diff options
| author | Stanley Yip <33562077+yipstanley@users.noreply.github.com> | 2020-01-20 17:30:37 -0500 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-01-20 17:30:37 -0500 |
| commit | 65c0769d420841765cb9545a4c99213c4433e7af (patch) | |
| tree | cec7e1ea69596513c373c2245610b5e4a679da56 /src/server/ApiManagers | |
| parent | cc2cbf44ba5c30a70bad2ffd7a57d2c6d17d0e4e (diff) | |
| parent | 758d960b4251672c9615b0bf53ea992065ca524b (diff) | |
Merge pull request #331 from browngraphicslab/pen
Pen
Diffstat (limited to 'src/server/ApiManagers')
| -rw-r--r-- | src/server/ApiManagers/DeleteManager.ts | 17 | ||||
| -rw-r--r-- | src/server/ApiManagers/UserManager.ts | 55 |
2 files changed, 71 insertions, 1 deletions
diff --git a/src/server/ApiManagers/DeleteManager.ts b/src/server/ApiManagers/DeleteManager.ts index 88dfa6a64..be452c0ff 100644 --- a/src/server/ApiManagers/DeleteManager.ts +++ b/src/server/ApiManagers/DeleteManager.ts @@ -1,5 +1,5 @@ import ApiManager, { Registration } from "./ApiManager"; -import { Method, _permission_denied } from "../RouteManager"; +import { Method, _permission_denied, PublicHandler } from "../RouteManager"; import { WebSocket } from "../Websocket/Websocket"; import { Database } from "../database"; @@ -31,6 +31,21 @@ export default class DeleteManager extends ApiManager { } }); + const hi: PublicHandler = async ({ res, isRelease }) => { + if (isRelease) { + return _permission_denied(res, deletionPermissionError); + } + await Database.Instance.deleteAll('users'); + res.redirect("/home"); + }; + + // register({ + // method: Method.GET, + // subscription: "/deleteUsers", + // onValidation: hi, + // onUnauthenticated: hi + // }); + register({ method: Method.GET, diff --git a/src/server/ApiManagers/UserManager.ts b/src/server/ApiManagers/UserManager.ts index f2ef22961..b0d868918 100644 --- a/src/server/ApiManagers/UserManager.ts +++ b/src/server/ApiManagers/UserManager.ts @@ -2,6 +2,8 @@ import ApiManager, { Registration } from "./ApiManager"; import { Method } from "../RouteManager"; import { Database } from "../database"; import { msToTime } from "../ActionUtilities"; +import * as bcrypt from "bcrypt-nodejs"; +import { Opt } from "../../new_fields/Doc"; export const timeMap: { [id: string]: number } = {}; interface ActivityUnit { @@ -37,6 +39,59 @@ export default class UserManager extends ApiManager { }); register({ + method: Method.POST, + subscription: '/internalResetPassword', + secureHandler: async ({ user, req, res }) => { + const result: any = {}; + const { curr_pass, new_pass, new_confirm } = req.body; + // perhaps should assert whether curr password is entered correctly + const validated = await new Promise<Opt<boolean>>(resolve => { + bcrypt.compare(curr_pass, user.password, (err, passwords_match) => { + if (err || !passwords_match) { + result.error = [{ msg: "Incorrect current password" }]; + res.send(result); + resolve(undefined); + } else { + resolve(passwords_match); + } + }); + }); + + if (validated === undefined) { + return; + } + + req.assert("new_pass", "Password must be at least 4 characters long").len({ min: 4 }); + req.assert("new_confirm", "Passwords do not match").equals(new_pass); + if (curr_pass === new_pass) { + result.error = [{ msg: "Current and new password are the same" }]; + } + // was there error in validating new passwords? + if (req.validationErrors()) { + // was there error? + result.error = req.validationErrors(); + } + + // will only change password if there are no errors. + if (!result.error) { + user.password = new_pass; + user.passwordResetToken = undefined; + user.passwordResetExpires = undefined; + } + + user.save(err => { + if (err) { + result.error = [{ msg: "Error while saving new password" }]; + } + }); + + res.send(result); + } + }); + + + + register({ method: Method.GET, subscription: "/activity", secureHandler: ({ res }) => { |