1 files changed, 27 insertions, 12 deletions

diff --git a/app/server/util/auth.js b/app/server/util/auth.js
index fde0263..5fc5d1f 100644
--- a/app/server/util/auth.js
+++ b/app/server/util/auth.js
@@ -6,6 +6,8 @@ import db from '../db'
 const { user: userModel } = db.models
 
 export function route(app, serve_index){
+  app.use(passport.initialize())
+  app.use(passport.session())
   passport.serializeUser(serializeUser)
   passport.deserializeUser(deserializeUser)
   passport.use(new LocalStrategy(verifyLocalUser))
@@ -36,8 +38,13 @@ export function ensureAuthenticated(req, res, next) {
   next()
 }
 
+export function getUserByUsername(username) {
+  return userModel.show(sanitizeName(username), 'username')
+}
+
 export function checkIfUserExists(req, res, next) {
-  userModel.show(sanitizeName(req.body.username), 'username').then((user) => {
+  getUserByUsername(req.body.username)
+  .then((user) => {
     console.log('gotta user?', !!user);
     user ? res.json({ error: "user exists" }) : next()
   }).catch(err => {
@@ -49,6 +56,12 @@ export function sanitizeName(s) { return (s || "").replace(new RegExp('[^-_a-zA-
 export function sanitizeUser(req_user) {
   // sanitize user object
   let user = JSON.parse(JSON.stringify(req_user))
+  try {
+    user.profile = JSON.parse(user.profile)
+  } catch (e) {
+    console.error('error decoding profile')
+    user.profile = {}
+  }
   delete user.password
   return user
 }
@@ -61,7 +74,7 @@ export function createUser(req, res, next) {
   let data = {
     username: sanitizeName(username),
     realname: sanitizeName(username),
-    password: makePassword(username, password),
+    password: makePassword(password),
     lastseen: new Date(),
     level: 0,
     profile: {},
@@ -72,10 +85,11 @@ export function createUser(req, res, next) {
 }
 
 export function login(req, res) {
+  console.log(req.user)
   if (req.isAuthenticated()) {
     let returnTo = req.session.returnTo
     delete req.session.returnTo
-    console.log(">> logged in", req.user.get('username'))
+    console.log(">> logged in", req.user.username)
     return res.json({
       status: "OK",
       user: sanitizeUser(req.user),
@@ -104,7 +118,7 @@ export function makePassword(password) {
 }
 
 export function validPassword(user, password) {
-  return user.get('password') === makePassword(password)
+  return user.password === makePassword(password)
 }
 
 export function changePassword(req, res, next) {
@@ -115,20 +129,21 @@ export function changePassword(req, res, next) {
   if (!validPassword(res.user, req.body.oldpassword)) {
     return res.send({ error: 'Password is incorrect.' })
   }
-  let username = req.user.get('username')
-  let newPassword = makePassword(username, req.body.newpassword)
-  res.user.set('password', newPassword)
-  res.user.save().then(() => next()).catch(err => res.send({ error: err }))
+  let username = req.user.username
+  let newPassword = makePassword(req.body.newpassword)
+  res.user.password = newPassword
+  res.user.save()
+  .then(next)
+  .catch(err => res.send({ error: err }))
 }
 
 export function verifyLocalUser(username, password, done) {
   // handle passwords!!
-  db.getUserByUsername(username).then(function(user){
-
+  getUserByUsername(username)
+  .then(user => {
+    console.log(user)
     // if (err) { return done(err) }
     if (! user) { return done("no user") }
-
-    // return done(null, user)
     if (! user || ! validPassword(user, password)) {
       return done(null, false, { error: { message: 'Bad username/password.' } })
     }