SimCompanies/dashboard
2
1
Fork 0
Code Issues 17 Pull Requests Releases Activity

add setpassword function
All checks were successful
SimcoDash/simcompanies-dashboard/pipeline/head This commit looks good
Details

Browse Source 
backend is #68 ready
This commit is contained in:
Oliver Boehlk
2020-05-15 23:15:49 +02:00
parent 07d601ea36
commit ab7b2d907d
1 changed files with 37 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

54
backend/index.js
View File

@@ -168,23 +168,23 @@ app.post("/API/user/login", passport.authenticate('local-login'), function (req,
app.delete("/API/user/logout", function (req, res) { app.delete("/API/user/logout", function (req, res) {
req.logout(); req.logout();
return res.status(status.OK).send("logout success"); return res.status(status.OK).send("logout success");
}); }); !!
app.put("/API/user/create", function (req, res) { app.put("/API/user/create", function (req, res) {
let { email, password } = req.body; let { email, password } = req.body;
if (email && password) { if (email && password) {
email = mysql.escape(email); email = mysql.escape(email);
password = mysql.escape(bcrypt.hashSync(password, saltRounds)); password = mysql.escape(bcrypt.hashSync(password, saltRounds));
if (DEBUG) return res.status(status.OK).send(); if (DEBUG) return res.status(status.OK).send();
connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) { connection.query(`INSERT INTO user (deactivated, email, password) values (1, ${email}, ${password})`, function (err, rows) {
if (err) if (err)
return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin"); return res.status(status.INTERNAL_SERVER_ERROR).send("the user seems to exist already - if you think this is an error contact the sys admin");
return res.status(status.OK).send("account successfully created"); return res.status(status.OK).send("account successfully created");
}); });
} else { } else {
return res.status(status.BAD_REQUEST).send("invalid data supplied"); return res.status(status.BAD_REQUEST).send("invalid data supplied");
} }
}); });
app.all("*", function (req, res, next) { app.all("*", function (req, res, next) {
if (req.isAuthenticated()) { if (req.isAuthenticated()) {
@@ -293,7 +293,7 @@ app.get('/API/resourcelist', function (req, res) {
return res.send(resourceList); return res.send(resourceList);
}); });
app.post("/API/user/setname", function (req, res) { app.post("/API/user/setname", async function (req, res) {
let { email, password } = req.body; let { email, password } = req.body;
if (email && password) { if (email && password) {
if (DEBUG) return res.status(status.OK).send(); if (DEBUG) return res.status(status.OK).send();
@@ -314,4 +314,24 @@ app.post("/API/user/setname", function (req, res) {
} }
}); });
app.post("/API/user/setpassword", async function (req, res) {
let { oldpassword, newpassword } = req.body;
if (oldpassword && newpassword) {
if (DEBUG) return res.status(status.OK).send();
try {
if (!await validatePassword(req.user.email, oldpassword))
return res.status(status.UNAUTHORIZED).send("wrong password supplied");
} catch (e) {
return res.status(status.INTERNAL_SERVER_ERROR).send(e);
}
connection.query(`UPDATE user SET password = ${mysql.escape(bcrypt.hashSync(newpassword, saltRounds))} WHERE email = ${mysql.escape(req.user.email)}`, function (err, rows) {
if (err)
return res.status(status.INTERNAL_SERVER_ERROR).send("the username seems invalid or already taken - if you think this is an error contact the sys admin");
return res.status(status.OK).send("username changed");
});
} else {
return res.status(status.BAD_REQUEST).send("invalid data supplied");
}
});
app.listen(3001); app.listen(3001);