Commit e7931881 authored by Rosanny Sihombing's avatar Rosanny Sihombing
Browse files

MLAB-129: add user verification mechanism

parent 3bfcbafc
......@@ -42,14 +42,26 @@ var methods = {
throw err
});
}
// COMMIT
dbconn.user.commit(function(err) {
// MLAB-129: INSERT verification token
let verificationData = {
user_id: newUserId,
token: data.verificationToken
}
dbconn.user.query('INSERT INTO verification SET ?', verificationData, function (err, results, fields) {
if (err) {
return dbconn.user.rollback(function() {
throw err
});
}
});
// COMMIT
dbconn.user.commit(function(err) {
if (err) {
return dbconn.user.rollback(function() {
throw err
})
}
})
})
})
});
});
......@@ -57,7 +69,7 @@ var methods = {
})
},
getUserByEmail: function(email, callback) {
dbconn.user.query('SELECT salutation, title, firstname, lastname, industry, organisation, speciality FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
dbconn.user.query('SELECT verificationStatus, salutation, title, firstname, lastname, industry, organisation, speciality FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
if (err) {
throw err;
}
......@@ -70,7 +82,7 @@ var methods = {
});
},
checkUserEmail: function(email, callback) {
var user;
let user
dbconn.user.query('SELECT id, email FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
if (err) {
throw err;
......@@ -84,7 +96,7 @@ var methods = {
});
},
getUserByToken: function(token, callback) {
var user;
let user
dbconn.user.query('SELECT t1.user_id, t2.email FROM userdb.credential AS t1 INNER JOIN userdb.user AS t2 ON t1.user_id = t2.id AND t1.resetPasswordToken = "'
+token+'" and resetPasswordExpires > '+Date.now(), function (err, rows, fields) {
if (err) {
......@@ -100,42 +112,92 @@ var methods = {
}
);
},
updateUser: function(userData, callback) {
dbconn.user.query('UPDATE user SET ? WHERE email = "' +userData.email+'"', userData, function (err, rows, fields) {
if (err) throw err;
callback(err);
updateUserById: function(userData, callback) {
dbconn.user.query('UPDATE user SET ? WHERE id = ' +userData.id, userData, function (err, rows, fields) {
if (err) throw err
callback(err)
})
},
updateCredential: function(data, callback) {
dbconn.user.query('UPDATE credential SET ? WHERE user_id = ' +data.user_id, data, function (err, rows, fields) {
if (err) throw err;
callback(err);
if (err) throw err
callback(err)
})
},
getUserIdByEmail: function(email, callback) {
var userId
let userId
dbconn.user.query('SELECT id FROM user WHERE email = "' +email+'"', function (err, rows, fields) {
if (err) {
throw err;
throw err
}
else {
if ( rows.length > 0) {
userId = rows[0].id;
userId = rows[0].id
}
}
callback(userId, err);
callback(userId, err)
});
},
getUserProjectRole: function(userId, callback) {
dbconn.user.query('SELECT project_id, role_id FROM user_project_role WHERE user_id = "' +userId+'"', function (err, rows, fields) {
if (err) throw err;
callback(rows, err);
if (err) throw err
callback(rows, err)
});
},
addUserProjectRole: function(data, callback) {
dbconn.user.query('INSERT INTO user_project_role SET ?', data, function (err, results, fields){
if (err) throw err;
callback(err);
if (err) throw err
callback(err)
})
},
getVerificationTokenByUserId: function(userId, callback) {
let token
dbconn.user.query('SELECT token FROM verification WHERE user_id = "' +userId+'"', function (err, rows, fields) {
if (err) {
throw err
}
else {
if (rows.length > 0) {
token = rows[0].token
}
}
callback(token, err)
})
},
getUserIdByVerificationToken: function(token, callback) {
let userId
dbconn.user.query('SELECT user_id FROM verification WHERE token = "' +token+'"', function (err, rows, fields) {
if (err) {
throw err
}
else if(rows[0]) {
userId = rows[0].user_id
}
callback(userId, err)
})
},
verifyUserAccount: function(userData, callback) {
dbconn.user.beginTransaction(function(err) { // START TRANSACTION
if (err) { throw err }
// update user status
dbconn.user.query('UPDATE user SET ? WHERE id =' +userData.id, userData, function (err, rows, fields) {
if (err) {
return dbconn.user.rollback(function() { throw err })
}
// delete verification token
dbconn.user.query('DELETE FROM verification WHERE user_id = '+userData.id, function (err, rows, fields) {
if (err) {
return dbconn.user.rollback(function() { throw err })
}
// COMMIT
dbconn.user.commit(function(err) {
if (err) {
return dbconn.user.rollback(function() { throw err })
}
})
})
})
callback(err)
})
},
// ======================= project db =======================
......
......@@ -142,10 +142,18 @@ module.exports = function (app, config, passport, i18n) {
if (req.isAuthenticated()) {
methods.getUserByEmail(req.user.email, function(data, err){
if (!err) {
res.render(lang+'/account/profile', {
user: data,
email: req.user.email
});
if (data.verificationStatus == 1) {
console.log(data)
res.render(lang+'/account/profile', {
user: data,
email: req.user.email
})
}
else {
res.render(lang+'/account/home', {
user: data
});
}
}
})
} else {
......@@ -155,63 +163,74 @@ module.exports = function (app, config, passport, i18n) {
app.get('/services', function (req, res) {
if (req.isAuthenticated()) {
async.waterfall([
// get userId by email from userdb
function(done) {
methods.getUserIdByEmail(req.user.email, function(userId, err) {
if (!err) {
done(err, userId)
}
})
},
// get user-project-role from userdb
function(userId, done) {
methods.getUserProjectRole(userId, function(userProjects, err) {
if (!err) {
done(err, userProjects)
}
})
},
// get all projects from projectdb
function(userProjects, done) {
methods.getAllProjects(function(projectsOverview, err) {
if (!err) {
done(err, userProjects, projectsOverview)
}
})
},
// create JSON object of projects and user status for front-end
function(userProjects, projectsOverview, done) {
var allProjects = [] // JSON object
var userProjectId = [] // array of user's project_id
for (var i = 0; i < userProjects.length; i++) {
userProjectId.push(userProjects[i].project_id)
methods.getUserByEmail(req.user.email, function(data, err){
if (!err) {
if (data.verificationStatus == 1) {
async.waterfall([
// get userId by email from userdb
function(done) {
methods.getUserIdByEmail(req.user.email, function(userId, err) {
if (!err) {
done(err, userId)
}
})
},
// get user-project-role from userdb
function(userId, done) {
methods.getUserProjectRole(userId, function(userProjects, err) {
if (!err) {
done(err, userProjects)
}
})
},
// get all projects from projectdb
function(userProjects, done) {
methods.getAllProjects(function(projectsOverview, err) {
if (!err) {
done(err, userProjects, projectsOverview)
}
})
},
// create JSON object of projects and user status for front-end
function(userProjects, projectsOverview, done) {
var allProjects = [] // JSON object
var userProjectId = [] // array of user's project_id
for (var i = 0; i < userProjects.length; i++) {
userProjectId.push(userProjects[i].project_id)
}
for (var i = 0; i < projectsOverview.length; i++) {
// check if projectId is exist in userProjectId[]
var status = false
if (userProjectId.indexOf(projectsOverview[i].id) > -1) {
status = true
}
// add data to JSON object
allProjects.push({
id: projectsOverview[i].id,
title: projectsOverview[i].title,
summary: projectsOverview[i].onelinesummary,
cp: projectsOverview[i].contact_email,
userStatus: status
});
}
// render the page
res.render(lang+'/account/services', {
user: data,
project: allProjects
});
}
])
}
for (var i = 0; i < projectsOverview.length; i++) {
// check if projectId is exist in userProjectId[]
var status = false
if (userProjectId.indexOf(projectsOverview[i].id) > -1) {
status = true
}
// add data to JSON object
allProjects.push({
id: projectsOverview[i].id,
title: projectsOverview[i].title,
summary: projectsOverview[i].onelinesummary,
cp: projectsOverview[i].contact_email,
userStatus: status
else {
res.render(lang+'/account/home', {
user: data
});
}
// render the page
res.render(lang+'/account/services', {
user: req.user,
project: allProjects
});
}
])
})
} else {
res.redirect('/login');
}
......@@ -219,9 +238,21 @@ module.exports = function (app, config, passport, i18n) {
app.get('/security', function (req, res) {
if (req.isAuthenticated()) {
res.render(lang+'/account/security', {
user: req.user // useful for view engine, useless for HTML
});
methods.getUserByEmail(req.user.email, function(data, err){
if (!err) {
if (data.verificationStatus == 1) {
console.log(data)
res.render(lang+'/account/security', {
user: data
})
}
else {
res.render(lang+'/account/home', {
user: data
});
}
}
})
} else {
res.redirect('/login');
}
......@@ -474,16 +505,11 @@ module.exports = function (app, config, passport, i18n) {
});
// todo: user registration with captcha
// ============= NEW USERS REGISTRATION ===========================
app.get('/registration', function(req, res) {
res.render(lang+'/account/registration')
})
app.post('/registration', function(req, res) {
// TODO:
// create gitlab account?
// send email to activate profile?
// user data
var curDate = new Date()
var userData = {
......@@ -497,27 +523,132 @@ module.exports = function (app, config, passport, i18n) {
speciality: req.body.inputSpeciality,
createdDate: curDate.toISOString().slice(0,10)
}
// encrypt password
bcrypt.genSalt(saltRounds, function(err, salt) {
bcrypt.hash(req.body.inputPassword, salt, function(err, hash) {
// create account
var newAccount = {
profile: userData,
password: hash
}
let token
async.waterfall([
function(done) {
crypto.randomBytes(20, function(err, buf) {
token = buf.toString('hex');
done(err, token);
});
},
// encrypt password
function(token, done) {
bcrypt.genSalt(saltRounds, function(err, salt) {
bcrypt.hash(req.body.inputPassword, salt, function(err, hash) {
var newAccount = {
profile: userData,
password: hash,
verificationToken: token
}
done(err, newAccount)
});
});
},
// save data
function(newAccount, err) {
methods.registerNewUser(newAccount, function(err){
if (err) {
//req.flash('error', "Failed")
req.flash('error', "Fehlgeschlagen")
}
else {
//req.flash('success', 'Your account has been created. Please log in.')
req.flash('success', 'Ihr Benutzerkonto wurde angelegt. Bitte melden Sie sich an.')
// send email
var emailSubject = "Bitte bestätigen Sie Ihr M4_LAB Benutzerkonto"
var emailContent = "Lieber Nutzer,\n\n"+
"vielen Dank für Ihre Anmeldung am Transferportal der HFT Stuttgart. "+
"\nUm Ihre Anmeldung zu bestätigen, klicken Sie bitte diesen Link: "+config.app.host+"/verifyAccount?token="+token+
"\n\nOhne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.\n\n"+mailSignature
mailer.options.to = req.body.inputEmail;
mailer.options.subject = emailSubject;
mailer.options.text = emailContent;
mailer.transport.sendMail(mailer.options, function(err) {
if (err) {
console.log('cannot send email')
throw err
}
})
// user feedback
req.flash('success', 'Wir haben Ihnen eine E-Mail an Ihre verwendete Adresse gesendet. Diese enthält einen Link zur Bestätigung Ihres Accounts.\r\n' +
'Wenn Sie die Mail nicht in ihrem Postfach vorfinden, prüfen Sie bitte auch Ihren Spam-Ordner.\r\n \r\n'+
'Ohne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.')
}
res.redirect('/account/registration');
res.redirect('/account/registration')
})
});
});
}
])
})
// ============= USER VERIFICATION ================================
app.get("/verifyAccount", function(req, res){
methods.getUserIdByVerificationToken(req.query.token, function(userId, err){
console.log(err)
console.log(userId)
if (userId) {
let userData = {
id: userId,
verificationStatus: 1
}
methods.verifyUserAccount(userData, function(err){
if (err) {
console.log("Error: "+err)
res.render(lang+'/account/verification', {
status: false
});
}
else {
res.render(lang+'/account/verification', {
status: true
});
}
})
}
else {
res.render(lang+'/account/verification', {
status: null
});
}
})
})
app.get("/resendVerificationEmail", function(req, res){
if (req.isAuthenticated()) {
var emailAddress = req.user.email
methods.getUserIdByEmail(req.user.email, function(userId, err) {
if (!err) {
// get token
methods.getVerificationTokenByUserId(userId, function(token, err){
if (!err) {
if (token) {
// send email
var emailSubject = "Bitte bestätigen Sie Ihr M4_LAB Benutzerkonto"
var emailContent = "Lieber Nutzer,\n\n"+
"vielen Dank für Ihre Anmeldung am Transferportal der HFT Stuttgart. "+
"\nUm Ihre Anmeldung zu bestätigen, klicken Sie bitte diesen Link: "+config.app.host+"/verifyAccount?token="+token+
"\n\nOhne Bestätigung Ihres Kontos müssen wir Ihr Konto leider nach 7 Tagen löschen.\n\n"+mailSignature
mailer.options.to = emailAddress;
mailer.options.subject = emailSubject;
mailer.options.text = emailContent;
mailer.transport.sendMail(mailer.options, function(err) {
if (err) {
console.log('cannot send email')
throw err
}
})
res.send(true)
}
else {
res.send(false)
}
}
else {
console.log(err)
}
})
}
})
}
})
app.get('/email/:email', function(req, res) {
......
......@@ -7,35 +7,44 @@ html(lang="de")
link(rel="stylesheet", type="text/css", href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css")
link(rel="stylesheet", href="https://use.fontawesome.com/releases/v5.8.2/css/all.css", integrity="sha384-oS3vJWv+0UjzBfQzYUhtDYW+Pj2yciDJxpsK1OYPAYjqT085Qq/1cq5FLXAZQ7Ay", crossorigin="anonymous")
body
div(class="container-fluid")
div(class="row min-vh-100 flex-column flex-md-row")
aside(class="col-12 col-md-2 p-0 flex-shrink-1")
nav(class="navbar navbar-expand flex-md-column flex-row align-items-start py-2")
div(class="collapse navbar-collapse")
ul(class="flex-md-column flex-row navbar-nav w-100 justify-content-between")
li(class="nav-item")
a(class="nav-link pl-0 text-nowrap" href="#")
span(class="font-weight-bold" style="color:black;") #{user.firstname} #{user.lastname}
li(class="nav-item")
a(class="nav-link pl-0" href="/account/profile")
i(class="fa fa-user fa-fw")
span(class="d-none d-md-inline") Benutzerprofil
li(class="nav-item")
a(class="nav-link pl-0" href="/account/security")
i(class="fa fa-lock fa-fw")
span(class="d-none d-md-inline") Sicherheitseinstellungen
li(class="nav-item")
a(class="nav-link pl-0" href="/account/services")
i(class="fa fa-tasks fa-fw")
span(class="d-none d-md-inline") Projekte und Dienste
li(class="nav-item")
a(class="nav-link pl-0" href="/logout")
i(class="fa fa-sign-out-alt fa-fw")
span(class="d-none d-md-inline") Logout
main(class="col bg-faded py-3 flex-grow-1")
p Willkommen im Benutzerkonto-Bereich des HFT Transferportals
p In diesem Bereich können Sie Ihr Benutzerkonto pflegen.<br/> Dazu finden Sie auf der linken Seite verschiedene Menüs.
p Bei Rückfragen kontaktieren Sie uns bitte unter: <a href="mailto:support-transfer@hft-stuttgart.de">support-transfer@hft-stuttgart.de</a>
div(class="container")
if user.verificationStatus == 0
div.alert.alert-warning.alert-dismissible
| Willkommen im Benutzerkonto-Bereich des HFT Transferportals
| <br/><br/>
| Wir haben Ihnen eine E-Mail an Ihre verwendete Adresse gesendet. Diese enthält einen Link zur Bestätigung Ihres Accounts.
| Wenn Sie die Mail nicht in ihrem Postfach vorfinden, prüfen Sie bitte auch Ihren Spam-Ordner.
| <br >Falls Sie keine E-Mail von uns erhalten haben, können Sie <a href="javascript:void(0);" onclick="verify();">diese hier</a> erneut anfordern.
div(class="spinner-border text-secondary", role="status", style="display: none")
else
div(class="row min-vh-100 flex-column flex-md-row")
aside(class="col-12 col-md-3 p-0 flex-shrink-1")
nav(class="navbar navbar-expand flex-md-column flex-row align-items-start py-2")
div(class="collapse navbar-collapse")
ul(class="flex-md-column flex-row navbar-nav w-100 justify-content-between")
li(class="nav-item")
a(class="nav-link pl-0 text-nowrap" href="#")
span(class="font-weight-bold" style="color:black;") #{user.firstname} #{user.lastname}
li(class="nav-item")
a(class="nav-link pl-0" href="/profile")
i(class="fa fa-user fa-fw")
span(class="d-none d-md-inline") Benutzerprofil
li(class="nav-item")
a(class="nav-link pl-0" href="/security")
i(class="fa fa-lock fa-fw")
span(class="d-none d-md-inline") Sicherheitseinstellungen
li(class="nav-item")
a(class="nav-link pl-0" href="/services")
i(class="fa fa-tasks fa-fw")
span(class="d-none d-md-inline") Projekte und Dienste
li(class="nav-item")
a(class="nav-link pl-0" href="/logout" style="color:red;")
i(class="fa fa-sign-out-alt fa-fw")
span(class="d-none d-md-inline") Logout
main(class="col bg-faded py-3 flex-grow-1")
p Willkommen im Benutzerkonto-Bereich des HFT Transferportals
p In diesem Bereich können Sie Ihr Benutzerkonto pflegen.<br/> Dazu finden Sie auf der linken Seite verschiedene Menüs.
p Bei Rückfragen kontaktieren Sie uns bitte unter: <a href="mailto:support-transfer@hft-stuttgart.de">support-transfer@hft-stuttgart.de</a>
// jQuery
script(src="https://code.jquery.com/jquery-3.3.1.min.js")
......@@ -43,4 +52,25 @@ html(lang="de")
// Bootstrap
script(src="https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js" integrity="sha384-JjSmVgyd0p3pXB1rRibZUAYoIIy6OrQ6VrjIEaFf/nJGzIxFDsf4x0xIM+B07jRM" crossorigin="anonymous")
// M4_LAB
script(src="/js/headfoot.js")
\ No newline at end of file
script(src="https://m4lab.hft-stuttgart.de/js/headfoot.js")
script.
// call verifyAccount
function verify() {
$(".spinner-border").show()
$.get( "/resendVerificationEmail", function( data ) {
console.log(data)
if (data) {
alert( "Email sent!" )
}
else {
alert("Please contact support-transfer@hft-stuttgart.de to verify your account.")
}
})
.fail(function() {
alert( "Something went wrong. Please try again." ) // todo: to DE
})
.always(function() {
$(".spinner-border").hide()
})
}
\ No newline at end of file
......@@ -7,29 +7,29 @@ html(lang="de")
link(rel="stylesheet", type="text/css", href="https://transfer.hft-stuttgart.de/css/bootstrap/bootstrap.css")