Finished password reset, added email check & profile editing
This commit is contained in:
Johnathon Slightham
@@ -9,6 +9,7 @@ const sessionLength = 25;
|
||||
let Session = require('../schema/session.model');
|
||||
let User = require('../schema/user.model');
|
||||
let Post = require('../schema/post.model');
|
||||
let Reset = require('../schema/reset.model');
|
||||
|
||||
/*
|
||||
POST - /user/create
|
||||
@@ -254,6 +255,135 @@ userRoutes.route('/refresh').post((req, res) => {
|
||||
res.status(401).send("Incorrect refresh token");
|
||||
}
|
||||
}
|
||||
)
|
||||
});
|
||||
|
||||
userRoutes.route('/check-email').post((req, res) => {
|
||||
User.find({email: req.body.email}, (err, arr) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
|
||||
if (arr.length > 0) {
|
||||
res.status(400).send("Email already in use");
|
||||
} else {
|
||||
res.status(200).send("Email not in use");
|
||||
}
|
||||
})
|
||||
});
|
||||
|
||||
userRoutes.route('/change-name').post((req, res) => {
|
||||
utils.account.checkSession(req.body.userId, req.body.sessionId, valid => {
|
||||
if (valid) {
|
||||
User.findById(req.body.userId, (err, user) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
if (user) {
|
||||
user.name = req.body.name;
|
||||
user.save();
|
||||
res.status(200).send("Success changing name");
|
||||
} else {
|
||||
res.status(400).send("No user found with that ID");
|
||||
}
|
||||
})
|
||||
} else {
|
||||
res.status(401).send("Unauthorized");
|
||||
}
|
||||
})
|
||||
});
|
||||
|
||||
userRoutes.route('/change-email').post((req, res) => {
|
||||
utils.account.checkSession(req.body.userId, req.body.sessionId, valid => {
|
||||
if (valid) {
|
||||
User.findById(req.body.userId, (err, user) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
if (user) {
|
||||
user.email = req.body.email;
|
||||
user.save();
|
||||
res.status(200).send("Success changing email");
|
||||
} else {
|
||||
res.status(400).send("No user found with that ID");
|
||||
}
|
||||
})
|
||||
} else {
|
||||
res.status(401).send("Unauthorized");
|
||||
}
|
||||
})
|
||||
});
|
||||
|
||||
userRoutes.route('/change-password').post((req, res) => {
|
||||
utils.account.checkSession(req.body.userId, req.body.sessionId, valid => {
|
||||
if (valid) {
|
||||
User.findById(req.body.userId, (err, user) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
if (user) {
|
||||
user.password = req.body.password;
|
||||
user.save();
|
||||
res.status(200).send("Success changing password");
|
||||
} else {
|
||||
res.status(400).send("No user found with that ID");
|
||||
}
|
||||
})
|
||||
} else {
|
||||
res.status(401).send("Unauthorized");
|
||||
}
|
||||
})
|
||||
});
|
||||
|
||||
userRoutes.route('/forgot-password').post((req, res) => {
|
||||
if (req.body.email) {
|
||||
User.findOne({ email: req.body.email }, (err, user) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
if (user) {
|
||||
let pin = generatePin();
|
||||
let r = new Reset();
|
||||
r.userId = user._id;
|
||||
r.pin = pin;
|
||||
r.date = new Date();
|
||||
r.save();
|
||||
utils.mail.sendMail(user, "forgotPassword", [{from: "%name%", to: user.name}, {from: "%pin%", to: pin}]);
|
||||
res.status(200).send("Success sending reset email");
|
||||
} else {
|
||||
res.status(400).send("No user found with that email");
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
});
|
||||
|
||||
userRoutes.route('/reset-password').post((req, res) => {
|
||||
if (req.body.userId && req.body.pin) {
|
||||
User.findOne({ email: req.body.email }, (err, user) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
if (user) {
|
||||
Reset.findOne({ userId: user._id, pin: req.body.pin}, (err, reset) => {
|
||||
if (err) {
|
||||
console.log(err);
|
||||
}
|
||||
if (reset) {
|
||||
reset.remove();
|
||||
user.password = req.body.password;
|
||||
user.save();
|
||||
res.status(200).send("Success resetting password");
|
||||
} else {
|
||||
res.status(400).send("Invalid pin");
|
||||
}
|
||||
})
|
||||
} else {
|
||||
res.status(400).send("No user found with that email");
|
||||
}
|
||||
}
|
||||
)
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -269,3 +399,14 @@ function generateSession() {
|
||||
}
|
||||
return result.join('');
|
||||
}
|
||||
|
||||
function generatePin() {
|
||||
var length = pinLength;
|
||||
var result = [];
|
||||
var characters = '0123456789';
|
||||
var charactersLength = characters.length;
|
||||
for (var i = 0; i < length; i++) {
|
||||
result.push(characters.charAt(Math.floor(Math.random() * charactersLength)));
|
||||
}
|
||||
return result.join('');
|
||||
}
|
||||
|
||||
19
schema/reset.model.js
Normal file
19
schema/reset.model.js
Normal file
@@ -0,0 +1,19 @@
|
||||
const mongoose = require('mongoose');
|
||||
const Schema = mongoose.Schema;
|
||||
|
||||
// Database schema for a password reset
|
||||
let Reset = new Schema({
|
||||
userId: {
|
||||
type: String
|
||||
},
|
||||
PIN: {
|
||||
type: Number
|
||||
},
|
||||
date: {
|
||||
type: Date
|
||||
}
|
||||
}, {
|
||||
collection: 'resets'
|
||||
});
|
||||
|
||||
module.exports = mongoose.model('Reset', Reset);
|
||||
@@ -3,4 +3,4 @@ Hello %name%,
|
||||
|
||||
Someone has requested a password reset for the account connected to your email.
|
||||
|
||||
Reset your password here: https://example.com/reset/%sessionId%
|
||||
Please use the following PIN to reset your password: %pin%. Never share this pin with anyone.
|
||||
@@ -42,7 +42,7 @@ const loadDefaultTemplates = () => {
|
||||
|
||||
// sendMail(user, message, replacements) send an email with message to the user, making
|
||||
// replacements in the message
|
||||
// replacements is an array of data {from, to}
|
||||
// replacements is an array of data {from: "%example%", to: "replacement"}
|
||||
const sendMail = async (user, message, replacements) => {
|
||||
console.log("Sending mail...");
|
||||
|
||||
|
||||
Reference in New Issue
Block a user