import * as async from 'async'; import * as c from 'crypto'; import { NextFunction, Request, Response } from 'express'; import { check, validationResult } from 'express-validator'; import * as nodemailer from 'nodemailer'; import { MailOptions } from 'nodemailer/lib/stream-transport'; import * as passport from 'passport'; import { Utils } from '../../Utils'; import User, { DashUserModel, initializeGuest } from './DashUserModel'; import './Passport'; // import { IVerifyOptions } from 'passport-local'; /** * GET /signup * Directs user to the signup page * modeled by signup.pug in views */ export const getSignup = (req: Request, res: Response) => { if (req.user) { return res.redirect('/home'); } res.render('signup.pug', { title: 'Sign Up', user: req.user, }); return undefined; }; const tryRedirectToTarget = (req: Request, res: Response) => { const target = (req.session as any)?.target; if (req.session && target) { res.redirect(target); } else { res.redirect('/home'); } }; /** * POST /signup * Create a new local account. */ export const postSignup = (req: Request, res: Response, next: NextFunction) => { const email = req.body.email as String; check('email', 'Email is not valid').isEmail().run(req); check('password', 'Password must be at least 4 characters long').isLength({ min: 4 }).run(req); check('confirmPassword', 'Passwords do not match').equals(req.body.password).run(req); check('email').normalizeEmail({ gmail_remove_dots: false }).run(req); const errors = validationResult(req).array(); if (errors.length) { return res.redirect('/signup'); } const { password } = req.body; const model = { email, password, userDocumentId: email === 'guest' ? Utils.GuestID() : Utils.GenerateGuid(), sharingDocumentId: email === 'guest' ? 2 : Utils.GenerateGuid(), linkDatabaseId: email === 'guest' ? 3 : Utils.GenerateGuid(), cacheDocumentIds: '', } as Partial; const user = new User(model); User.findOne({ email }) .then((existingUser: any) => { if (existingUser) { return res.redirect('/login'); } user.save() .then(() => { req.logIn(user, err => { if (err) return next(err); tryRedirectToTarget(req, res); return undefined; }); }) .catch((err: any) => next(err)); return undefined; }) .catch((err: any) => next(err)); return undefined; }; /** * GET /login * Login page. */ export const getLogin = (req: Request, res: Response) => { if (req.user) { // req.session.target = undefined; return res.redirect('/home'); } res.render('login.pug', { title: 'Log In', user: req.user, }); return undefined; }; /** * POST /login * Sign in using email and password. * On failure, redirect to signup page */ export const postLogin = (req: Request, res: Response, next: NextFunction) => { if (req.body.email === '') { User.findOne({ email: 'guest' }) .then((user: any) => !user && initializeGuest()) .catch((err: any) => err); req.body.email = 'guest'; req.body.password = 'guest'; } else { check('email', 'Email is not valid').isEmail().run(req); check('password', 'Password cannot be blank').notEmpty().run(req); check('email').normalizeEmail({ gmail_remove_dots: false }).run(req); } if (validationResult(req).array().length) { // req.flash('errors', 'Unable to login at this time. Please try again.'); return res.redirect('/signup'); } const callback = (err: Error, user: DashUserModel /* , _info: IVerifyOptions */) => { if (err) { next(err); } else if (!user) { return res.redirect('/signup'); } else req.logIn(user, loginErr => { if (loginErr) { next(loginErr); } else tryRedirectToTarget(req, res); }); return undefined; }; setTimeout(() => passport.authenticate('local', callback)(req, res, next), 500); return undefined; }; /** * GET /logout * Invokes the logout function on the request * and destroys the user's current session. */ export const getLogout = (req: Request, res: Response) => { req.logout(err => { if (err) console.log(err); else res.redirect('/login'); }); }; export const getForgot = function (req: Request, res: Response) { res.render('forgot.pug', { title: 'Recover Password', user: req.user, }); }; export const postForgot = function (req: Request, res: Response, next: NextFunction) { const { email } = req.body; async.waterfall( [ function (done: any) { c.randomBytes(20, (err: any, buffer: Buffer) => { if (err) { done(null); } else done(null, buffer.toString('hex')); }); }, function (token: string, done: any) { User.findOne({ email }).then((user: any) => { if (!user) { // NO ACCOUNT WITH SUBMITTED EMAIL res.redirect('/forgotPassword'); return; } user.passwordResetToken = token; user.passwordResetExpires = new Date(Date.now() + 3600000); // 1 HOUR user.save().then(() => done(null, token, user)); }); }, function (token: Uint16Array, user: DashUserModel, done: any) { const smtpTransport = nodemailer.createTransport({ service: 'Gmail', auth: { user: 'browndashptc@gmail.com', pass: 'TsarNicholas#2', }, }); const mailOptions = { to: user.email, from: 'browndashptc@gmail.com', subject: 'Dash Password Reset', text: 'You are receiving this because you (or someone else) have requested the reset of the password for your account.\n\n' + 'Please click on the following link, or paste this into your browser to complete the process:\n\n' + 'http://' + req.headers.host + '/resetPassword/' + token + '\n\n' + 'If you did not request this, please ignore this email and your password will remain unchanged.\n', } as MailOptions; smtpTransport.sendMail(mailOptions, (err: Error | null) => { // req.flash('info', 'An e-mail has been sent to ' + user.email + ' with further instructions.'); done(null, err, 'done'); }); }, ], err => { if (err) return next(err); res.redirect('/forgotPassword'); return undefined; } ); }; export const getReset = function (req: Request, res: Response) { User.findOne({ passwordResetToken: req.params.token, passwordResetExpires: { $gt: Date.now() } }) .then((user: any) => { if (!user) return res.redirect('/forgotPassword'); res.render('reset.pug', { title: 'Reset Password', user: req.user, }); return undefined; }) .catch(() => res.redirect('/forgotPassword')); }; export const postReset = function (req: Request, res: Response) { async.waterfall( [ function (done: any) { User.findOne({ passwordResetToken: req.params.token, passwordResetExpires: { $gt: Date.now() } }) .then((user: any) => { if (!user) return res.redirect('back'); check('password', 'Password must be at least 4 characters long').isLength({ min: 4 }).run(req); check('confirmPassword', 'Passwords do not match').equals(req.body.password).run(req); if (validationResult(req).array().length) return res.redirect('back'); user.password = req.body.password; user.passwordResetToken = undefined; user.passwordResetExpires = undefined; user.save() .then( () => (req as any).logIn(user), (err: any) => err ) .catch(() => res.redirect('/login')); done(null, user); return undefined; }) .catch(() => res.redirect('back')); }, function (user: DashUserModel, done: any) { const smtpTransport = nodemailer.createTransport({ service: 'Gmail', auth: { user: 'browndashptc@gmail.com', pass: 'TsarNicholas#2', }, }); const mailOptions = { to: user.email, from: 'browndashptc@gmail.com', subject: 'Your password has been changed', text: 'Hello,\n\nThis is a confirmation that the password for your account ' + user.email + ' has just been changed.\n', } as MailOptions; smtpTransport.sendMail(mailOptions, err => done(null, err)); }, ], () => { res.redirect('/login'); } ); };