) { request.logger.error(err); if (err.isUserError) { return reply.view('org/create', { stripePublicKey: process.env.STRIPE_PUBLIC_KEY, notices: [err] }); } else if (err.statusCode === 409 && err.message) { return reply.view('org/create', { stripePublicKey: process.env.STRIPE_PUBLIC_KEY, inUseError: true, orgScope: planData.orgScope, humanName: planData["human-name"], notices: [err] }); } else { return reply.view('errors/internal', err).code(500); } }); }
members = members.filter(function(member) { return !invalidUserName(member); });
exports.showTeam = function(request, reply) { var orgName = request.params.org; var teamName = request.params.teamName; var loggedInUser = request.loggedInUser && request.loggedInUser.name; if (invalidUserName(orgName)) { return handleUserError(request, reply, '/org', "Invalid Org Name."); } if (invalidUserName(teamName)) { return handleUserError(request, reply, '/org/' + orgName + '/team', "Invalid Team Name."); } var perms = {}; return Org(loggedInUser) .get(orgName) .then(function(org) { var isSuperAdmin = org.users.items.filter(function(user) { return user.role && user.role.match(/super-admin/); }).some(function(admin) { return admin.name === loggedInUser; }); var isAtLeastTeamAdmin = org.users.items.filter(function(user) { return user.role && user.role.match(/admin/); }).some(function(admin) { return admin.name === loggedInUser; }); var isAtLeastMember = org.users.items.filter(function(user) { return user.role && (user.role.match(/developer/) || user.role.match(/admin/)); }).some(function(member) { return member.name === loggedInUser; }); perms = { isSuperAdmin: isSuperAdmin, isAtLeastTeamAdmin: isAtLeastTeamAdmin, isAtLeastMember: isAtLeastMember }; request.logger.info(perms); return Team(loggedInUser) .get({ orgScope: orgName, teamName: teamName, detailed: true }); }) .then(function(team) { team.packages.items.forEach(function(pkg) { if (pkg.permissions === 'write') { pkg.canWrite = true; } if (pkg.access === 'restricted') { pkg.private = true; } }); team.users.items.forEach(function(usr) { usr.avatar = avatar(usr.email); }); return reply.view('team/show', { teamName: team.name, description: team.description, orgName: orgName, members: team.users, packages: team.packages, perms: perms, }); }) .catch(function(err) { request.logger.error(err); if (err.statusCode === 404) { return reply.view('errors/not-found', err).code(404); } else if (err.statusCode < 500) { return handleUserError(request, reply, '/org/' + orgName, err.message); } else { return reply.view('errors/internal', err); } }); };
Joi.validate(data, schema, joiOptions, function(err, validatedUser) { var opts = { errors: [] }; if (err) { opts.errors = err.details; } if (validatedUser.password !== validatedUser.verify) { opts.errors.push({ message: new Error("passwords don't match").message }); } userValidate.username(validatedUser.name) && opts.errors.push({ message: userValidate.username(validatedUser.name).message }); Scope().get(validatedUser.name, function(err, userExists) { if (err && err.statusCode != 404) { request.logger.warn('Unable to get user to validate'); return reply.view('errors/internal', opts).code(403); } if (userExists) { opts.errors.push({ message: new Error("username already exists").message }); } if (opts.errors.length) { request.timing.page = 'signup-form-error'; request.metrics.metric({ name: 'signup-form-error' }); // give back the user input so the form can be // partially re-populated opts.userInput = validatedUser; return reply.view('user/signup-form', opts).code(400); } delSession(validatedUser, function(er) { if (er) { request.logger.warn(er); } User.signup(validatedUser, function(er, user) { if (er) { request.logger.warn('Failed to create account.'); return reply.view('errors/internal', opts).code(403); } request.logger.info('created new user ' + user.name); var almostARequest = { auth: { credentials: { name: user.name } } }; if (feature('bypass_email_verify', almostARequest)) { User.confirmEmail(user).then(function() { request.logger.info('Bypassed email verification'); }).catch(function(err) { // This is for test purposes, don't let it block the main use cases. request.logger.error(err); }); } setSession(user, function(err) { if (err) { request.logger.warn('Unable to set the session for new user ' + user.name); // TODO why show an error here? return reply.view('errors/internal', opts).code(500); } request.logger.info('created new user ' + user.name); sendEmail('confirm-user-email', user, request.redis) .then(function() { request.logger.info('emailed new user at ' + user.email); request.timing.page = 'signup'; request.metrics.metric({ name: 'signup' }); return reply.redirect('/profile-edit?new-user=true'); }) .catch(function(er) { var message = 'Unable to send email to ' + user.email; request.logger.error(message); request.logger.error(er); // if we can't send the email, that shouldn't stop the user from // completing the signup process - maybe we should just let // them know? opts.errors.push({ message: message + '. Please try again later.' }); request.timing.page = 'signup'; request.metrics.metric({ name: 'signup' }); return reply.redirect('/profile-edit?new-user=true'); }); }); }); }); }); });
function subscribeToOrg() { var newUser = planData['new-user']; if (newUser && invalidUserName(newUser)) { var err = new Error("User name must be valid"); request.logger.error(err); return request.saveNotifications([ P.reject(err.message) ]).then(function(token) { var url = '/org/transfer-user-name'; var param = token ? "?notice=" + token : ""; param = param + "&orgScope=" + request.query.orgScope; url = url + param; return reply.redirect(url); }).catch(function(err) { request.logger.error(err); }); } // check if the org name works as a package name var valid = validate('@' + planData.orgScope + '/foo'); if (!valid.errors) { // now check if the org name works on its own valid = validate(planData.orgScope); } if (valid.errors) { return reply.view('org/create', { stripePublicKey: process.env.STRIPE_PUBLIC_KEY, errorNotices: valid.errors }); } var opts = {}; Org(loggedInUser) .getInfo(planData.orgScope) .then(function() { throw Object.assign(new Error("Org already exists"), { code: 'EEXIST', statusCode: 409, what: 'org' }); }) .catch(function(err) { if (err.statusCode !== 404) { throw err; } // org doesn't yet exist, transfer user then create org var start = newUser ? User(request.loggedInUser).toOrg(loggedInUser, newUser) : P.resolve(null); return start; }) .then(function(newUserData) { var setSession = P.promisify(request.server.methods.user.setSession(request)); var delSession = P.promisify(request.server.methods.user.delSession(request)); loggedInUser = newUserData ? newUser : loggedInUser; if (newUserData) { return delSession(request.loggedInUser) .then(function() { request.logger.info("setting session to: " + loggedInUser); return setSession({ name: loggedInUser }); }); } else { return Org(loggedInUser) .create({ scope: planData.orgScope, humanName: planData["human-name"] }); } }) .then(function() { planInfo.npm_org = planData.orgScope; return Customer(loggedInUser).createSubscription(planInfo); }) .tap(function(subscription) { if (typeof subscription === 'string') { request.logger.info("created subscription: ", planInfo); } var dropCache = P.promisify(User(request.loggedInUser).dropCache); return dropCache(loggedInUser); }) .then(function(subscription) { return Customer(loggedInUser).extendSponsorship(subscription.license_id, loggedInUser); }) .then(function(extendedSponsorship) { return Customer(loggedInUser).acceptSponsorship(extendedSponsorship.verification_key); }) .then(function() { return reply.redirect('/org/' + planData.orgScope); }) .catch(function(err) { if (!(err.code === 'EEXIST' && err.what === 'org')) { throw err; } return Org(loggedInUser).getUsers(planData.orgScope) .then(function(users) { users = users || {}; users.items = users.items || []; var isSuperAdmin = users.items.filter(function(user) { return user.role && user.role.match(/super-admin/); }).some(function(admin) { return admin.name === loggedInUser; }); if (isSuperAdmin) { opts.users = users; return request.customer.getLicenseForOrg(planData.orgScope); } else { throw Object.assign(new Error("Org already exists"), { statusCode: 409, code: 'EEXIST', what: 'org' }); } }) .then(function(license) { if (license && license.length) { throw Object.assign(new Error("You already own this Organization"), { code: 'EEXIST', statusCode: 409, what: 'license' }); } else { throw Object.assign(new Error("No license for this org"), { code: 'ENOLICENSE', statusCode: 404 }); } }) .catch(function(err) { if (err.code !== 'ENOLICENSE' && err.code !== 'ENOCUSTOMER') { throw err; } planInfo.npm_org = planData.orgScope; return request.customer.createSubscription(planInfo); }) .then(function(license) { license = license || {}; var extensions = opts.users.items.map(function(user) { return request.customer.extendSponsorship(license.license_id, user.name); }); return P.all(extensions); }) .then(function(sponsorships) { var acceptances = sponsorships.map(function(sponsorship) { return request.customer.acceptSponsorship(sponsorship.verification_key); }); return P.all(acceptances) .catch(function(err) { if (err.statusCode !== 409) { throw err; } }); }) .then(function() { var redirectUrl = "/org/" + planData.orgScope; var message = "You have successfully restarted " + planData.orgScope; return request.saveNotifications([ P.resolve(message) ]).then(function(token) { var param = token ? "?notice=" + token : ""; redirectUrl = redirectUrl + param; return reply.redirect(redirectUrl); }).catch(function(err) { request.logger.error(err); return reply.redirect(redirectUrl); }); }); }) .catch(function(err) { if (!(err.statusCode === 409 && err.message)) { throw err; } return reply.view('org/create', { stripePublicKey: process.env.STRIPE_PUBLIC_KEY, inUseError: true, orgScope: planData.orgScope, humanName: planData["human-name"], errorNotices: [err] }); }) .catch(function(err) { if (err.statusCode < 500) { request.logger.error(err); return request.saveNotifications([ P.reject(err.message) ]).then(function(token) { var url = '/org/create'; var param = token ? "?notice=" + token : ""; url = url + param; return reply.redirect(url); }).catch(function(err) { request.logger.error(err); }); } else { return reply(err); } }); }