email changing, fix message box
This commit is contained in:
parent
497ac86980
commit
9441bfc74c
GPG Key ID:
1688DA83D222D0B5
|
|
@ -1,5 +1,5 @@
|
|||
# IcyNet.eu
|
||||
Icy Network Primary Web Application - Authentication and News - Coming Soon
|
||||
Icy Network Primary Web Application - Authentication and News
|
||||
|
||||
## About Icy Network
|
||||
Icy Network is a community network aimed at anyone who likes friendly discussions and playing multiplayer games, such as Minecraft.
|
||||
|
|
@ -7,7 +7,6 @@ Icy Network is a community network aimed at anyone who likes friendly discussion
|
|||
### Currently IcyNet-owned community platforms
|
||||
* mc.icynet.eu - Minecraft Server
|
||||
* [Discord server](https://discord.gg/Xe7MKSx)
|
||||
* matrix.icynet.eu - Matrix server
|
||||
* icynet.ml - IRC Network
|
||||
|
||||
## The Goal of this Application
|
||||
|
|
|
|||
|
|
@ -184,6 +184,19 @@ router.get('/user/manage/password', wrap(async (req, res) => {
|
|||
res.render('password_new')
|
||||
}))
|
||||
|
||||
router.get('/user/manage/email', wrap(async (req, res) => {
|
||||
if (!req.session.user) return res.redirect('/login')
|
||||
|
||||
let obfuscated = req.session.user.email
|
||||
if (obfuscated) {
|
||||
let split = obfuscated.split('@')
|
||||
let rep = split[0].charAt(0) + '***' + split[0].charAt(split[0].length - 1)
|
||||
obfuscated = rep + '@' + split[1]
|
||||
}
|
||||
|
||||
res.render('email_change', {email: obfuscated})
|
||||
}))
|
||||
|
||||
/*
|
||||
=================
|
||||
POST HANDLING
|
||||
|
|
@ -484,6 +497,53 @@ router.post('/user/manage/password', wrap(async (req, res, next) => {
|
|||
return res.redirect('/user/manage')
|
||||
}))
|
||||
|
||||
router.post('/user/manage/email', wrap(async (req, res, next) => {
|
||||
if (!req.session.user) return next()
|
||||
|
||||
if (req.body.csrf !== req.session.csrf) {
|
||||
return formError(req, res, 'Invalid session! Try reloading the page.')
|
||||
}
|
||||
|
||||
let user = req.session.user
|
||||
let email = req.body.email
|
||||
let newEmail = req.body.email_new
|
||||
let password = req.body.password
|
||||
|
||||
if (!password || !newEmail || (!email && user.email != null)) {
|
||||
return formError(req, res, 'Please fill in all of the fields.')
|
||||
}
|
||||
|
||||
if (req.session.user.email != null && email !== user.email) {
|
||||
return formError(req, res, 'The email you provided is incorrect.')
|
||||
}
|
||||
|
||||
let passwordMatch = await API.User.Login.password(user, password)
|
||||
if (!passwordMatch) {
|
||||
return formError(req, res, 'The password you provided is incorrect.')
|
||||
}
|
||||
|
||||
let emailValid = API.User.Register.validateEmail(newEmail)
|
||||
if (!emailValid) {
|
||||
return formError(req, res, 'Invalid email address.')
|
||||
}
|
||||
|
||||
let success = await API.User.update(user, {
|
||||
email: newEmail
|
||||
})
|
||||
|
||||
if (success.error) {
|
||||
return formError(req, res, success.error)
|
||||
}
|
||||
|
||||
// TODO: Send necessary emails
|
||||
console.warn('[SECURITY AUDIT] User \'%s\' email has been changed from %s', user.username, req.realIP)
|
||||
|
||||
req.session.user.email = newEmail
|
||||
|
||||
req.flash('message', {error: false, text: 'Email changed successfully.'})
|
||||
return res.redirect('/user/manage')
|
||||
}))
|
||||
|
||||
/*
|
||||
=============
|
||||
DOCUMENTS
|
||||
|
|
|
|||
|
|
@ -339,6 +339,16 @@ span.divider
|
|||
color: #FF5722
|
||||
font-weight: bold
|
||||
|
||||
.message
|
||||
display: block
|
||||
margin: 1px
|
||||
padding: 5px
|
||||
background-color: #a6ffb5
|
||||
border: 1px solid green
|
||||
&.error
|
||||
background-color: #ff8484
|
||||
border: 1px solid maroon
|
||||
|
||||
.application
|
||||
height: 140px
|
||||
.picture
|
||||
|
|
|
|||
|
|
@ -0,0 +1,28 @@
|
|||
extends layout.pug
|
||||
block title
|
||||
|Icy Network - Change User Email
|
||||
|
||||
block body
|
||||
.wrapper
|
||||
.boxcont
|
||||
.box#totpcheck
|
||||
h1 Change Your Email
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
form#loginForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
if email
|
||||
label(for="email") Current Email Address
|
||||
small Email Hint: #{email}
|
||||
br
|
||||
input(type="email", name="email", id="email")
|
||||
label(for="email_new") New Email Address
|
||||
input(type="email", name="email_new", id="email_new")
|
||||
label(for="password") Password
|
||||
input(type="password", name="password", id="password")
|
||||
input(type="submit", value="Change")
|
||||
|
|
@ -8,12 +8,13 @@ block body
|
|||
.box#login
|
||||
h1 Log in
|
||||
.left
|
||||
if message
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
span #{message.text}
|
||||
form#loginForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
label(for="username") Username or Email Address
|
||||
|
|
|
|||
|
|
@ -8,12 +8,13 @@ block body
|
|||
.box#totpcheck
|
||||
h1 Enter your password
|
||||
small.descr This action requires your password to continue
|
||||
if message
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
span #{message.text}
|
||||
form#loginForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
label(for="password") Password
|
||||
|
|
|
|||
|
|
@ -7,12 +7,13 @@ block body
|
|||
.boxcont
|
||||
.box#totpcheck
|
||||
h1 Change Your Password
|
||||
if message
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
span #{message.text}
|
||||
form#loginForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
if !token
|
||||
|
|
|
|||
|
|
@ -8,12 +8,13 @@ block body
|
|||
.box#login
|
||||
h1 Create a new account
|
||||
.left
|
||||
if message
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
span #{message.text}
|
||||
form#loginForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
label(for="username") Username
|
||||
|
|
|
|||
|
|
@ -8,12 +8,13 @@ block body
|
|||
.box#settings
|
||||
h1 User Settings
|
||||
.left
|
||||
if message
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
span #{message.text}
|
||||
form#loginForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
label(for="username") Username
|
||||
|
|
|
|||
|
|
@ -8,12 +8,13 @@ block body
|
|||
.box#totpcheck
|
||||
h1 Enter Code
|
||||
small.descr This user has Two Factor Authentication enabled. Enter the code to log in.
|
||||
if message
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
span #{message.text}
|
||||
form#loginForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
label(for="code") Code
|
||||
|
|
|
|||
|
|
@ -8,12 +8,13 @@ block body
|
|||
.box#login
|
||||
h1 Two Factor Authentication
|
||||
.left
|
||||
if message
|
||||
if message.text
|
||||
if message.error
|
||||
.message.error
|
||||
span #{message.text}
|
||||
else
|
||||
.message
|
||||
span #{message.text}
|
||||
span #{message.text}
|
||||
img.qr(src="//api.qrserver.com/v1/create-qr-code/?data=" + uri)
|
||||
form#totpForm(method="POST", action="")
|
||||
input(type="hidden", name="csrf", value=csrf)
|
||||
|
|
|
|||
Reference in New Issue