change password form working

author: Jules Laplace <julescarbon@gmail.com> 2018-05-14 18:54:22 +0200
committer: Jules Laplace <julescarbon@gmail.com> 2018-05-14 18:54:22 +0200
commit: e79bdedb819415792eea49de7483885046d2a368 (patch)
tree: 9931fa389c1459347593155dd09a7c2cf3ecc009 /bucky
parent: afd20e776ba207be9c4a00d29cb61dd3ea760eef (diff)
4 files changed, 80 insertions, 11 deletions
diff --git a/bucky/app/bucky.js b/bucky/app/bucky.js
index f00c296..70cfeec 100644
--- a/bucky/app/bucky.js
+++ b/bucky/app/bucky.js
@@ -547,6 +547,22 @@ var bucky = module.exports = {
       }
     })
   },
+  ensureUserFromBody: function (req, res, next){
+    var username = util.sanitizeName(req.body.username)
+    if (! username) {
+      return res.sendStatus(404)
+    }
+    db.getUserByUsername(username).then(function(user){
+      if (user) {
+        res.user = user
+        next()
+      }
+      else {
+        console.log('no such user!!')
+        res.sendStatus(404)
+      }
+    })
+  },
   sanitizeUser: function(req, res, next) {
     res.user = util.sanitizeUser(res.user)
     next()
diff --git a/bucky/db/index.js b/bucky/db/index.js
index 5e21603..f454c92 100644
--- a/bucky/db/index.js
+++ b/bucky/db/index.js
@@ -69,6 +69,10 @@ db.getUsernamesById = function(ids){
   return knex.column("id").column("username")
     .select().from('users').where("id", "in", ids)
 }
+db.getUsernames = function(){
+  return knex.column("username")
+    .select().from('users').orderBy("username").pluck("username")
+}
 db.checkUsernames = function(usernames){
   return knex.column("username")
     .select().distinct().from('users').where("username", "in", usernames)
diff --git a/bucky/util/adminz.js b/bucky/util/adminz.js
index 0092dc2..7224785 100644
--- a/bucky/util/adminz.js
+++ b/bucky/util/adminz.js
@@ -1,4 +1,3 @@
-
 var fs = require('fs')
 var db = require('../db')
 var util = require('./util')
@@ -6,6 +5,8 @@ var upload = require('./upload')
 var fortune = require('../db/fortune')
 var middleware = require('./middleware')
 var privacy = require('../app/privacy')
+var bucky = require('../app/bucky')
+var auth = require('./auth')
 
 var adminz = module.exports = {
 
@@ -13,28 +14,63 @@ var adminz = module.exports = {
   },
 
   title: function(){
-    return (Math.random() < 0.8 ? [
-      fortune('admin-adj'),
-      fortune('admin-noun1'),
-    ] : [
+    let title = [
+      fortune('admin-name'),
       fortune('admin-adj'),
       fortune('admin-noun1'),
-      "and",
-      fortune('admin-noun2'),
-    ]).join(" ")
+    ]
+    if (Math.random() < 0.2) {
+      title = title.concat([
+        "and",
+        fortune('admin-noun2')
+      ])
+    }
+    return title.join(" ")
+  },
+
+  ensureUsernames: function (req, res, next){
+    db.getUsernames().then(function(usernames){
+      res.usernames = usernames
+      next()
+    })
   },
 
   route: function(app){
     app.get("/adminz",
+      middleware.ensureAuthenticated,
       privacy.checkIsAdmin,
       function(req, res){
         res.render("pages/adminz", {
           title: adminz.title()
         })
       })
-    // app.put("/api/checkin",
-    //   middleware.ensureAuthenticated,
-    // )
+    app.get("/api/admin",
+      middleware.ensureAuthenticated,
+      privacy.checkIsAdmin,
+      adminz.ensureUsernames,
+      bucky.ensureLastlog,
+      bucky.bumpLastSeen,
+      bucky.checkMail,
+      function(req, res){
+        res.json({
+          status: 'ok',
+          lastlog: res.lastlog,
+          usernames: res.usernames,
+          mail: res.mail,
+        })
+      }
+    )
+    app.put("/api/admin/password/",
+      middleware.ensureAuthenticated,
+      privacy.checkIsAdmin,
+      bucky.ensureUserFromBody,
+      auth.changePasswordDangerously,
+      function(req, res){
+        res.json({
+          status: 'ok',
+        })
+      }
+    )
   },
 
 }
diff --git a/bucky/util/auth.js b/bucky/util/auth.js
index 624c898..16368cf 100644
--- a/bucky/util/auth.js
+++ b/bucky/util/auth.js
@@ -163,6 +163,19 @@ var auth = module.exports = {
     res.user.set('password', newPassword)
     res.user.save().then(() => next()).catch(err => res.send({ error: err }))
   },
+  changePasswordDangerously: function(req, res, next){
+    if (! req.body.password && ! req.body.newpassword) return next()
+    if (req.body.newpassword !== req.body.newpassword2) {
+      return res.send({ error: 'Passwords don\'t match.' })
+    }
+    if (! auth.validPassword(req.user, req.body.password)) {
+      return res.send({ error: 'Password is incorrect.' })
+    }
+    var username = res.user.get('username')
+    var newPassword = auth.makePassword(username, req.body.newpassword)
+    res.user.set('password', newPassword)
+    res.user.save().then(() => next()).catch(err => res.send({ error: err }))
+  },
 
 	verifyLocalUser: function (username, password, done) {
     // handle passwords!!
author	Jules Laplace <julescarbon@gmail.com>	2018-05-14 18:54:22 +0200
committer	Jules Laplace <julescarbon@gmail.com>	2018-05-14 18:54:22 +0200
commit	e79bdedb819415792eea49de7483885046d2a368 (patch)
tree	9931fa389c1459347593155dd09a7c2cf3ecc009 /bucky
parent	afd20e776ba207be9c4a00d29cb61dd3ea760eef (diff)