'use strict'; const slug = require('slug'), xss = require('xss'), mellt = require('mellt'), moment = require('moment'), mw = require('../middleware.js'), User = require('../models.js').user, mail = require('../mail.js'), env = require('../env/env.js'), debug = require('debug')('tracman-settings'), router = require('express').Router(); // Validate email addresses function validateEmail(email) { var re = /^(([^<>()\[\]\\.,;:\s@"]+(\.[^<>()\[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/; return re.test(email); } // Settings form router.route('/') .all( mw.ensureAuth, (req,res,next)=>{ next(); } ) // Get settings form .get( (req,res)=>{ res.render('settings'); } ) // Set new settings .post( (req,res,next)=>{ // Validate email const checkEmail = new Promise( (resolve,reject)=>{ // Check validity if (!validateEmail(req.body.email)) { req.flash('warning', `${req.body.email} is not a valid email address. `); resolve(); } // Check if unchanged else if (req.user.email===req.body.email) { resolve(); } // Check uniqueness else { User.findOne({ email: req.body.email }) .then( (existingUser)=>{ // Not unique! if (existingUser && existingUser.id!==req.user.id) { debug("Email not unique!"); req.flash('warning', `That email, ${req.body.email}, is already in use by another user! `); resolve(); } // It's unique else { debug("Email is unique"); req.user.newEmail = req.body.email; // Create token debug(`Creating email token...`); req.user.createEmailToken((err,token)=>{ if (err){ reject(err); } // Send token to user by email debug(`Mailing new email token to ${req.body.email}...`); mail.send({ to: `"${req.user.name}" <${req.body.email}>`, from: mail.noReply, subject: 'Confirm your new email address for Tracman', text: mail.text(`A request has been made to change your Tracman email address. If you did not initiate this request, please disregard it. \n\nTo confirm your email, follow this link:\n${env.url}/settings/email/${token}. `), html: mail.html(`
A request has been made to change your Tracman email address. If you did not initiate this request, please disregard it.
To confirm your email, follow this link:
${env.url}/settings/email/${token}.
A request has been made to change your tracman password. If you did not initiate this request, please contact support at keith@tracman.org.
To change your password, follow this link:
${env.url}/settings/password/${token}.
This request will expire at ${expirationTimeString}.
`) }) .then( ()=>{ // Alert user to check email. req.flash('success',`An link has been sent to ${req.user.email}. Click on the link to complete your password change. This link will expire in one hour (${expirationTimeString}). `); res.redirect((req.user)?'/settings':'/login'); }) .catch( (err)=>{ mw.throwErr(err,req); res.redirect((req.user)?'/settings':'/login'); }); } }); } ); router.route('/password/:token') // Check token .all( (req,res,next)=>{ debug('/settings/password/:token .all() called'); User .findOne({'auth.passToken': req.params.token}) .where('auth.passTokenExpires').gt(Date.now()) .then((user) => { if (!user) { debug('Bad token'); req.flash('danger', 'Password reset token is invalid or has expired. '); res.redirect( (req.isAuthenticated)?'/settings':'/login' ); } else { debug('setting passwordUser'); res.locals.passwordUser = user; next(); } }) .catch((err)=>{ mw.throwErr(err,req); res.redirect('/password'); }); } ) // Show password change form .get( (req,res)=>{ debug('/settings/password/:token .get() called'); res.render('password'); } ) // Set new password .post( (req,res,next)=>{ // Validate password let daysToCrack = mellt.CheckPassword(req.body.password); if (daysToCrack<10) { mw.throwErr(new Error(`That password could be cracked in ${daysToCrack} days! Come up with a more complex password that would take at least 10 days to crack. `)); res.redirect(`/settings/password/${req.params.token}`); } else { // Create hashed password and save to db res.locals.passwordUser.generateHashedPassword( req.body.password, (err)=>{ if (err){ mw.throwErr(err,req); res.redirect(`/password/${req.params.token}`); } // User changed password else if (req.user) { req.flash('success', 'Your password has been changed. '); res.redirect('/settings'); } // New user created password else { req.flash('success', 'Password set. You can use it to log in now. '); res.redirect('/login?next=/settings'); } } ); } } ); // Tracman pro router.route('/pro') .all( mw.ensureAuth, (req,res,next)=>{ next(); } ) // Get info about pro .get( (req,res,next)=>{ res.render('pro'); } ) // Join Tracman pro .post( (req,res)=>{ User.findByIdAndUpdate(req.user.id, {$set:{ isPro:true }}) .then( (user)=>{ req.flash('success','You have been signed up for pro. '); res.redirect(req.session.next||'/settings'); }) .catch( (err)=>{ mw.throwErr(err,req); res.redirect('/pro'); }); } ); module.exports = router;