debug(`Emailing new user ${user.id} at ${user.email} instructions to create a password...`)
mail.send({
from:mail.noReply,
to:`<${user.email}>`,
subject:'Complete your Tracman registration',
text:mail.text(`Welcome to Tracman! \n\nTo complete your registration, follow this link and set your password:\n${env.url}/settings/password/${token}\n\nThis link will expire at ${expirationTimeString}. `),
html:mail.html(`<p>Welcome to Tracman! </p><p>To complete your registration, follow this link and set your password:<br><a href="${env.url}/settings/password/${token}">${env.url}/settings/password/${token}</a></p><p>This link will expire at ${expirationTimeString}. </p>`)
})
.then(()=>{
debug(`Successfully emailed new user ${user.id} instructions to continue`)
req.flash('success',`An email has been sent to <u>${user.email}</u>. Check your inbox and follow the link to complete your registration. (Your registration link will expire in one hour). `)
res.redirect('/login')
})
.catch((err)=>{
debug(`Failed to email new user ${user.id} instructions to continue!`)
mw.throwErr(err,req)
res.redirect('/login#signup')
})
}
})
}
// Validate email
req.checkBody('email','Please enter a valid email address.').isEmail()
// Check if somebody already has that email
debug(`Searching for user with email ${req.body.email}...`)
User.findOne({'email':req.body.email})
.then((user)=>{
// User already exists
if(user&&user.auth.password){
debug(`User ${user.id} has email ${req.body.email} and has a password`)
req.flash('warning',`A user with that email already exists! If you forgot your password, you can <a href="/login/forgot?email=${req.body.email}">reset it here</a>.`)
res.redirect('/login#login')
next()
// User exists but hasn't created a password yet
}elseif(user){
debug(`User ${user.id} has email ${req.body.email} but doesn't have a password`)
// Send another token (or the same one if it hasn't expired)
sendToken(user)
// Create user
}else{
debug(`User with email ${req.body.email} doesn't exist; creating one`)
req.checkBody('email','Please enter a valid email address.').isEmail()
// Check if somebody has that email
User.findOne({'email':req.body.email})
.then((user)=>{
// No user with that email
if(!user){
// Don't let on that no such user exists, to prevent dictionary attacks
req.flash('success',`If an account exists with the email <u>${req.body.email}</u>, an email has been sent there with a password reset link. `)
res.redirect('/login')
// User with that email does exist
}else{
// Create reset token
user.createPassToken((err,token)=>{
if(err){next(err)}
// Email reset link
mail.send({
from:mail.noReply,
to:mail.to(user),
subject:'Reset your Tracman password',
text:mail.text(`Hi, \n\nDid you request to reset your Tracman password? If so, follow this link to do so:\n${env.url}/settings/password/${token}\n\nIf you didn't initiate this request, just ignore this email. `),
html:mail.html(`<p>Hi, </p><p>Did you request to reset your Tracman password? If so, follow this link to do so:<br><a href="${env.url}/settings/password/${token}">${env.url}/settings/password/${token}</a></p><p>If you didn't initiate this request, just ignore this email. </p>`)
}).then(()=>{
req.flash('success',`If an account exists with the email <u>${req.body.email}</u>, an email has been sent there with a password reset link. `)
res.redirect('/login')
}).catch((err)=>{
debug(`Failed to send reset link to ${user.email}`)
mw.throwErr(err,req)
res.redirect('/login')
})
})
}
}).catch((err)=>{
debug(`Failed to check for if somebody has that email (in reset request)!`)
// Make sure the user has a password before they disconnect their google login account
// This is because login used to only be through google, and some people might not have
// set passwords yet...
if(!req.user.auth.password&&service==='google'){
req.flash('warning',`Hey, you need to <a href="/settings/password">set a password</a> before you can disconnect your google account. Otherwise, you won't be able to log in! `)