tracman-server/config/routes/settings.js

'use strict';

const slug = require('slug'),
	xss = require('xss'),
	zxcvbn = require('zxcvbn'),
	moment = require('moment'),
	mw = require('../middleware.js'),
	User = require('../models.js').user,
	mail = require('../mail.js'),
	env = require('../env/env.js'),
	debug = require('debug')('tracman-settings'),
	router = require('express').Router();


// Settings form
router.route('/')
	.all( mw.ensureAuth, (req,res,next)=>{
		next();
	} )

	// Get settings form
	.get( (req,res)=>{
		res.render('settings', {active:'settings'});
	} )

	// Set new settings
	.post( (req,res,next)=>{
		
		// Validate email
		const checkEmail = new Promise( (resolve,reject)=>{
			
			// Check validity
			if (!mw.validateEmail(req.body.email)) {
				req.flash('warning', `<u>${req.body.email}</u> is not a valid email address.  `);
				resolve();
			}
			
			// Check if unchanged
			else if (req.user.email===req.body.email) {
				resolve();
			}
			
			// Check uniqueness
			else {
				User.findOne({ email: req.body.email })
				.then( (existingUser)=>{
					
					// Not unique!
					if (existingUser && existingUser.id!==req.user.id) {
						debug("Email not unique!");
						req.flash('warning', `That email, <u>${req.body.email}</u>, is already in use by another user! `);
						resolve();
					}
					
					// It's unique
					else {
						debug("Email is unique");
						req.user.newEmail = req.body.email;
				
						// Create token
						debug(`Creating email token...`);
						req.user.createEmailToken((err,token)=>{
							if (err){ reject(err); }
							
							// Send token to user by email
							debug(`Mailing new email token to ${req.body.email}...`);
							mail.send({
								to: `"${req.user.name}" <${req.body.email}>`,
								from: mail.noReply,
								subject: 'Confirm your new email address for Tracman',
								text: mail.text(`A request has been made to change your Tracman email address.  If you did not initiate this request, please disregard it.  \n\nTo confirm your email, follow this link:\n${env.url}/settings/email/${token}. `),
								html: mail.html(`<p>A request has been made to change your Tracman email address.  If you did not initiate this request, please disregard it.  </p><p>To confirm your email, follow this link:<br><a href="${env.url}/settings/email/${token}">${env.url}/settings/email/${token}</a>. </p>`)
							})
							.then( ()=>{
								req.flash('warning',`An email has been sent to <u>${req.body.email}</u>.  Check your inbox to confirm your new email address. `);
								resolve();
							})
							.catch(reject);
							
						});
						
					}
			
				})
				.catch(reject);
			}
			
		});
		
		// Validate slug
		const checkSlug = new Promise( (resolve,reject)=>{
			
			// Check existence
			if (req.body.slug==='') {
				req.flash('warning', `You must supply a slug.  `);
				resolve();
			}
			
			// Check if unchanged
			else if (req.user.slug===slug(xss(req.body.slug))) {
				resolve();
			}
				
			// Check uniqueness
			else {
				
				User.findOne({ slug: req.body.slug })
				.then( (existingUser)=>{
					
					// Not unique!
					if (existingUser && existingUser.id!==req.user.id) {
						req.flash('warning', `That slug, <u>${req.body.slug}</u>, is already in use by another user! `);
					}
					
					// It's unique
					else {
						req.user.slug = slug(xss(req.body.slug));
					}
			
				})
				.then(resolve)
				.catch(reject);
				
			}
			
		});
		
		// Set settings when done
		Promise.all([checkEmail, checkSlug])
		.then( ()=>{
			debug('Setting settings... ');
				
			// Set values
			req.user.name = xss(req.body.name);
			req.user.settings = {
				units: req.body.units,
				defaultMap: req.body.map,
				defaultZoom: req.body.zoom,
				showScale: (req.body.showScale)?true:false,
				showSpeed: (req.body.showSpeed)?true:false,
				showAlt: (req.body.showAlt)?true:false,
				showStreetview: (req.body.showStreet)?true:false,
				marker: req.body.marker
			};
			
			// Save user and send response
			debug(`Saving new settings for user ${req.user.name}...`);
			req.user.save()
			.then( ()=>{
				debug(`DONE!  Redirecting user...`);
				req.flash('success', 'Settings updated. ');
				res.redirect('/settings');
			})
			.catch( (err)=>{
				mw.throwErr(err,req);
				res.redirect('/settings');
			});
			
		})
		.catch( (err)=>{
			mw.throwErr(err,req);
			res.redirect('/settings');
		});
		
	} );

// Delete account
router.get('/delete', (req,res)=>{
	User.findByIdAndRemove(req.user)
	.then( ()=>{
		req.flash('success', 'Your account has been deleted. ');
		res.redirect('/');
	})
	.catch( (err)=>{
		mw.throwErr(err,req);
		res.redirect('/settings');
	});
});

// Confirm email address
router.get('/email/:token', mw.ensureAuth, (req,res,next)=>{
	
	// Check token
	if ( req.user.emailToken===req.params.token) {
		
		// Set new email
		req.user.email = req.user.newEmail;
		req.user.save()
		
		// Delete token and newEmail
		.then( ()=>{
			req.user.emailToken = undefined;
			req.user.newEmail = undefined;
			req.user.save();
		})
		
		// Report success
		.then( ()=>{
			req.flash('success',`Your email has been set to <u>${req.user.email}</u>. `);
			res.redirect('/settings');
		})
		
		.catch( (err)=>{
			mw.throwErr(err,req);
			res.redirect(req.session.next||'/settings');
		});
		
	}
	
	// Invalid token
	else {
		req.flash('danger', 'Email confirmation token is invalid. ');
		res.redirect('/settings');
	}
	
} );

// Set password
router.route('/password')
	.all( mw.ensureAuth, (req,res,next)=>{
		next();
	} )

	// Email user a token, proceed at /password/:token
	.get( (req,res,next)=>{

		// Create token for password change
		req.user.createPassToken( (err,token,expires)=>{
			if (err){
				mw.throwErr(err,req);
				res.redirect((req.user)?'/settings':'/login');
			}
			else {
			
				// Figure out expiration time
				let expirationTimeString = (req.query.tz)?
					moment(expires).utcOffset(req.query.tz).toDate().toLocaleTimeString(req.acceptsLanguages[0]):
					moment(expires).toDate().toLocaleTimeString(req.acceptsLanguages[0])+" UTC";
				
				// Confirm password change request by email.
				mail.send({
					to: mail.to(req.user),
					from: mail.noReply,
					subject: 'Request to change your Tracman password',
					text: mail.text(`A request has been made to change your tracman password.  If you did not initiate this request, please contact support at keith@tracman.org.  \n\nTo change your password, follow this link:\n${env.url}/settings/password/${token}. \n\nThis request will expire at ${expirationTimeString}. `),
					html: mail.html(`<p>A request has been made to change your tracman password.  If you did not initiate this request, please contact support at <a href="mailto:keith@tracman.org">keith@tracman.org</a>.  </p><p>To change your password, follow this link:<br><a href="${env.url}/settings/password/${token}">${env.url}/settings/password/${token}</a>. </p><p>This request will expire at ${expirationTimeString}. </p>`)
				})
				.then( ()=>{
					// Alert user to check email.
					req.flash('success',`An link has been sent to <u>${req.user.email}</u>.  Click on the link to complete your password change.  This link will expire in one hour (${expirationTimeString}). `);
					res.redirect((req.user)?'/settings':'/login');
				})
				.catch( (err)=>{
					mw.throwErr(err,req);
					res.redirect((req.user)?'/settings':'/login');
				});
			
			}
		});

	} );

router.route('/password/:token')

	// Check token
	.all( (req,res,next)=>{
		debug('/settings/password/:token .all() called');
		User
			.findOne({'auth.passToken': req.params.token})
			.where('auth.passTokenExpires').gt(Date.now())
			.then((user) => {
				if (!user) {
					debug('Bad token');
					req.flash('danger', 'Password reset token is invalid or has expired. ');
					res.redirect( (req.isAuthenticated)?'/settings':'/login' );
				}
				else {
					debug('setting passwordUser');
					res.locals.passwordUser = user;
					next();
				}
			})
			.catch((err)=>{
				mw.throwErr(err,req);
				res.redirect('/password');
			});
	} )

	// Show password change form
	.get( (req,res)=>{
		debug('/settings/password/:token .get() called');
		res.render('password');
	} )
	
	// Set new password
	.post( (req,res,next)=>{
		
		// Validate password
		let zxcvbnResult = zxcvbn(req.body.password);
		if (zxcvbnResult.crack_times_seconds.online_no_throttling_10_per_second < 864000) { // Less than ten days
			mw.throwErr(new Error(`That password could be cracked in ${zxcvbnResult.crack_times_display.online_no_throttling_10_per_second}!  Come up with a more complex password that would take at least 10 days to crack. `));
			res.redirect(`/settings/password/${req.params.token}`);
		}
		
		else {
			
			// Create hashed password and save to db
			res.locals.passwordUser.generateHashedPassword( req.body.password, (err)=>{
				if (err){
					mw.throwErr(err,req);
					res.redirect(`/password/${req.params.token}`);
				}
				
				// User changed password
				else if (req.user) {
					req.flash('success', 'Your password has been changed. ');
					res.redirect('/settings');
				}
				
				// New user created password
				else {
					req.flash('success', 'Password set.  You can use it to log in now. ');
					res.redirect('/login?next=/map?new=1');
				}
				
			} );
			
		}
		
	} );


// Tracman pro
router.route('/pro')
	.all( mw.ensureAuth, (req,res,next)=>{
		next();
	} )

	// Get info about pro
	.get( (req,res,next)=>{
		res.render('pro');
	} )

	// Join Tracman pro
	.post( (req,res)=>{
		User.findByIdAndUpdate(req.user.id,
				{$set:{ isPro:true }})
			.then( (user)=>{
				req.flash('success','You have been signed up for pro. ');
				res.redirect('/settings');
			})
			.catch( (err)=>{
				mw.throwErr(err,req);
				res.redirect('/settings/pro');	
			});
	} );

module.exports = router;
Added files for new login 2017-04-11 19:38:07 -06:00			`'use strict';`

			`const slug = require('slug'),`
			`xss = require('xss'),`
#95 Require new package 2017-06-30 10:48:29 -06:00			`zxcvbn = require('zxcvbn'),`
#52 Added server-side uniqueness checks 2017-04-27 14:44:49 -06:00			`moment = require('moment'),`
Added files for new login 2017-04-11 19:38:07 -06:00			`mw = require('../middleware.js'),`
			`User = require('../models.js').user,`
			`mail = require('../mail.js'),`
Moved environment files to own folder 2017-04-26 21:13:14 -06:00			`env = require('../env/env.js'),`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug = require('debug')('tracman-settings'),`
Added files for new login 2017-04-11 19:38:07 -06:00			`router = require('express').Router();`

Moved email validation function to middleware file 2017-07-04 10:09:28 -06:00
Added files for new login 2017-04-11 19:38:07 -06:00
			`// Settings form`
			`router.route('/')`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.all( mw.ensureAuth, (req,res,next)=>{`
Added files for new login 2017-04-11 19:38:07 -06:00			`next();`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} )`

Added files for new login 2017-04-11 19:38:07 -06:00			`// Get settings form`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00			`.get( (req,res)=>{`
Fixed active links in header 2017-05-22 20:32:51 -06:00			`res.render('settings', {active:'settings'});`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} )`

Added files for new login 2017-04-11 19:38:07 -06:00			`// Set new settings`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.post( (req,res,next)=>{`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00
Fixed promises 2017-04-27 15:25:16 -06:00			`// Validate email`
			`const checkEmail = new Promise( (resolve,reject)=>{`

			`// Check validity`
Moved email validation function to middleware file 2017-07-04 10:09:28 -06:00			`if (!mw.validateEmail(req.body.email)) {`
Fixed promises 2017-04-27 15:25:16 -06:00			req.flash('warning', `<u>${req.body.email}</u> is not a valid email address. `);
			`resolve();`
			`}`

			`// Check if unchanged`
			`else if (req.user.email===req.body.email) {`
			`resolve();`
			`}`

			`// Check uniqueness`
			`else {`
			`User.findOne({ email: req.body.email })`
			`.then( (existingUser)=>{`

			`// Not unique!`
			`if (existingUser && existingUser.id!==req.user.id) {`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug("Email not unique!");`
Fixed promises 2017-04-27 15:25:16 -06:00			req.flash('warning', `That email, <u>${req.body.email}</u>, is already in use by another user! `);
			`resolve();`
			`}`

			`// It's unique`
			`else {`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug("Email is unique");`
Fixed promises 2017-04-27 15:25:16 -06:00			`req.user.newEmail = req.body.email;`

			`// Create token`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			debug(`Creating email token...`);
Fixed promises 2017-04-27 15:25:16 -06:00			`req.user.createEmailToken((err,token)=>{`
			`if (err){ reject(err); }`

			`// Send token to user by email`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			debug(`Mailing new email token to ${req.body.email}...`);
Fixed promises 2017-04-27 15:25:16 -06:00			`mail.send({`
			to: `"${req.user.name}" <${req.body.email}>`,
Renamed noReply in mail.js 2017-05-08 15:45:06 -06:00			`from: mail.noReply,`
Fixed promises 2017-04-27 15:25:16 -06:00			`subject: 'Confirm your new email address for Tracman',`
			text: mail.text(`A request has been made to change your Tracman email address. If you did not initiate this request, please disregard it. \n\nTo confirm your email, follow this link:\n${env.url}/settings/email/${token}. `),
			html: mail.html(`<p>A request has been made to change your Tracman email address. If you did not initiate this request, please disregard it. </p><p>To confirm your email, follow this link:<br><a href="${env.url}/settings/email/${token}">${env.url}/settings/email/${token}</a>. </p>`)
			`})`
			`.then( ()=>{`
			req.flash('warning',`An email has been sent to <u>${req.body.email}</u>. Check your inbox to confirm your new email address. `);
			`resolve();`
			`})`
			`.catch(reject);`

			`});`

			`}`

			`})`
			`.catch(reject);`
			`}`

			`});`

			`// Validate slug`
			`const checkSlug = new Promise( (resolve,reject)=>{`

			`// Check existence`
			`if (req.body.slug==='') {`
			req.flash('warning', `You must supply a slug. `);
			`resolve();`
			`}`

			`// Check if unchanged`
			`else if (req.user.slug===slug(xss(req.body.slug))) {`
			`resolve();`
			`}`

			`// Check uniqueness`
			`else {`

			`User.findOne({ slug: req.body.slug })`
			`.then( (existingUser)=>{`

			`// Not unique!`
			`if (existingUser && existingUser.id!==req.user.id) {`
			req.flash('warning', `That slug, <u>${req.body.slug}</u>, is already in use by another user! `);
			`}`

			`// It's unique`
			`else {`
			`req.user.slug = slug(xss(req.body.slug));`
			`}`

			`})`
			`.then(resolve)`
			`.catch(reject);`

			`}`

			`});`

			`// Set settings when done`
			`Promise.all([checkEmail, checkSlug])`
			`.then( ()=>{`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug('Setting settings... ');`
#58 Fixed missing flash alerting user of confirmation email 2017-04-18 11:03:24 -06:00
#32 Fixed social logins 2017-04-19 19:37:00 -06:00			`// Set values`
			`req.user.name = xss(req.body.name);`
			`req.user.settings = {`
Fixes #76 2017-05-02 07:21:53 -06:00			`units: req.body.units,`
			`defaultMap: req.body.map,`
			`defaultZoom: req.body.zoom,`
			`showScale: (req.body.showScale)?true:false,`
			`showSpeed: (req.body.showSpeed)?true:false,`
			`showAlt: (req.body.showAlt)?true:false,`
#89 Added marker color selection to settings page 2017-07-20 07:08:10 -06:00			`showStreetview: (req.body.showStreet)?true:false,`
			`marker: req.body.marker`
Fixes #76 2017-05-02 07:21:53 -06:00			`};`
Added some debug logging 2017-04-26 20:47:23 -06:00
#61 Cleanup, check for injection attacks 2017-04-25 18:01:35 -06:00			`// Save user and send response`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			debug(`Saving new settings for user ${req.user.name}...`);
#61 Cleanup, check for injection attacks 2017-04-25 18:01:35 -06:00			`req.user.save()`
			`.then( ()=>{`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			debug(`DONE! Redirecting user...`);
#61 Cleanup, check for injection attacks 2017-04-25 18:01:35 -06:00			`req.flash('success', 'Settings updated. ');`
			`res.redirect('/settings');`
			`})`
			`.catch( (err)=>{`
			`mw.throwErr(err,req);`
			`res.redirect('/settings');`
			`});`
#58 Fixed missing flash alerting user of confirmation email 2017-04-18 11:03:24 -06:00
Fixed promises 2017-04-27 15:25:16 -06:00			`})`
			`.catch( (err)=>{`
			`mw.throwErr(err,req);`
#58 Cleaned up 2017-04-18 11:10:43 -06:00			`res.redirect('/settings');`
Fixed promises 2017-04-27 15:25:16 -06:00			`});`
#52 Added server-side validation for settings 2017-04-17 22:34:53 -06:00
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} );`
Added files for new login 2017-04-11 19:38:07 -06:00
Fixed #83 2017-05-06 23:59:21 -06:00			`// Delete account`
			`router.get('/delete', (req,res)=>{`
			`User.findByIdAndRemove(req.user)`
			`.then( ()=>{`
			`req.flash('success', 'Your account has been deleted. ');`
			`res.redirect('/');`
			`})`
			`.catch( (err)=>{`
			`mw.throwErr(err,req);`
			`res.redirect('/settings');`
			`});`
			`});`

#58 added email confirmation 2017-04-18 01:08:57 -06:00			`// Confirm email address`
			`router.get('/email/:token', mw.ensureAuth, (req,res,next)=>{`
Fixed #83 2017-05-06 23:59:21 -06:00
			`// Check token`
			`if ( req.user.emailToken===req.params.token) {`
#58 added email confirmation 2017-04-18 01:08:57 -06:00
Fixed #83 2017-05-06 23:59:21 -06:00			`// Set new email`
			`req.user.email = req.user.newEmail;`
			`req.user.save()`
Updated settings formatting 2017-07-04 09:57:56 -06:00
			`// Delete token and newEmail`
Fixed #83 2017-05-06 23:59:21 -06:00			`.then( ()=>{`
			`req.user.emailToken = undefined;`
			`req.user.newEmail = undefined;`
			`req.user.save();`
			`})`
Updated settings formatting 2017-07-04 09:57:56 -06:00
			`// Report success`
Fixed #83 2017-05-06 23:59:21 -06:00			`.then( ()=>{`
			req.flash('success',`Your email has been set to <u>${req.user.email}</u>. `);
#58 added email confirmation 2017-04-18 01:08:57 -06:00			`res.redirect('/settings');`
Fixed #83 2017-05-06 23:59:21 -06:00			`})`
Updated settings formatting 2017-07-04 09:57:56 -06:00
Fixed #83 2017-05-06 23:59:21 -06:00			`.catch( (err)=>{`
			`mw.throwErr(err,req);`
			`res.redirect(req.session.next\|\|'/settings');`
			`});`
#58 added email confirmation 2017-04-18 01:08:57 -06:00
Fixed #83 2017-05-06 23:59:21 -06:00			`}`

			`// Invalid token`
			`else {`
			`req.flash('danger', 'Email confirmation token is invalid. ');`
			`res.redirect('/settings');`
			`}`

			`} );`
Added files for new login 2017-04-11 19:38:07 -06:00
			`// Set password`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00			`router.route('/password')`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.all( mw.ensureAuth, (req,res,next)=>{`
Added files for new login 2017-04-11 19:38:07 -06:00			`next();`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} )`

Added ability to change password 2017-04-12 11:41:27 -06:00			`// Email user a token, proceed at /password/:token`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.get( (req,res,next)=>{`
Added ability to change password 2017-04-12 11:41:27 -06:00
			`// Create token for password change`
#52 Added server-side uniqueness checks 2017-04-27 14:44:49 -06:00			`req.user.createPassToken( (err,token,expires)=>{`
#58 added email confirmation 2017-04-18 01:08:57 -06:00			`if (err){`
			`mw.throwErr(err,req);`
#52 Added server-side uniqueness checks 2017-04-27 14:44:49 -06:00			`res.redirect((req.user)?'/settings':'/login');`
#58 added email confirmation 2017-04-18 01:08:57 -06:00			`}`
#77 Better error handling after password creation 2017-04-28 12:21:10 -06:00			`else {`
#58 added email confirmation 2017-04-18 01:08:57 -06:00
#77 Better error handling after password creation 2017-04-28 12:21:10 -06:00			`// Figure out expiration time`
			`let expirationTimeString = (req.query.tz)?`
			`moment(expires).utcOffset(req.query.tz).toDate().toLocaleTimeString(req.acceptsLanguages[0]):`
			`moment(expires).toDate().toLocaleTimeString(req.acceptsLanguages[0])+" UTC";`

			`// Confirm password change request by email.`
			`mail.send({`
			`to: mail.to(req.user),`
Renamed noReply in mail.js 2017-05-08 15:45:06 -06:00			`from: mail.noReply,`
#77 Better error handling after password creation 2017-04-28 12:21:10 -06:00			`subject: 'Request to change your Tracman password',`
			text: mail.text(`A request has been made to change your tracman password. If you did not initiate this request, please contact support at keith@tracman.org. \n\nTo change your password, follow this link:\n${env.url}/settings/password/${token}. \n\nThis request will expire at ${expirationTimeString}. `),
			html: mail.html(`<p>A request has been made to change your tracman password. If you did not initiate this request, please contact support at <a href="mailto:keith@tracman.org">keith@tracman.org</a>. </p><p>To change your password, follow this link:<br><a href="${env.url}/settings/password/${token}">${env.url}/settings/password/${token}</a>. </p><p>This request will expire at ${expirationTimeString}. </p>`)
			`})`
			`.then( ()=>{`
			`// Alert user to check email.`
			req.flash('success',`An link has been sent to <u>${req.user.email}</u>. Click on the link to complete your password change. This link will expire in one hour (${expirationTimeString}). `);
			`res.redirect((req.user)?'/settings':'/login');`
			`})`
			`.catch( (err)=>{`
			`mw.throwErr(err,req);`
			`res.redirect((req.user)?'/settings':'/login');`
			`});`
#58 added email confirmation 2017-04-18 01:08:57 -06:00
#77 Better error handling after password creation 2017-04-28 12:21:10 -06:00			`}`
#58 added email confirmation 2017-04-18 01:08:57 -06:00			`});`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00
			`} );`

Added ability to change password 2017-04-12 11:41:27 -06:00			`router.route('/password/:token')`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00
Added ability to change password 2017-04-12 11:41:27 -06:00			`// Check token`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.all( (req,res,next)=>{`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug('/settings/password/:token .all() called');`
Added ability to change password 2017-04-12 11:41:27 -06:00			`User`
			`.findOne({'auth.passToken': req.params.token})`
#58 added email confirmation 2017-04-18 01:08:57 -06:00			`.where('auth.passTokenExpires').gt(Date.now())`
#45 Using ES6 promises now 2017-04-13 16:59:46 -06:00			`.then((user) => {`
Added ability to change password 2017-04-12 11:41:27 -06:00			`if (!user) {`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug('Bad token');`
Added ability to change password 2017-04-12 11:41:27 -06:00			`req.flash('danger', 'Password reset token is invalid or has expired. ');`
			`res.redirect( (req.isAuthenticated)?'/settings':'/login' );`
Updated settings formatting 2017-07-04 09:57:56 -06:00			`}`
			`else {`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug('setting passwordUser');`
Added ability to change password 2017-04-12 11:41:27 -06:00			`res.locals.passwordUser = user;`
			`next();`
			`}`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00			`})`
			`.catch((err)=>{`
			`mw.throwErr(err,req);`
			`res.redirect('/password');`
Added ability to change password 2017-04-12 11:41:27 -06:00			`});`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} )`
Added ability to change password 2017-04-12 11:41:27 -06:00
			`// Show password change form`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.get( (req,res)=>{`
#85 Switched back to debug 2017-05-08 11:47:53 -06:00			`debug('/settings/password/:token .get() called');`
Added ability to change password 2017-04-12 11:41:27 -06:00			`res.render('password');`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} )`
Added client-side password checking 2017-04-15 08:22:13 -06:00
			`// Set new password`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.post( (req,res,next)=>{`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00
Added client-side password checking 2017-04-15 08:22:13 -06:00			`// Validate password`
#95 Swapped mellt code for zxcvbn code 2017-06-30 11:14:59 -06:00			`let zxcvbnResult = zxcvbn(req.body.password);`
			`if (zxcvbnResult.crack_times_seconds.online_no_throttling_10_per_second < 864000) { // Less than ten days`
			mw.throwErr(new Error(`That password could be cracked in ${zxcvbnResult.crack_times_display.online_no_throttling_10_per_second}! Come up with a more complex password that would take at least 10 days to crack. `));
Added client-side password checking 2017-04-15 08:22:13 -06:00			res.redirect(`/settings/password/${req.params.token}`);
Made bigger social logi buttons for desktops/tablets 2017-04-16 15:23:15 -06:00			`}`
Fixed pro 2017-04-25 15:22:23 -06:00
Made bigger social logi buttons for desktops/tablets 2017-04-16 15:23:15 -06:00			`else {`
Added client-side password checking 2017-04-15 08:22:13 -06:00
#77 Fixed 500 after setting password, updated packages 2017-04-28 13:37:22 -06:00			`// Create hashed password and save to db`
			`res.locals.passwordUser.generateHashedPassword( req.body.password, (err)=>{`
Added client-side password checking 2017-04-15 08:22:13 -06:00			`if (err){`
			`mw.throwErr(err,req);`
			res.redirect(`/password/${req.params.token}`);
			`}`
#77 Fixed 500 after setting password, updated packages 2017-04-28 13:37:22 -06:00
			`// User changed password`
			`else if (req.user) {`
			`req.flash('success', 'Your password has been changed. ');`
			`res.redirect('/settings');`
			`}`
#30 Added welcome message 2017-05-08 18:12:58 -06:00
#77 Fixed 500 after setting password, updated packages 2017-04-28 13:37:22 -06:00			`// New user created password`
Added client-side password checking 2017-04-15 08:22:13 -06:00			`else {`
#77 Fixed 500 after setting password, updated packages 2017-04-28 13:37:22 -06:00			`req.flash('success', 'Password set. You can use it to log in now. ');`
#30 Added welcome message 2017-05-08 18:12:58 -06:00			`res.redirect('/login?next=/map?new=1');`
Added client-side password checking 2017-04-15 08:22:13 -06:00			`}`
#77 Fixed 500 after setting password, updated packages 2017-04-28 13:37:22 -06:00
Added client-side password checking 2017-04-15 08:22:13 -06:00			`} );`

			`}`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} );`
Added files for new login 2017-04-11 19:38:07 -06:00

			`// Tracman pro`
Added ability to change password 2017-04-12 11:41:27 -06:00			`router.route('/pro')`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.all( mw.ensureAuth, (req,res,next)=>{`
Added files for new login 2017-04-11 19:38:07 -06:00			`next();`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} )`

Added files for new login 2017-04-11 19:38:07 -06:00			`// Get info about pro`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.get( (req,res,next)=>{`
Added ability to change password 2017-04-12 11:41:27 -06:00			`res.render('pro');`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} )`

Added files for new login 2017-04-11 19:38:07 -06:00			`// Join Tracman pro`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`.post( (req,res)=>{`
Added ability to change password 2017-04-12 11:41:27 -06:00			`User.findByIdAndUpdate(req.user.id,`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00			`{$set:{ isPro:true }})`
			`.then( (user)=>{`
			`req.flash('success','You have been signed up for pro. ');`
Redirect back to settings after switching to pro 2017-07-11 01:03:36 -06:00			`res.redirect('/settings');`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00			`})`
			`.catch( (err)=>{`
			`mw.throwErr(err,req);`
Redirect back to settings after switching to pro 2017-07-11 01:03:36 -06:00			`res.redirect('/settings/pro');`
Cleaned up, made promises 2017-04-14 20:10:52 -06:00			`});`
Added account creation, switched to arrow functions 2017-04-13 16:53:18 -06:00			`} );`

#52 Added server-side validation for settings 2017-04-17 22:34:53 -06:00			`module.exports = router;`