ki9
/
tracman-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Added password reset logic

master
Keith Irwin 2017-04-14 01:00:18 -04:00
parent 6a7a49bffd
commit 7b2a1e27dd
No known key found for this signature in database
GPG Key ID: 378933C743E2BBC0
2 changed files with 75 additions and 78 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

94
config/auth.js
View File

@ -40,7 +40,8 @@ module.exports = (app, passport) => {
// Signup
app.get('/signup', (req,res)=>{
res.redirect('/login#signup');
}).post('/signup', (req,res,next)=>{
})
.post('/signup', (req,res,next)=>{
// Send token and alert user
function sendToken(user){
@ -148,50 +149,57 @@ module.exports = (app, passport) => {
});
// Forgot password
// app.route('/login/forgot')
// .all( (req,res,next)=>{
// if (req.isAuthenticated()){ res.redirect('/settings'); }
// else { next(); }
// })
// .get( (req,res,next)=>{
// res.render('forgot');
// })
// .post( (req,res,next)=>{
app.route('/login/forgot')
.all( (req,res,next)=>{
if (req.isAuthenticated()){ loginCallback(); }
else { next(); }
})
.get( (req,res,next)=>{
res.render('forgot');
})
.post( (req,res,next)=>{
//TODO: Validate and sanitize email
// req.assert('email', 'Please enter a valid email address.').isEmail();
// req.sanitize('email').normalizeEmail({ remove_dots: false });
User.findOne( {'email':req.body.email}, (err,user)=>{
if (err){ mw.throwErr(err); }
// No user with that email
if (!user) {
// Don't let on that no such user exists, to prevent dictionary attacks
req.flash('success', `If an account exists with the email <u>${req.body.email}</u>, an email has been sent there with a password reset link. `);
res.redirect('/login');
}
// User with that email exists
else {
// Create reset token
user.createToken( (err,token)=>{
if (err){ next(err); }
// Email reset link
mail.send({
from: mail.from,
to: mail.to(user),
subject: 'Reset your Tracman password',
text: mail.text(`Hi, \n\nDid you request to reset your Tracman password? If so, follow this link to do so:\n${env.url}/settings/password/${token}\n\nIf you didn't initiate this request, just ignore this email. `),
html: mail.html(`<p>Hi, </p><p>Did you request to reset your Tracman password? If so, follow this link to do so:<br><a href="${env.url}/settings/password/${token}">${env.url}/settings/password/${token}</a></p><p>If you didn't initiate this request, just ignore this email. </p>`)
}).then(()=>{
req.flash('success', `If an account exists with the email <u>${req.body.email}</u>, an email has been sent there with a password reset link. `);
res.redirect('/login');
}).catch((err)=>{
mw.throwErr(err);
});
// //TODO: Validate and sanitize email
// // req.assert('email', 'Please enter a valid email address.').isEmail();
// // req.sanitize('email').normalizeEmail({ remove_dots: false });
});
}
});
// User.findOne( {'email':req.body.email}, (err,user)=>{
// if (err){ next(err); }
// else if (!user) {
// req.flash('danger', `No user has <u>${req.body.email}</u> set as their email address. `);
// res.redirect('/login/forgot');
// } else {
// // Set reset token to user
// user.createToken( (err,token)=>{
// if (err){ next(err); }
// // Email reset link
// mail({
// from: '"Tracman" <NoReply@tracman.org>',
// to: `"${user.name}"" <${user.email}>`,
// subject: 'Reset your Tracman password',
// text: `Hi, \n\nDid you request to reset your Tracman password? If so, follow this link to do so:\n${env.url}/settings/password/${token}\n\nIf you didn't initiate this request, just ignore this email. `,
// html: `<p>Hi, </p><p>Did you request to reset your Tracman password? If so, follow this link to do so:<br><a href="${env.url}/settings/password/${token}">${env.url}/settings/password/${token}</a></p><p>If you didn't initiate this request, just ignore this email. </p>`
// }).then(()=>{
// req.flash('success', `An email has been sent to <u>${req.body.email}</u>. Check your email for instructions to reset your password. `);
// res.redirect('/');
// }).catch((err)=>{
// next(err);
// });
// });
// }
// });
// });
});
// Social
app.get('/login/:service', (req,res,next)=>{

59
views/password.html
View File

@ -7,41 +7,30 @@
{% endblock %}
{% block main %}
<section class='container'>
<h1>Set Password</h1>
<form id='password-form' role="form" method="post">
<style>
#password input {
min-width: 40%;
}
</style>
<p>Your password must be at least 8 characters long. You can use any letter, number, symbol, emoji, or spaces. Your password will be stored as a secure hash on the server. </p>
<div id='password' class='form-group' title="Type your new password here">
<input class='form-control' name="password" type="password" placeholder="enter password" minlength="8" maxlength="160">
<input class='form-control' name="repassword" type="password" placeholder="retype password" minlength="8" maxlength="160">
</div>
<div id='submit-group' class='form-group flexbox' style="padding:0 0 60px; justify-content:space-around">
<input class='btn yellow' style="width:50%; background:#333" type="submit" value="Save">
<a href="#" class='btn'>cancel</a>
</div>
</form>
</section>
<section class='container'>
{% endblock %}
{% block javascript %}
{{super()}}
<script>
<h1>Set Password</h1>
<form id='password-form' role="form" method="post">
<style>
#password input {
min-width: 40%;
}
</style>
<p>Your password must be at least 8 characters long. You can use any letter, number, symbol, emoji, or spaces. Your password will be stored as a secure hash on the server. </p>
<div id='password' class='form-group' title="Type your new password here">
<input class='form-control' name="password" type="password" placeholder="enter password" minlength="8" maxlength="160">
<input class='form-control' name="repassword" type="password" placeholder="retype password" minlength="8" maxlength="160">
</div>
<div id='submit-group' class='form-group flexbox' style="padding:0 0 60px; justify-content:space-around">
<input class='btn yellow' style="width:50%; background:#333" type="submit" value="Save">
<a href="#" class='btn'>cancel</a>
</div>
</script>
</form>
</section>
{% endblock %}