SimCompanies/dashboard
2
1
Fork 0
Code Issues 17 Pull Requests Releases Activity

add API endpoints for changing username and password #70

Merged
falk merged 6 commits from change-username-password-api-endpoint into master 2020-05-15 21:30:00 +00:00
Conversation 2 Commits 6 Files Changed 1 +73 -16
1 changed files with 73 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

85
backend/index.js
View File

@@ -91,11 +91,28 @@ app.all("/*", function (req, res, next) {
} else return next(); } else return next();
}); });
const validatePassword = (email, password) => {
return new Promise(function (resolve, reject) {
connection.query(`SELECT * from user WHERE email = ${mysql.escape(email)} AND deactivated = 0`, function (err, rows) {
if (err) {
return reject("error querying the database - Please contact sys admin");
}
if (!rows.length) {
return resolve(false);
}
if (!bcrypt.compareSync(password, rows[0].password)) {
return resolve(false);
}
return resolve(rows[0]);
});
});
}
passport.use('local-login', new LocalStrategy({ passport.use('local-login', new LocalStrategy({
usernameField: "email", usernameField: "email",
passwordField: "password", passwordField: "password",
passReqToCallback: true passReqToCallback: true
}, function (req, email, password, done) { }, async function (req, email, password, done) {
if (DEBUG) { if (DEBUG) {
if (email === "test" && password === "test") { if (email === "test" && password === "test") {
return done(null, { return done(null, {
@@ -107,19 +124,18 @@ passport.use('local-login', new LocalStrategy({
}); });
} else return done(null, false); } else return done(null, false);
} }
email = mysql.escape(email); try {
connection.query(`SELECT * from user WHERE email = ${email} AND deactivated = 0`, function (err, rows) { let user = await validatePassword(email, password);
if (err) { if (user) {
return res.status(static.INTERNAL_SERVER_ERROR).send("error querying the database - Please contact sys admin"); return done(null, user);
} }
if (!rows.length) { else {
return done(null, false); return done(null, false);
} }
if (!bcrypt.compareSync(password, rows[0].password)) { } catch (e) {
console.log(e);
return done(null, false); return done(null, false);
} }
return done(null, rows[0]);
})
} }
)); ));
@@ -149,11 +165,6 @@ app.post("/API/user/login", passport.authenticate('local-login'), function (req,
return res.status(status.OK).send("login success"); return res.status(status.OK).send("login success");
}); });
app.delete("/API/user/logout", function (req, res) {
req.logout();
return res.status(status.OK).send("logout success");
});
app.put("/API/user/create", function (req, res) { app.put("/API/user/create", function (req, res) {
let { email, password } = req.body; let { email, password } = req.body;
if (email && password) { if (email && password) {
@@ -183,6 +194,11 @@ app.get("/API/testlogin", function (req, res) {
return res.status(status.OK).send(req.user["email"]); return res.status(status.OK).send(req.user["email"]);
}); });
app.delete("/API/user/logout", function (req, res) {
req.logout();
return res.status(status.OK).send("logout success");
});
app.get('/API/day', function (req, res) { app.get('/API/day', function (req, res) {
const kind = parseInt(req.query.kind); const kind = parseInt(req.query.kind);
if (Number.isInteger(kind)) { if (Number.isInteger(kind)) {
@@ -277,4 +293,45 @@ app.get('/API/resourcelist', function (req, res) {
return res.send(resourceList); return res.send(resourceList);
}); });
app.post("/API/user/setname", async function (req, res) {
let { email, password } = req.body;
if (email && password) {
if (DEBUG) return res.status(status.OK).send();
try {
if (!await validatePassword(req.user.email, password))
return res.status(status.UNAUTHORIZED).send("wrong password supplied");
} catch (e) {
return res.status(status.INTERNAL_SERVER_ERROR).send(e);
}
connection.query(`UPDATE user SET email = ${mysql.escape(email)} WHERE email = ${mysql.escape(req.user.email)}`, function (err, rows) {
if (err)
return res.status(status.INTERNAL_SERVER_ERROR).send("the username seems invalid or already taken - if you think this is an error contact the sys admin");
req.user.email = email;
return res.status(status.OK).send("username changed");
});
} else {
return res.status(status.BAD_REQUEST).send("invalid data supplied");
}
});
app.post("/API/user/setpassword", async function (req, res) {
let { oldpassword, newpassword } = req.body;
if (oldpassword && newpassword) {
if (DEBUG) return res.status(status.OK).send();
try {
if (!await validatePassword(req.user.email, oldpassword))
return res.status(status.UNAUTHORIZED).send("wrong password supplied");
} catch (e) {
return res.status(status.INTERNAL_SERVER_ERROR).send(e);
}
connection.query(`UPDATE user SET password = ${mysql.escape(bcrypt.hashSync(newpassword, saltRounds))} WHERE email = ${mysql.escape(req.user.email)}`, function (err, rows) {
if (err)
return res.status(status.INTERNAL_SERVER_ERROR).send("the username seems invalid or already taken - if you think this is an error contact the sys admin");
return res.status(status.OK).send("username changed");
});
} else {
return res.status(status.BAD_REQUEST).send("invalid data supplied");
}
});
app.listen(3001); app.listen(3001);