From: Luigi Pinca Date: Tue, 26 Jun 2012 14:29:03 +0000 (+0200) Subject: added ability for registered users to change their own password X-Git-Url: https://git.saalbach.dev/?a=commitdiff_plain;h=659ab171a36152698249c29b94483c796179a0d8;p=binbsis50.git added ability for registered users to change their own password --- diff --git a/app.js b/app.js index c47b4ef..e092453 100644 --- a/app.js +++ b/app.js @@ -18,11 +18,11 @@ var songsdb = redisurl.createClient(config.songsdburl); var usersdb = redisurl.createClient(config.usersdburl); songsdb.on('error', function(err) { - console.log(err.toString()); + console.log(err.message); }); usersdb.on('error', function(err) { - console.log(err.toString()); + console.log(err.message); }); /** @@ -56,11 +56,13 @@ app.dynamicHelpers({ // Routes site.use({db:songsdb,rooms:config.rooms}); -user.use({db:usersdb}); +user.use({db:usersdb,rooms:config.rooms}); app.get('/', site.index); app.get('/artworks', site.artworks); -app.get('/leaderboard', user.leaderboard); +app.get('/changepasswd', site.changePasswd); +app.post('/changepasswd', user.validateChangePasswd, user.checkOldPasswd, user.changePasswd); +app.get('/leaderboards', user.leaderboards); app.get('/login', site.login); app.post('/login', user.validateLogin, user.checkUser, user.authenticate); app.get('/logout', user.logout); @@ -99,7 +101,7 @@ io.set('authorization', function(data, accept) { var cookie = parseCookie(data.headers.cookie); sessionstore.get(cookie['connect.sid'], function(err, session) { if (err) { - return accept(err.toString(), false); + return accept(err.message, false); } else if (!session) { return accept('session not found', false); diff --git a/package.json b/package.json index 104b50b..e9ac03f 100644 --- a/package.json +++ b/package.json @@ -3,8 +3,8 @@ "dependencies": { "async": "0.1.x", "canvas": "0.12.x", - "connect": "1.8.x", - "connect-redis": "1.3.x", + "connect": "1.9.x", + "connect-redis": "1.4.x", "express": "2.5.x", "jade": "0.26.x", "redis-url": "0.1.x", @@ -17,5 +17,5 @@ "engines": { "node": "0.6.x" }, - "version": "0.3.1-4" + "version": "0.3.1-7" } \ No newline at end of file diff --git a/public/static/css/style.css b/public/static/css/style.css index e5af1c9..aec9cb9 100644 --- a/public/static/css/style.css +++ b/public/static/css/style.css @@ -36,10 +36,6 @@ section { font-size: 34px; color: #0088CC; } -.navbar .navbar-text { - line-height:19px; - padding: 9px 10px 11px; -} .form-horizontal .control-group { margin-bottom: 10px; } @@ -59,7 +55,7 @@ form .clearfix { .alert { margin-bottom: 9px; } -#signup-button { +.submit-button { margin-left: 120px; margin-top: 9px; } diff --git a/routes/site.js b/routes/site.js index b806d21..5f8b8d8 100644 --- a/routes/site.js +++ b/routes/site.js @@ -28,13 +28,6 @@ exports.use = function(options) { rooms = options.rooms; }; -exports.index = function(req, res) { - if (req.session.user) { - res.local('loggedin', req.session.user); - } - res.render('index', {rooms:rooms}); -}; - /** * Extract at random in each room, some album covers and return the result as a JSON. */ @@ -55,25 +48,32 @@ exports.artworks = function(req, res) { }); }; -exports.login = function(req, res) { - res.render('login'); +exports.changePasswd = function(req, res) { + if (!req.session.user) { + return res.redirect('/login?followup=/changepasswd'); + } + res.render('changepasswd', {followup:req.query['followup'],loggedin:req.session.user}); }; -exports.signup = function(req, res) { - var captcha = new Captcha(); - req.session.captchacode = captcha.getCode(); - res.render('signup', {captchaurl:captcha.toDataURL()}); +exports.index = function(req, res) { + res.render('index', {loggedin:req.session.user,rooms:rooms}); }; +exports.login = function(req, res) { + res.render('login', {followup:req.query['followup']}); +}; exports.room = function(req, res) { if (rooms.indexOf(req.params.room) !== -1) { - if (req.session.user) { - res.local('loggedin', req.session.user); - } - res.render('room', {roomname:req.params.room,rooms:rooms}); + res.render('room', {loggedin:req.session.user,roomname:req.params.room,rooms:rooms}); } else { res.send(404); } }; + +exports.signup = function(req, res) { + var captcha = new Captcha(); + req.session.captchacode = captcha.getCode(); + res.render('signup', {captchaurl:captcha.toDataURL(),followup:req.query['followup']}); +}; diff --git a/routes/user.js b/routes/user.js index e1ca586..e26cfc6 100644 --- a/routes/user.js +++ b/routes/user.js @@ -4,6 +4,7 @@ var crypto = require('crypto') , db + , followupurls = [] , User = require('../lib/user'); /** @@ -18,6 +19,17 @@ String.prototype.isEmail = function() { return this.match(/^(?:[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+\.)*[\w\!\#\$\%\&\'\*\+\-\/\=\?\^\`\{\|\}\~]+@(?:(?:(?:[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!\.)){0,61}[a-zA-Z0-9]?\.)+[a-zA-Z0-9](?:[a-zA-Z0-9\-](?!$)){0,61}[a-zA-Z0-9]?)|(?:\[(?:(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\.){3}(?:[01]?\d{1,2}|2[0-4]\d|25[0-5])\]))$/); }; +/** + * Check if a URL is in the whitelist of follow-up URLs. + */ + +var safeFollowup = function(url) { + if (followupurls.indexOf(url) !== -1) { + return true; + } + return false; +}; + /** * Parameters to get users ordered by best guess time. */ @@ -36,11 +48,11 @@ var sortparams = [ ]; /** - * Leaderboard helper function. + * Helper function used to build leaderboards. * Rearrange database results in an object. */ -var buildLeaderboard = function(pointsresults, timesresults) { +var buildLeaderboards = function(pointsresults, timesresults) { var obj = { pointsleaderboard: [], timesleaderboard: [] @@ -64,17 +76,83 @@ var buildLeaderboard = function(pointsresults, timesresults) { exports.use = function(options) { db = options.db; + rooms = options.rooms; + // Populate the whitelist of follow-up URLs + followupurls.push('/'); + followupurls.push('/changepasswd'); + for (var i=0; i