Merge branch 'devel' of https://transfer.hft-stuttgart.de/gitlab/m4lab_tv1/user-account into devel

bc823d2a · Rosanny Sihombing · bafa2004 · 40654a4a · bc823d2a · bc823d2a
Commit bc823d2a authored Dec 11, 2019 by Rosanny Sihombing
--- a/routes/routes.js
+++ b/routes/routes.js
@@ -3,8 +3,9 @@ const SamlStrategy = require('passport-saml').Strategy
 const dbconn = require('./dbconn')
 const methods = require('./methods')
 // pwd encryption
-const bcrypt = require('bcryptjs')
-const saltRounds = 10
+const bcrypt = require('bcryptjs');
+const saltRounds = 10;
+const salt = 64; // salt length
 // forgot pwd
 const async = require('async')
 const crypto = require('crypto')
@@ -53,15 +54,37 @@ module.exports = function (app, config, passport) {
  
  passport.use(samlStrategy);

+  // ============================
+/*
+  app.all('/', function(req, res){
+    req.flash('test', 'it worked');
+    res.redirect('/test')
+  });
+  app.all('/test', function(req, res){
+    res.send(JSON.stringify(req.flash('test')));
+  });
+  */
+  app.get('/', function (req, res) {
+    res.redirect('/account/profile')
+  });
+
+  app.get('/login',
+    passport.authenticate(config.passport.strategy,
+      {
+        successRedirect: '/account/',
+        failureRedirect: '/account/login'
+      })
+  );
+
  // ============= SAML ==============
  app.post(config.passport.saml.path,
    passport.authenticate(config.passport.strategy,
      {
-        failureRedirect: '/',
+        failureRedirect: '/account/',
        failureFlash: true
      }),
    function (req, res) {
-      res.redirect('/');
+      res.redirect('/account/');
    }
  );

@@ -97,14 +120,14 @@ module.exports = function (app, config, passport) {
  
  // ======== APP ROUTES ====================
  app.get('/', function (req, res) {
-    res.redirect('/profile')
+    res.redirect('/account/profile')
  });

  app.get('/login',
    passport.authenticate(config.passport.strategy,
      {
-        successRedirect: '/',
-        failureRedirect: '/login'
+        successRedirect: '/account/',
+        failureRedirect: '/account/login'
      })
  );

@@ -130,6 +153,7 @@ module.exports = function (app, config, passport) {
    });
  });

+
  app.get('/profile', function (req, res) {
    if (req.isAuthenticated()) {
      methods.getUserByEmail(req.user.email, function(data, err){
@@ -141,7 +165,7 @@ module.exports = function (app, config, passport) {
        }
      })
    } else {
-      res.redirect('/login');
+      res.redirect('/account/login');
    }
  });

@@ -205,7 +229,7 @@ module.exports = function (app, config, passport) {
        }
      ])
    } else {
-      res.redirect('/login');
+      res.redirect('/account/login');
    }
  });

@@ -216,7 +240,7 @@ module.exports = function (app, config, passport) {
        user: req.user // useful for view engine, useless for HTML
      });
    } else {
-      res.redirect('/login');
+      res.redirect('/account/login');
    }
  });

@@ -241,11 +265,11 @@ module.exports = function (app, config, passport) {
            else {
              req.flash('success', 'Profile updated!');
            }
-            res.redirect('/profile');
+            res.redirect('/account/profile');
        })
      }
    } else {
-      res.redirect('/login');
+      res.redirect('/account/login');
    }
  });
  
@@ -260,7 +284,7 @@ module.exports = function (app, config, passport) {
          // Load hashed passwd from DB
          dbconn.user.query('SELECT password FROM credential WHERE user_id='+userId, function (err, rows, fields) {
            if (err) {
-              res.redirect('/500')
+              res.redirect('/account/500')
              throw err
            }
            var userPwd = rows[0].password
@@ -273,12 +297,12 @@ module.exports = function (app, config, passport) {
              }
              else if (!isMatch) {
                req.flash('error', "Sorry, your password was incorrect. Please double-check your password.")
-                res.redirect('/security')
+                res.redirect('/account/security')
              }
              else {
                if ( newPwd != retypePwd ) {
                  req.flash('error', "Passwords do no match. Please make sure you re-type your new password correctly.")
-                  res.redirect('/security')
+                  res.redirect('/account/security')
                }
                else {
                  // update password
@@ -297,7 +321,7 @@ module.exports = function (app, config, passport) {
                          req.flash('success', "Pasword updated!")
                          console.log('pasword updated!')
                        }
-                        res.redirect('/security')
+                        res.redirect('/account/security')
                      })
                    });
                  });
@@ -309,7 +333,7 @@ module.exports = function (app, config, passport) {
      })  
    }
    else {
-      res.redirect('/login');
+      res.redirect('/account/login');
    }
  });

@@ -342,7 +366,7 @@ module.exports = function (app, config, passport) {
            emailSubject = "M4_LAB Password Reset";
            emailContent = "Hi User,\n\n"+
              "we've received a request to reset your password. If you didn't make the request, just ignore this email.\n\n"+
-              "Otherwise, you can reset your password using this link: http://" + req.headers.host + "/reset/" + token + "\n" +
+              "Otherwise, you can reset your password using this link: https://" + config.app.hostname + "/reset/" + token + "\n" +
              "This password reset is only valid for 1 hour.\n\n"+
              "Thanks,\nM4_LAB Team"
            
@@ -375,7 +399,7 @@ module.exports = function (app, config, passport) {
      else {
        req.flash('success', 'An e-mail has been sent to ' + emailAddress + ' with further instructions.');
      }
-      res.redirect('/forgotPwd');
+      res.redirect('/account/forgotPwd');
    });
  });

@@ -384,7 +408,7 @@ module.exports = function (app, config, passport) {
      //console.log(user);
      if (!user) {
        req.flash('error', 'Password reset token is invalid or has expired.');
-        res.redirect('/forgotPwd');
+        res.redirect('/account/forgotPwd');
      }
      else {
        res.render('reset');
@@ -393,11 +417,12 @@ module.exports = function (app, config, passport) {
  });

  app.post('/reset/:token', function(req, res) {
+    var newPwd = req.body.inputNewPwd  
    methods.checkUserToken(req.params.token, function(err, user){
      if (user) {
        // encrypt password
        bcrypt.genSalt(saltRounds, function(err, salt) {
-          bcrypt.hash(req.body.inputNewPwd, salt, function(err, hash) {
+          bcrypt.hash(newPwd, salt, function(err, hash) {
            var credentialData = {
              password: hash,
              user_id: user.user_id
@@ -424,7 +449,6 @@ module.exports = function (app, config, passport) {
      }
    });
   
-    //res.redirect('/login')
  });

  // todo: user registration with captcha
@@ -470,6 +494,10 @@ module.exports = function (app, config, passport) {
    });
  })

+
+
+  
+  
  app.get('/email/:email', function(req, res) {
    methods.checkUserEmail(req.params.email, function(err, user){
      if (!err) {
@@ -483,4 +511,4 @@ module.exports = function (app, config, passport) {
    })
  })

-};
\ No newline at end of file
+};
--- a/views/reset.pug
+++ b/views/reset.pug
@@ -57,4 +57,4 @@ html(lang="en")
    // M4_LAB
    script(src="/js/security.js")
    script(src="/js/generalFunction.js")
-    script(src="https://transfer.hft-stuttgart.de/js/headfoot.js")
\ No newline at end of file
+    script(src="https://transfer.hft-stuttgart.de/js/headfoot.js")