'use strict'; const slug = require('slug'), xss = require('xss'), mellt = require('mellt'), moment = require('moment'), mw = require('../middleware.js'), User = require('../models.js').user, mail = require('../mail.js'), env = require('../env/env.js'), router = require('express').Router(); // Validate email addresses function validateEmail(email) { var re = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return re.test(email); } // Settings form router.route('/') .all( mw.ensureAuth, (req,res,next)=>{ next(); } ) // Get settings form .get( (req,res)=>{ res.render('settings'); } ) // Set new settings .post( (req,res,next)=>{ // Validate email const checkEmail = new Promise( (resolve,reject)=>{ // Check validity if (!validateEmail(req.body.email)) { req.flash('warning', `${req.body.email} is not a valid email address. `); resolve(); } // Check if unchanged else if (req.user.email===req.body.email) { resolve(); } // Check uniqueness else { User.findOne({ email: req.body.email }) .then( (existingUser)=>{ // Not unique! if (existingUser && existingUser.id!==req.user.id) { //console.log("Email not unique!"); req.flash('warning', `That email, ${req.body.email}, is already in use by another user! `); resolve(); } // It's unique else { //console.log("Email is unique"); req.user.newEmail = req.body.email; // Create token //console.log(`Creating email token...`); req.user.createEmailToken((err,token)=>{ if (err){ reject(err); } // Send token to user by email //console.log(`Mailing new email token to ${req.body.email}...`); mail.send({ to: `"${req.user.name}" <${req.body.email}>`, from: mail.from, subject: 'Confirm your new email address for Tracman', text: mail.text(`A request has been made to change your Tracman email address. If you did not initiate this request, please disregard it. \n\nTo confirm your email, follow this link:\n${env.url}/settings/email/${token}. `), html: mail.html(`
A request has been made to change your Tracman email address. If you did not initiate this request, please disregard it.
To confirm your email, follow this link:
${env.url}/settings/email/${token}.
A request has been made to change your tracman password. If you did not initiate this request, please contact support at keith@tracman.org.
To change your password, follow this link:
${env.url}/settings/password/${token}.
This request will expire at ${expirationTimeString}.
`) }) .then( ()=>{ // Alert user to check email. req.flash('success',`An link has been sent to ${req.user.email}. Click on the link to complete your password change. This link will expire in one hour (${expirationTimeString}). `); res.redirect((req.user)?'/settings':'/login'); }) .catch( (err)=>{ mw.throwErr(err,req); res.redirect((req.user)?'/settings':'/login'); }); }); } ); router.route('/password/:token') // Check token .all( (req,res,next)=>{ User .findOne({'auth.passToken': req.params.token}) .where('auth.passTokenExpires').gt(Date.now()) .then((user) => { if (!user) { req.flash('danger', 'Password reset token is invalid or has expired. '); res.redirect( (req.isAuthenticated)?'/settings':'/login' ); } else { res.locals.passwordUser = user; next(); } }) .catch((err)=>{ mw.throwErr(err,req); res.redirect('/password'); }); } ) // Show password change form .get( (req,res)=>{ res.render('password'); } ) // Set new password .post( (req,res,next)=>{ // Validate password let daysToCrack = mellt.CheckPassword(req.body.password); if (daysToCrack<10) { mw.throwErr(new Error(`That password could be cracked in ${daysToCrack} days! Come up with a more complex password that would take at least 10 days to crack. `)); res.redirect(`/settings/password/${req.params.token}`); } else { // Delete token res.locals.passwordUser.auth.passToken = undefined; res.locals.passwordUser.auth.passTokenExpires = undefined; // Create hash res.locals.passwordUser.generateHash( req.body.password, (err,hash)=>{ if (err){ mw.throwErr(err,req); res.redirect(`/password/${req.params.token}`); } else { // Save new password to db res.locals.passwordUser.auth.password = hash; res.locals.passwordUser.save() .then( ()=>{ req.flash('success', 'Password set. You can use it to log in now. '); res.redirect('/login#login'); }) .catch( (err)=>{ mw.throwErr(err,req); res.redirect('/login#signup'); }); } } ); } } ); // Tracman pro router.route('/pro') .all( mw.ensureAuth, (req,res,next)=>{ next(); } ) // Get info about pro .get( (req,res,next)=>{ res.render('pro'); } ) // Join Tracman pro .post( (req,res)=>{ User.findByIdAndUpdate(req.user.id, {$set:{ isPro:true }}) .then( (user)=>{ req.flash('success','You have been signed up for pro. '); res.redirect(req.session.next||'/settings'); }) .catch( (err)=>{ mw.throwErr(err,req); res.redirect('/pro'); }); } ); module.exports = router;