From 34a81d79236bb415ac35c451937a9435a05ce1aa Mon Sep 17 00:00:00 2001
From: Evert <imsonotsleepy@gmail.com>
Date: Thu, 30 Nov 2017 23:45:21 +0200
Subject: [PATCH] some more things

---
 server/api/external.js            | 10 +++++-----
 server/api/index.js               |  2 +-
 server/routes/index.js            |  2 ++
 templates/reset_password/html.pug |  2 +-
 4 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/server/api/external.js b/server/api/external.js
index 7419d3e..306116b 100644
--- a/server/api/external.js
+++ b/server/api/external.js
@@ -1,7 +1,7 @@
 import config from '../../scripts/load-config'
 import http from '../../scripts/http'
 import models from './models'
-import image from './image'
+import Image from './image'
 import UAPI from './index'
 import qs from 'querystring'
 import oauth from 'oauth-libre'
@@ -173,7 +173,7 @@ const API = {
 
       if (rawData.picture) {
         if (rawData.picture.is_silhouette === false && rawData.picture.url) {
-          let imgdata = await image.downloadImage(rawData.picture.url)
+          let imgdata = await Image.downloadImage(rawData.picture.url)
           if (imgdata && imgdata.fileName) {
             profilepic = imgdata.fileName
           }
@@ -224,7 +224,7 @@ const API = {
       let profilepic = null
 
       if (rawData.profile_image_url_https) {
-        let imgdata = await image.downloadImage(rawData.profile_image_url_https)
+        let imgdata = await Image.downloadImage(rawData.profile_image_url_https)
         if (imgdata && imgdata.fileName) {
           profilepic = imgdata.fileName
         }
@@ -303,7 +303,7 @@ const API = {
     getAvatar: async (rawData) => {
       let profilepic = null
       if (rawData.image) {
-        let imgdata = await image.downloadImage(rawData.image)
+        let imgdata = await Image.downloadImage(rawData.image)
         if (imgdata && imgdata.fileName) {
           profilepic = imgdata.fileName
         }
@@ -345,7 +345,7 @@ const API = {
       let aviSnowflake = rawData.avatar
       if (aviSnowflake) {
         try {
-          let avpt = await image.downloadImage('https://cdn.discordapp.com/avatars/' + rawData.id + '/' + aviSnowflake + '.png')
+          let avpt = await Image.downloadImage('https://cdn.discordapp.com/avatars/' + rawData.id + '/' + aviSnowflake + '.png')
           if (avpt && avpt.fileName) {
             profilepic = avpt.fileName
           }
diff --git a/server/api/index.js b/server/api/index.js
index d359ce2..f7d0f62 100644
--- a/server/api/index.js
+++ b/server/api/index.js
@@ -210,7 +210,7 @@ const API = {
 
       let file = path.join(uploadsDir, user.avatar_file)
       if (await fs.exists(file)) {
-        await fs.unlinkAsync(file)
+        await fs.unlink(file)
       }
 
       return API.User.update(user, {avatar_file: null})
diff --git a/server/routes/index.js b/server/routes/index.js
index f8a7f94..e857f71 100644
--- a/server/routes/index.js
+++ b/server/routes/index.js
@@ -452,6 +452,8 @@ router.post('/reset/:token', csrfValidation, wrap(async (req, res) => {
   try {
     await API.User.Reset.changePassword(user, password, token)
 
+    console.warn('[SECURITY AUDIT] User \'%s\' password has been changed from %s', user.username, req.realIP)
+
     req.flash('message', {error: false, text: 'Your password has been changed successfully. You may now log in!'})
     res.redirect('/login')
   } catch (e) {
diff --git a/templates/reset_password/html.pug b/templates/reset_password/html.pug
index e4c8fce..8a8f29c 100644
--- a/templates/reset_password/html.pug
+++ b/templates/reset_password/html.pug
@@ -2,5 +2,5 @@ h1 Hello, #{display_name}!
 p You've requested to reset your password on Icy Network.
 p Click on or copy the following link into your URL bar in order to reset your Icy Network account password:
 a.activate(href=domain + "/reset/" + reset_token, target="_blank", rel="nofollow")= domain + "/reset/" + reset_token
-p If you did not request for a password reset on Icy Network, please ignore this email.
+p If you did not request a password reset on Icy Network, please ignore this email.
 small This email has been sent to you because of an action performed on the IcyNet.eu website.