2014-06-06 19:43:49 +00:00
|
|
|
var _ = require('lodash');
|
2014-03-07 19:08:56 +00:00
|
|
|
var async = require('async');
|
|
|
|
|
var crypto = require('crypto');
|
|
|
|
|
var nodemailer = require('nodemailer');
|
|
|
|
|
var passport = require('passport');
|
2013-11-18 23:21:42 +00:00
|
|
|
var User = require('../models/User');
|
2014-03-07 19:08:56 +00:00
|
|
|
var secrets = require('../config/secrets');
|
2013-11-14 07:29:55 +00:00
|
|
|
|
2014-01-07 22:45:42 +00:00
|
|
|
/**
|
|
|
|
|
* GET /login
|
|
|
|
|
* Login page.
|
|
|
|
|
*/
|
2014-01-13 09:34:54 +00:00
|
|
|
|
2014-01-07 22:45:42 +00:00
|
|
|
exports.getLogin = function(req, res) {
|
|
|
|
|
if (req.user) return res.redirect('/');
|
|
|
|
|
res.render('account/login', {
|
2014-01-28 22:41:13 +00:00
|
|
|
title: 'Login'
|
2013-11-19 18:20:50 +00:00
|
|
|
});
|
2013-11-14 07:29:55 +00:00
|
|
|
};
|
|
|
|
|
|
2014-01-07 22:45:42 +00:00
|
|
|
/**
|
|
|
|
|
* POST /login
|
|
|
|
|
* Sign in using email and password.
|
2014-02-07 15:21:18 +00:00
|
|
|
* @param email
|
|
|
|
|
* @param password
|
2014-01-07 22:45:42 +00:00
|
|
|
*/
|
2014-01-13 09:34:54 +00:00
|
|
|
|
2014-01-07 22:45:42 +00:00
|
|
|
exports.postLogin = function(req, res, next) {
|
2014-01-24 03:47:21 +00:00
|
|
|
req.assert('email', 'Email is not valid').isEmail();
|
|
|
|
|
req.assert('password', 'Password cannot be blank').notEmpty();
|
|
|
|
|
|
|
|
|
|
var errors = req.validationErrors();
|
|
|
|
|
|
|
|
|
|
if (errors) {
|
|
|
|
|
req.flash('errors', errors);
|
|
|
|
|
return res.redirect('/login');
|
|
|
|
|
}
|
|
|
|
|
|
2014-01-07 22:45:42 +00:00
|
|
|
passport.authenticate('local', function(err, user, info) {
|
|
|
|
|
if (err) return next(err);
|
|
|
|
|
if (!user) {
|
2014-01-24 03:47:21 +00:00
|
|
|
req.flash('errors', { msg: info.message });
|
2014-01-07 22:45:42 +00:00
|
|
|
return res.redirect('/login');
|
|
|
|
|
}
|
|
|
|
|
req.logIn(user, function(err) {
|
|
|
|
|
if (err) return next(err);
|
2014-02-10 16:04:36 +00:00
|
|
|
req.flash('success', { msg: 'Success! You are logged in.' });
|
2014-03-08 20:01:32 +00:00
|
|
|
res.redirect(req.session.returnTo || '/');
|
2014-01-07 22:45:42 +00:00
|
|
|
});
|
|
|
|
|
})(req, res, next);
|
|
|
|
|
};
|
|
|
|
|
|
2014-02-07 15:21:18 +00:00
|
|
|
/**
|
|
|
|
|
* GET /logout
|
|
|
|
|
* Log out.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.logout = function(req, res) {
|
|
|
|
|
req.logout();
|
|
|
|
|
res.redirect('/');
|
|
|
|
|
};
|
|
|
|
|
|
2014-01-28 22:41:13 +00:00
|
|
|
/**
|
|
|
|
|
* GET /signup
|
|
|
|
|
* Signup page.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.getSignup = function(req, res) {
|
|
|
|
|
if (req.user) return res.redirect('/');
|
|
|
|
|
res.render('account/signup', {
|
|
|
|
|
title: 'Create Account'
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2014-01-07 22:45:42 +00:00
|
|
|
/**
|
|
|
|
|
* POST /signup
|
|
|
|
|
* Create a new local account.
|
2014-02-07 15:21:18 +00:00
|
|
|
* @param email
|
|
|
|
|
* @param password
|
2014-01-07 22:45:42 +00:00
|
|
|
*/
|
|
|
|
|
|
2014-01-13 09:34:54 +00:00
|
|
|
exports.postSignup = function(req, res, next) {
|
2014-01-24 03:39:59 +00:00
|
|
|
req.assert('email', 'Email is not valid').isEmail();
|
|
|
|
|
req.assert('password', 'Password must be at least 4 characters long').len(4);
|
|
|
|
|
req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
|
2014-01-07 22:45:42 +00:00
|
|
|
|
2014-01-24 03:39:59 +00:00
|
|
|
var errors = req.validationErrors();
|
2014-01-07 22:45:42 +00:00
|
|
|
|
2014-01-24 03:39:59 +00:00
|
|
|
if (errors) {
|
|
|
|
|
req.flash('errors', errors);
|
2014-01-07 22:45:42 +00:00
|
|
|
return res.redirect('/signup');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
var user = new User({
|
2014-01-18 06:56:55 +00:00
|
|
|
email: req.body.email,
|
2014-01-07 22:45:42 +00:00
|
|
|
password: req.body.password
|
|
|
|
|
});
|
|
|
|
|
|
2014-04-25 18:29:54 +00:00
|
|
|
User.findOne({ email: req.body.email }, function(err, existingUser) {
|
|
|
|
|
if (existingUser) {
|
|
|
|
|
req.flash('errors', { msg: 'Account with that email address already exists.' });
|
2014-01-07 22:45:42 +00:00
|
|
|
return res.redirect('/signup');
|
|
|
|
|
}
|
2014-04-25 18:29:54 +00:00
|
|
|
user.save(function(err) {
|
2014-01-07 22:45:42 +00:00
|
|
|
if (err) return next(err);
|
2014-04-25 18:29:54 +00:00
|
|
|
req.logIn(user, function(err) {
|
|
|
|
|
if (err) return next(err);
|
|
|
|
|
res.redirect('/');
|
|
|
|
|
});
|
2014-01-07 22:45:42 +00:00
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2014-01-28 22:41:13 +00:00
|
|
|
/**
|
|
|
|
|
* GET /account
|
|
|
|
|
* Profile page.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.getAccount = function(req, res) {
|
|
|
|
|
res.render('account/profile', {
|
|
|
|
|
title: 'Account Management'
|
|
|
|
|
});
|
|
|
|
|
};
|
2014-01-07 22:45:42 +00:00
|
|
|
|
2014-11-04 22:57:00 +00:00
|
|
|
/**
|
|
|
|
|
* POST /update-progress
|
|
|
|
|
* Update profile information.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.updateProgress = function(req, res) {
|
|
|
|
|
User.findById(req.user.id, function(err, user) {
|
|
|
|
|
if (err) return next(err);
|
|
|
|
|
user.email = req.body.email || '';
|
|
|
|
|
user.profile.name = req.body.name || '';
|
|
|
|
|
user.profile.gender = req.body.gender || '';
|
|
|
|
|
user.profile.location = req.body.location || '';
|
|
|
|
|
user.profile.website = req.body.website || '';
|
|
|
|
|
|
|
|
|
|
user.save(function(err) {
|
|
|
|
|
if (err) return next(err);
|
|
|
|
|
req.flash('success', { msg: 'Profile information updated.' });
|
|
|
|
|
res.redirect('/account');
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
2013-12-15 19:02:41 +00:00
|
|
|
/**
|
2014-01-07 19:13:35 +00:00
|
|
|
* POST /account/profile
|
|
|
|
|
* Update profile information.
|
2013-12-15 19:02:41 +00:00
|
|
|
*/
|
2014-01-28 22:41:13 +00:00
|
|
|
|
2014-01-07 19:13:35 +00:00
|
|
|
exports.postUpdateProfile = function(req, res, next) {
|
2013-12-06 04:53:14 +00:00
|
|
|
User.findById(req.user.id, function(err, user) {
|
2013-12-20 01:17:15 +00:00
|
|
|
if (err) return next(err);
|
2014-01-30 22:29:06 +00:00
|
|
|
user.email = req.body.email || '';
|
2013-12-06 04:53:14 +00:00
|
|
|
user.profile.name = req.body.name || '';
|
2013-12-06 05:25:49 +00:00
|
|
|
user.profile.gender = req.body.gender || '';
|
2013-12-06 04:53:14 +00:00
|
|
|
user.profile.location = req.body.location || '';
|
|
|
|
|
user.profile.website = req.body.website || '';
|
|
|
|
|
|
|
|
|
|
user.save(function(err) {
|
2013-12-20 01:17:15 +00:00
|
|
|
if (err) return next(err);
|
2014-01-28 22:41:13 +00:00
|
|
|
req.flash('success', { msg: 'Profile information updated.' });
|
2013-12-06 04:53:14 +00:00
|
|
|
res.redirect('/account');
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2013-12-15 19:02:41 +00:00
|
|
|
/**
|
2014-01-07 19:13:35 +00:00
|
|
|
* POST /account/password
|
|
|
|
|
* Update current password.
|
2014-02-07 15:21:18 +00:00
|
|
|
* @param password
|
2013-12-15 19:02:41 +00:00
|
|
|
*/
|
2013-12-15 19:11:57 +00:00
|
|
|
|
2014-01-13 09:34:54 +00:00
|
|
|
exports.postUpdatePassword = function(req, res, next) {
|
2014-02-01 08:39:11 +00:00
|
|
|
req.assert('password', 'Password must be at least 4 characters long').len(4);
|
|
|
|
|
req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
|
2013-12-15 19:11:57 +00:00
|
|
|
|
2014-02-01 08:39:11 +00:00
|
|
|
var errors = req.validationErrors();
|
|
|
|
|
|
|
|
|
|
if (errors) {
|
|
|
|
|
req.flash('errors', errors);
|
2013-12-13 02:47:34 +00:00
|
|
|
return res.redirect('/account');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
User.findById(req.user.id, function(err, user) {
|
2013-12-20 19:12:29 +00:00
|
|
|
if (err) return next(err);
|
2014-01-07 23:15:14 +00:00
|
|
|
|
2013-12-13 02:47:34 +00:00
|
|
|
user.password = req.body.password;
|
2014-01-07 23:15:14 +00:00
|
|
|
|
2013-12-13 02:47:34 +00:00
|
|
|
user.save(function(err) {
|
2013-12-20 19:12:29 +00:00
|
|
|
if (err) return next(err);
|
2014-01-28 22:41:13 +00:00
|
|
|
req.flash('success', { msg: 'Password has been changed.' });
|
2013-12-13 02:47:34 +00:00
|
|
|
res.redirect('/account');
|
|
|
|
|
});
|
|
|
|
|
});
|
2013-12-06 04:53:14 +00:00
|
|
|
};
|
|
|
|
|
|
2013-12-15 19:02:41 +00:00
|
|
|
/**
|
|
|
|
|
* POST /account/delete
|
2014-01-07 19:13:35 +00:00
|
|
|
* Delete user account.
|
2013-12-15 19:02:41 +00:00
|
|
|
*/
|
2014-01-13 09:34:54 +00:00
|
|
|
|
2013-12-20 01:17:15 +00:00
|
|
|
exports.postDeleteAccount = function(req, res, next) {
|
2013-12-12 17:41:29 +00:00
|
|
|
User.remove({ _id: req.user.id }, function(err) {
|
2013-12-20 01:17:15 +00:00
|
|
|
if (err) return next(err);
|
2013-12-12 17:41:29 +00:00
|
|
|
req.logout();
|
2014-06-06 19:30:07 +00:00
|
|
|
req.flash('info', { msg: 'Your account has been deleted.' });
|
2013-12-12 17:41:29 +00:00
|
|
|
res.redirect('/');
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
2013-12-12 19:05:35 +00:00
|
|
|
/**
|
2013-12-13 05:49:46 +00:00
|
|
|
* GET /account/unlink/:provider
|
2014-06-06 19:35:16 +00:00
|
|
|
* Unlink OAuth provider.
|
2014-02-07 15:21:18 +00:00
|
|
|
* @param provider
|
2013-12-12 19:05:35 +00:00
|
|
|
*/
|
2014-01-13 09:34:54 +00:00
|
|
|
|
2013-12-20 01:17:15 +00:00
|
|
|
exports.getOauthUnlink = function(req, res, next) {
|
2013-12-13 05:49:46 +00:00
|
|
|
var provider = req.params.provider;
|
2013-12-13 05:27:51 +00:00
|
|
|
User.findById(req.user.id, function(err, user) {
|
2013-12-20 01:17:15 +00:00
|
|
|
if (err) return next(err);
|
2013-12-20 06:59:05 +00:00
|
|
|
|
2013-12-13 06:12:59 +00:00
|
|
|
user[provider] = undefined;
|
2014-01-07 19:35:23 +00:00
|
|
|
user.tokens = _.reject(user.tokens, function(token) { return token.kind === provider; });
|
2013-12-20 06:59:05 +00:00
|
|
|
|
2013-12-13 05:27:51 +00:00
|
|
|
user.save(function(err) {
|
2013-12-20 01:17:15 +00:00
|
|
|
if (err) return next(err);
|
2014-02-01 05:04:54 +00:00
|
|
|
req.flash('info', { msg: provider + ' account has been unlinked.' });
|
2014-01-07 22:45:42 +00:00
|
|
|
res.redirect('/account');
|
2013-12-13 05:27:51 +00:00
|
|
|
});
|
|
|
|
|
});
|
2013-11-14 07:29:55 +00:00
|
|
|
};
|
2014-03-07 19:08:56 +00:00
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* GET /reset/:token
|
|
|
|
|
* Reset Password page.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.getReset = function(req, res) {
|
|
|
|
|
if (req.isAuthenticated()) {
|
|
|
|
|
return res.redirect('/');
|
|
|
|
|
}
|
|
|
|
|
User
|
|
|
|
|
.findOne({ resetPasswordToken: req.params.token })
|
|
|
|
|
.where('resetPasswordExpires').gt(Date.now())
|
|
|
|
|
.exec(function(err, user) {
|
|
|
|
|
if (!user) {
|
|
|
|
|
req.flash('errors', { msg: 'Password reset token is invalid or has expired.' });
|
|
|
|
|
return res.redirect('/forgot');
|
|
|
|
|
}
|
|
|
|
|
res.render('account/reset', {
|
|
|
|
|
title: 'Password Reset'
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* POST /reset/:token
|
|
|
|
|
* Process the reset password request.
|
2014-06-06 19:35:16 +00:00
|
|
|
* @param token
|
2014-03-07 19:08:56 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.postReset = function(req, res, next) {
|
|
|
|
|
req.assert('password', 'Password must be at least 4 characters long.').len(4);
|
|
|
|
|
req.assert('confirm', 'Passwords must match.').equals(req.body.password);
|
|
|
|
|
|
|
|
|
|
var errors = req.validationErrors();
|
|
|
|
|
|
|
|
|
|
if (errors) {
|
|
|
|
|
req.flash('errors', errors);
|
|
|
|
|
return res.redirect('back');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function(done) {
|
|
|
|
|
User
|
|
|
|
|
.findOne({ resetPasswordToken: req.params.token })
|
|
|
|
|
.where('resetPasswordExpires').gt(Date.now())
|
|
|
|
|
.exec(function(err, user) {
|
|
|
|
|
if (!user) {
|
|
|
|
|
req.flash('errors', { msg: 'Password reset token is invalid or has expired.' });
|
|
|
|
|
return res.redirect('back');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user.password = req.body.password;
|
|
|
|
|
user.resetPasswordToken = undefined;
|
|
|
|
|
user.resetPasswordExpires = undefined;
|
|
|
|
|
|
|
|
|
|
user.save(function(err) {
|
|
|
|
|
if (err) return next(err);
|
|
|
|
|
req.logIn(user, function(err) {
|
|
|
|
|
done(err, user);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
function(user, done) {
|
2014-07-15 21:21:09 +00:00
|
|
|
var transporter = nodemailer.createTransport({
|
2014-10-12 08:51:55 +00:00
|
|
|
service: 'Mandrill',
|
2014-03-07 19:08:56 +00:00
|
|
|
auth: {
|
2014-10-12 08:51:55 +00:00
|
|
|
user: secrets.mandrill.user,
|
|
|
|
|
pass: secrets.mandrill.password
|
2014-03-07 19:08:56 +00:00
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
var mailOptions = {
|
|
|
|
|
to: user.email,
|
|
|
|
|
from: 'hackathon@starter.com',
|
|
|
|
|
subject: 'Your Hackathon Starter password has been changed',
|
|
|
|
|
text: 'Hello,\n\n' +
|
|
|
|
|
'This is a confirmation that the password for your account ' + user.email + ' has just been changed.\n'
|
|
|
|
|
};
|
2014-07-15 21:21:09 +00:00
|
|
|
transporter.sendMail(mailOptions, function(err) {
|
2014-03-07 19:08:56 +00:00
|
|
|
req.flash('success', { msg: 'Success! Your password has been changed.' });
|
|
|
|
|
done(err);
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
], function(err) {
|
|
|
|
|
if (err) return next(err);
|
|
|
|
|
res.redirect('/');
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* GET /forgot
|
|
|
|
|
* Forgot Password page.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.getForgot = function(req, res) {
|
|
|
|
|
if (req.isAuthenticated()) {
|
|
|
|
|
return res.redirect('/');
|
|
|
|
|
}
|
|
|
|
|
res.render('account/forgot', {
|
|
|
|
|
title: 'Forgot Password'
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* POST /forgot
|
|
|
|
|
* Create a random token, then the send user an email with a reset link.
|
|
|
|
|
* @param email
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
exports.postForgot = function(req, res, next) {
|
|
|
|
|
req.assert('email', 'Please enter a valid email address.').isEmail();
|
|
|
|
|
|
|
|
|
|
var errors = req.validationErrors();
|
|
|
|
|
|
|
|
|
|
if (errors) {
|
|
|
|
|
req.flash('errors', errors);
|
|
|
|
|
return res.redirect('/forgot');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async.waterfall([
|
|
|
|
|
function(done) {
|
|
|
|
|
crypto.randomBytes(16, function(err, buf) {
|
|
|
|
|
var token = buf.toString('hex');
|
|
|
|
|
done(err, token);
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
function(token, done) {
|
|
|
|
|
User.findOne({ email: req.body.email.toLowerCase() }, function(err, user) {
|
|
|
|
|
if (!user) {
|
|
|
|
|
req.flash('errors', { msg: 'No account with that email address exists.' });
|
|
|
|
|
return res.redirect('/forgot');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
user.resetPasswordToken = token;
|
|
|
|
|
user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
|
|
|
|
|
|
|
|
|
|
user.save(function(err) {
|
|
|
|
|
done(err, token, user);
|
|
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
},
|
|
|
|
|
function(token, user, done) {
|
2014-07-15 21:21:09 +00:00
|
|
|
var transporter = nodemailer.createTransport({
|
2014-10-12 08:51:55 +00:00
|
|
|
service: 'Mandrill',
|
2014-03-07 19:08:56 +00:00
|
|
|
auth: {
|
2014-10-12 08:51:55 +00:00
|
|
|
user: secrets.mandrill.user,
|
|
|
|
|
pass: secrets.mandrill.password
|
2014-03-07 19:08:56 +00:00
|
|
|
}
|
|
|
|
|
});
|
|
|
|
|
var mailOptions = {
|
|
|
|
|
to: user.email,
|
|
|
|
|
from: 'hackathon@starter.com',
|
|
|
|
|
subject: 'Reset your password on Hackathon Starter',
|
|
|
|
|
text: 'You are receiving this email because you (or someone else) have requested the reset of the password for your account.\n\n' +
|
|
|
|
|
'Please click on the following link, or paste this into your browser to complete the process:\n\n' +
|
|
|
|
|
'http://' + req.headers.host + '/reset/' + token + '\n\n' +
|
|
|
|
|
'If you did not request this, please ignore this email and your password will remain unchanged.\n'
|
|
|
|
|
};
|
2014-07-15 21:21:09 +00:00
|
|
|
transporter.sendMail(mailOptions, function(err) {
|
2014-03-07 19:08:56 +00:00
|
|
|
req.flash('info', { msg: 'An e-mail has been sent to ' + user.email + ' with further instructions.' });
|
|
|
|
|
done(err, 'done');
|
|
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
], function(err) {
|
|
|
|
|
if (err) return next(err);
|
|
|
|
|
res.redirect('/forgot');
|
|
|
|
|
});
|
|
|
|
|
};
|
