user_control.js 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397
  1. var _ = require('lodash');
  2. var async = require('async');
  3. var crypto = require('crypto');
  4. var nodemailer = require('nodemailer');
  5. var passport = require('passport');
  6. var User = require('../models/user');
  7. var secure = require('../config/secure');
  8. /********** GET / Login **************/
  9. exports.getLogin = function (req, res) {
  10. if (req.user) {
  11. return res.redirect('/');
  12. }
  13. res.render('account/login', {
  14. title: 'Login'
  15. });
  16. };
  17. /********** User GET / User URL **************/
  18. exports.getUserURL = function (req, res) {
  19. if (req.params.username) {
  20. User.find({ username: req.params.username }, function (err, username) {
  21. console.log('%s', User.username);
  22. console.log(req.originalUrl);
  23. console.log(req.baseUrl);
  24. console.log(req.path);
  25. if (!username) {
  26. res.render('404', { url: req.url, error: '404 Not found' });
  27. return;
  28. }
  29. var username = req.params.username;
  30. res.render('account/user', {
  31. title: username.User,
  32. url: username.User
  33. });
  34. });
  35. };
  36. };
  37. /********** POST / Login **************/
  38. exports.postLogin = function(req, res, next) {
  39. req.assert('email', 'Email is not valid').isEmail();
  40. req.assert('password', 'Password cannot be blank').notEmpty();
  41. var errors = req.validationErrors();
  42. if (errors) {
  43. req.flash('errors', errors);
  44. return res.redirect('/login');
  45. }
  46. passport.authenticate('local', function(err, user, info) {
  47. if (err) {
  48. return next(err);
  49. }
  50. if (!user) {
  51. req.flash('errors', { msg: info.message });
  52. return res.redirect('/login');
  53. }
  54. req.logIn(user, function(err) {
  55. if (err) {
  56. return next(err);
  57. }
  58. req.flash('success', { msg: 'Success! You are logged in.' });
  59. res.redirect(req.session.returnTo || '/');
  60. });
  61. })(req, res, next);
  62. };
  63. /********** GET / Logout **************/
  64. exports.logout = function(req, res) {
  65. req.logout();
  66. res.redirect('/');
  67. };
  68. /********** GET / Register **************/
  69. exports.getSignup = function(req, res) {
  70. if (req.user) {
  71. return res.redirect('/');
  72. }
  73. res.render('account/register', {
  74. title: 'Register'
  75. });
  76. };
  77. /********** POST / Register **************/
  78. exports.postSignup = function(req, res, next) {
  79. req.assert('email', 'Email is not valid').isEmail();
  80. req.assert('password', 'Password must be at least 6 characters long').len(6);
  81. req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
  82. var errors = req.validationErrors();
  83. if (errors) {
  84. req.flash('errors', errors);
  85. return res.redirect('/register');
  86. }
  87. var user = new User({
  88. email: req.body.email,
  89. password: req.body.password
  90. });
  91. User.findOne({ email: req.body.email }, function(err, existingUser) {
  92. if (existingUser) {
  93. req.flash('errors', { msg: 'Account with that email address already exists.' });
  94. return res.redirect('/register');
  95. }
  96. user.save(function(err) {
  97. if (err) {
  98. return next(err);
  99. }
  100. req.logIn(user, function(err) {
  101. if (err) {
  102. return next(err);
  103. }
  104. res.redirect('/');
  105. });
  106. });
  107. });
  108. };
  109. /********** GET / Account **************/
  110. exports.getAccount = function(req, res) {
  111. res.render('account/profile', {
  112. title: 'Account Management'
  113. });
  114. };
  115. /********** POST / Account **************/
  116. exports.postUpdateProfile = function(req, res, next) {
  117. User.findById(req.user.id, function(err, user) {
  118. if (err) {
  119. return next(err);
  120. }
  121. user.email = req.body.email || '';
  122. user.profile.name = req.body.name || '';
  123. user.profile.username = req.body.username || '';
  124. user.profile.gender = req.body.gender || '';
  125. user.profile.location = req.body.location || '';
  126. user.profile.website = req.body.website || '';
  127. user.profile.bio = req.body.bio || '';
  128. user.save(function(err) {
  129. if (err) {
  130. return next(err);
  131. }
  132. req.flash('success', { msg: 'Profile information updated.' });
  133. res.redirect('/account');
  134. });
  135. });
  136. };
  137. /********** POST / Account / Password **************/
  138. exports.postUpdatePassword = function(req, res, next) {
  139. req.assert('password', 'Password must be at least 4 characters long').len(4);
  140. req.assert('confirmPassword', 'Passwords do not match').equals(req.body.password);
  141. var errors = req.validationErrors();
  142. if (errors) {
  143. req.flash('errors', errors);
  144. return res.redirect('/account');
  145. }
  146. User.findById(req.user.id, function(err, user) {
  147. if (err) {
  148. return next(err);
  149. }
  150. user.password = req.body.password;
  151. user.save(function(err) {
  152. if (err) {
  153. return next(err);
  154. }
  155. req.flash('success', { msg: 'Password has been changed.' });
  156. res.redirect('/account');
  157. });
  158. });
  159. };
  160. /********** POST / Account / Delete **************/
  161. exports.postDeleteAccount = function(req, res, next) {
  162. User.remove({ _id: req.user.id }, function(err) {
  163. if (err) {
  164. return next(err);
  165. }
  166. req.logout();
  167. req.flash('info', { msg: 'Your account has been deleted.' });
  168. res.redirect('/');
  169. });
  170. };
  171. /********** POST / Account / Oauth **************/
  172. exports.getOauthUnlink = function(req, res, next) {
  173. var provider = req.params.provider;
  174. User.findById(req.user.id, function(err, user) {
  175. if (err) {
  176. return next(err);
  177. }
  178. user[provider] = undefined;
  179. user.tokens = _.reject(user.tokens, function(token) { return token.kind === provider; });
  180. user.save(function(err) {
  181. if (err) return next(err);
  182. req.flash('info', { msg: provider + ' account has been unlinked.' });
  183. res.redirect('/account');
  184. });
  185. });
  186. };
  187. /********** GET / Password / :Token **************/
  188. exports.getReset = function(req, res) {
  189. if (req.isAuthenticated()) {
  190. return res.redirect('/');
  191. }
  192. User
  193. .findOne({ resetPasswordToken: req.params.token })
  194. .where('resetPasswordExpires').gt(Date.now())
  195. .exec(function(err, user) {
  196. if (err) {
  197. return next(err);
  198. }
  199. if (!user) {
  200. req.flash('errors', { msg: 'Password reset token is invalid or has expired.' });
  201. return res.redirect('/forgot');
  202. }
  203. res.render('account/reset', {
  204. title: 'Password Reset'
  205. });
  206. });
  207. };
  208. /********** POST / Password / :Token **************/
  209. exports.postReset = function(req, res, next) {
  210. req.assert('password', 'Password must be at least 4 characters long.').len(4);
  211. req.assert('confirm', 'Passwords must match.').equals(req.body.password);
  212. var errors = req.validationErrors();
  213. if (errors) {
  214. req.flash('errors', errors);
  215. return res.redirect('back');
  216. }
  217. async.waterfall([
  218. function(done) {
  219. User
  220. .findOne({ resetPasswordToken: req.params.token })
  221. .where('resetPasswordExpires').gt(Date.now())
  222. .exec(function(err, user) {
  223. if (err) {
  224. return next(err);
  225. }
  226. if (!user) {
  227. req.flash('errors', { msg: 'Password reset token is invalid or has expired.' });
  228. return res.redirect('back');
  229. }
  230. user.password = req.body.password;
  231. user.resetPasswordToken = undefined;
  232. user.resetPasswordExpires = undefined;
  233. user.save(function(err) {
  234. if (err) {
  235. return next(err);
  236. }
  237. req.logIn(user, function(err) {
  238. done(err, user);
  239. });
  240. });
  241. });
  242. },
  243. function(user, done) {
  244. var transporter = nodemailer.createTransport({
  245. service: 'Mandrill',
  246. auth: {
  247. user: secrets.mandrill.user,
  248. pass: secrets.mandrill.password
  249. }
  250. });
  251. var mailOptions = {
  252. to: user.email,
  253. from: 'admin@juryd.com',
  254. subject: 'Your Juryd password has been changed',
  255. text: 'Hello,\n\n' +
  256. 'This is a confirmation that the password for your account ' + user.email + ' has just been changed.\n'
  257. };
  258. transporter.sendMail(mailOptions, function(err) {
  259. req.flash('success', { msg: 'Success! Your password has been changed.' });
  260. done(err);
  261. });
  262. }
  263. ], function(err) {
  264. if (err) {
  265. return next(err);
  266. }
  267. res.redirect('/');
  268. });
  269. };
  270. /********** GET / Password / Forgot **************/
  271. exports.getForgot = function(req, res) {
  272. if (req.isAuthenticated()) {
  273. return res.redirect('/');
  274. }
  275. res.render('account/forgot', {
  276. title: 'Forgot Password'
  277. });
  278. };
  279. /********** Post / Password / Forgot / Email **************/
  280. exports.postForgot = function(req, res, next) {
  281. req.assert('email', 'Please enter a valid email address.').isEmail();
  282. var errors = req.validationErrors();
  283. if (errors) {
  284. req.flash('errors', errors);
  285. return res.redirect('/forgot');
  286. }
  287. async.waterfall([
  288. function(done) {
  289. crypto.randomBytes(16, function(err, buf) {
  290. var token = buf.toString('hex');
  291. done(err, token);
  292. });
  293. },
  294. function(token, done) {
  295. User.findOne({ email: req.body.email.toLowerCase() }, function(err, user) {
  296. if (!user) {
  297. req.flash('errors', { msg: 'No account with that email address exists.' });
  298. return res.redirect('/forgot');
  299. }
  300. user.resetPasswordToken = token;
  301. user.resetPasswordExpires = Date.now() + 3600000; // 1 hour
  302. user.save(function(err) {
  303. done(err, token, user);
  304. });
  305. });
  306. },
  307. function(token, user, done) {
  308. var transporter = nodemailer.createTransport({
  309. service: 'Mandrill',
  310. auth: {
  311. user: secrets.mandrill.user,
  312. pass: secrets.mandrill.password
  313. }
  314. });
  315. var mailOptions = {
  316. to: user.email,
  317. from: 'admin@juryd.com',
  318. subject: 'Juryd - Reset your password',
  319. text: 'You are receiving this email because you (or someone else) have requested the reset of the password for your account.\n\n' +
  320. 'Please click on the following link, or paste this into your browser to complete the process:\n\n' +
  321. 'http://' + req.headers.host + '/reset/' + token + '\n\n' +
  322. 'If you did not request this, please ignore this email and your password will remain unchanged.\n'
  323. };
  324. transporter.sendMail(mailOptions, function(err) {
  325. req.flash('info', { msg: 'An e-mail has been sent to ' + user.email + ' with further instructions.' });
  326. done(err, 'done');
  327. });
  328. }
  329. ], function(err) {
  330. if (err) {
  331. return next(err);
  332. }
  333. res.redirect('/forgot');
  334. });
  335. };