diff --git a/routes/user.route.js b/routes/user.route.js index f9be9f1..eea525d 100644 --- a/routes/user.route.js +++ b/routes/user.route.js @@ -9,6 +9,7 @@ const sessionLength = 25; let Session = require('../schema/session.model'); let User = require('../schema/user.model'); let Post = require('../schema/post.model'); +let Reset = require('../schema/reset.model'); /* POST - /user/create @@ -239,21 +240,150 @@ userRoutes.route('/refresh').post((req, res) => { utils.account.checkRefresh(req.body.userId, req.body.refresh, valid => { if (valid) { let s = new Session(); - s.sessionId = generateSession(); - s.userId = u._id; - s.date = new Date(); + s.sessionId = generateSession(); + s.userId = u._id; + s.date = new Date(); - s.save() - .then(() => { - res.json(s); - }) - .catch(() => { - res.status(500).send("Error logging in user"); - }); + s.save() + .then(() => { + res.json(s); + }) + .catch(() => { + res.status(500).send("Error logging in user"); + }); } else { res.status(401).send("Incorrect refresh token"); } } + ) +}); + +userRoutes.route('/check-email').post((req, res) => { + User.find({email: req.body.email}, (err, arr) => { + if (err) { + console.log(err); + } + + if (arr.length > 0) { + res.status(400).send("Email already in use"); + } else { + res.status(200).send("Email not in use"); + } + }) +}); + +userRoutes.route('/change-name').post((req, res) => { + utils.account.checkSession(req.body.userId, req.body.sessionId, valid => { + if (valid) { + User.findById(req.body.userId, (err, user) => { + if (err) { + console.log(err); + } + if (user) { + user.name = req.body.name; + user.save(); + res.status(200).send("Success changing name"); + } else { + res.status(400).send("No user found with that ID"); + } + }) + } else { + res.status(401).send("Unauthorized"); + } + }) +}); + +userRoutes.route('/change-email').post((req, res) => { + utils.account.checkSession(req.body.userId, req.body.sessionId, valid => { + if (valid) { + User.findById(req.body.userId, (err, user) => { + if (err) { + console.log(err); + } + if (user) { + user.email = req.body.email; + user.save(); + res.status(200).send("Success changing email"); + } else { + res.status(400).send("No user found with that ID"); + } + }) + } else { + res.status(401).send("Unauthorized"); + } + }) +}); + +userRoutes.route('/change-password').post((req, res) => { + utils.account.checkSession(req.body.userId, req.body.sessionId, valid => { + if (valid) { + User.findById(req.body.userId, (err, user) => { + if (err) { + console.log(err); + } + if (user) { + user.password = req.body.password; + user.save(); + res.status(200).send("Success changing password"); + } else { + res.status(400).send("No user found with that ID"); + } + }) + } else { + res.status(401).send("Unauthorized"); + } + }) +}); + +userRoutes.route('/forgot-password').post((req, res) => { + if (req.body.email) { + User.findOne({ email: req.body.email }, (err, user) => { + if (err) { + console.log(err); + } + if (user) { + let pin = generatePin(); + let r = new Reset(); + r.userId = user._id; + r.pin = pin; + r.date = new Date(); + r.save(); + utils.mail.sendMail(user, "forgotPassword", [{from: "%name%", to: user.name}, {from: "%pin%", to: pin}]); + res.status(200).send("Success sending reset email"); + } else { + res.status(400).send("No user found with that email"); + } + } + ) + } +}); + +userRoutes.route('/reset-password').post((req, res) => { + if (req.body.userId && req.body.pin) { + User.findOne({ email: req.body.email }, (err, user) => { + if (err) { + console.log(err); + } + if (user) { + Reset.findOne({ userId: user._id, pin: req.body.pin}, (err, reset) => { + if (err) { + console.log(err); + } + if (reset) { + reset.remove(); + user.password = req.body.password; + user.save(); + res.status(200).send("Success resetting password"); + } else { + res.status(400).send("Invalid pin"); + } + }) + } else { + res.status(400).send("No user found with that email"); + } + } + ) + } }); @@ -269,3 +399,14 @@ function generateSession() { } return result.join(''); } + +function generatePin() { + var length = pinLength; + var result = []; + var characters = '0123456789'; + var charactersLength = characters.length; + for (var i = 0; i < length; i++) { + result.push(characters.charAt(Math.floor(Math.random() * charactersLength))); + } + return result.join(''); +} diff --git a/schema/reset.model.js b/schema/reset.model.js new file mode 100644 index 0000000..fbcc958 --- /dev/null +++ b/schema/reset.model.js @@ -0,0 +1,19 @@ +const mongoose = require('mongoose'); +const Schema = mongoose.Schema; + +// Database schema for a password reset +let Reset = new Schema({ + userId: { + type: String + }, + PIN: { + type: Number + }, + date: { + type: Date + } +}, { + collection: 'resets' +}); + +module.exports = mongoose.model('Reset', Reset); diff --git a/templates/forgotPassword.txt b/templates/forgotPassword.txt index 90bd3ce..ca4bd1d 100644 --- a/templates/forgotPassword.txt +++ b/templates/forgotPassword.txt @@ -3,4 +3,4 @@ Hello %name%, Someone has requested a password reset for the account connected to your email. -Reset your password here: https://example.com/reset/%sessionId% \ No newline at end of file +Please use the following PIN to reset your password: %pin%. Never share this pin with anyone. \ No newline at end of file diff --git a/utils/mail.js b/utils/mail.js index 19d2999..d5164ac 100644 --- a/utils/mail.js +++ b/utils/mail.js @@ -42,7 +42,7 @@ const loadDefaultTemplates = () => { // sendMail(user, message, replacements) send an email with message to the user, making // replacements in the message -// replacements is an array of data {from, to} +// replacements is an array of data {from: "%example%", to: "replacement"} const sendMail = async (user, message, replacements) => { console.log("Sending mail...");