From 9441bfc74c1932b254a633e4a9b266b9fcbb5563 Mon Sep 17 00:00:00 2001 From: Evert Date: Thu, 24 Aug 2017 23:02:52 +0300 Subject: [PATCH] email changing, fix message box --- README.md | 3 +-- server/routes/index.js | 60 ++++++++++++++++++++++++++++++++++++++++++ src/style/main.styl | 10 +++++++ views/email_change.pug | 28 ++++++++++++++++++++ views/login.pug | 5 ++-- views/password.pug | 5 ++-- views/password_new.pug | 5 ++-- views/register.pug | 5 ++-- views/settings.pug | 5 ++-- views/totp-check.pug | 5 ++-- views/totp.pug | 5 ++-- 11 files changed, 120 insertions(+), 16 deletions(-) create mode 100644 views/email_change.pug diff --git a/README.md b/README.md index 8b399af..cdfc48b 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,5 @@ # IcyNet.eu -Icy Network Primary Web Application - Authentication and News - Coming Soon +Icy Network Primary Web Application - Authentication and News ## About Icy Network Icy Network is a community network aimed at anyone who likes friendly discussions and playing multiplayer games, such as Minecraft. @@ -7,7 +7,6 @@ Icy Network is a community network aimed at anyone who likes friendly discussion ### Currently IcyNet-owned community platforms * mc.icynet.eu - Minecraft Server * [Discord server](https://discord.gg/Xe7MKSx) -* matrix.icynet.eu - Matrix server * icynet.ml - IRC Network ## The Goal of this Application diff --git a/server/routes/index.js b/server/routes/index.js index b1c2fa8..544813e 100644 --- a/server/routes/index.js +++ b/server/routes/index.js @@ -184,6 +184,19 @@ router.get('/user/manage/password', wrap(async (req, res) => { res.render('password_new') })) +router.get('/user/manage/email', wrap(async (req, res) => { + if (!req.session.user) return res.redirect('/login') + + let obfuscated = req.session.user.email + if (obfuscated) { + let split = obfuscated.split('@') + let rep = split[0].charAt(0) + '***' + split[0].charAt(split[0].length - 1) + obfuscated = rep + '@' + split[1] + } + + res.render('email_change', {email: obfuscated}) +})) + /* ================= POST HANDLING @@ -484,6 +497,53 @@ router.post('/user/manage/password', wrap(async (req, res, next) => { return res.redirect('/user/manage') })) +router.post('/user/manage/email', wrap(async (req, res, next) => { + if (!req.session.user) return next() + + if (req.body.csrf !== req.session.csrf) { + return formError(req, res, 'Invalid session! Try reloading the page.') + } + + let user = req.session.user + let email = req.body.email + let newEmail = req.body.email_new + let password = req.body.password + + if (!password || !newEmail || (!email && user.email != null)) { + return formError(req, res, 'Please fill in all of the fields.') + } + + if (req.session.user.email != null && email !== user.email) { + return formError(req, res, 'The email you provided is incorrect.') + } + + let passwordMatch = await API.User.Login.password(user, password) + if (!passwordMatch) { + return formError(req, res, 'The password you provided is incorrect.') + } + + let emailValid = API.User.Register.validateEmail(newEmail) + if (!emailValid) { + return formError(req, res, 'Invalid email address.') + } + + let success = await API.User.update(user, { + email: newEmail + }) + + if (success.error) { + return formError(req, res, success.error) + } + + // TODO: Send necessary emails + console.warn('[SECURITY AUDIT] User \'%s\' email has been changed from %s', user.username, req.realIP) + + req.session.user.email = newEmail + + req.flash('message', {error: false, text: 'Email changed successfully.'}) + return res.redirect('/user/manage') +})) + /* ============= DOCUMENTS diff --git a/src/style/main.styl b/src/style/main.styl index 2a38c13..35ba716 100644 --- a/src/style/main.styl +++ b/src/style/main.styl @@ -339,6 +339,16 @@ span.divider color: #FF5722 font-weight: bold +.message + display: block + margin: 1px + padding: 5px + background-color: #a6ffb5 + border: 1px solid green + &.error + background-color: #ff8484 + border: 1px solid maroon + .application height: 140px .picture diff --git a/views/email_change.pug b/views/email_change.pug new file mode 100644 index 0000000..7d89ecf --- /dev/null +++ b/views/email_change.pug @@ -0,0 +1,28 @@ +extends layout.pug +block title + |Icy Network - Change User Email + +block body + .wrapper + .boxcont + .box#totpcheck + h1 Change Your Email + if message.text + if message.error + .message.error + span #{message.text} + else + .message + span #{message.text} + form#loginForm(method="POST", action="") + input(type="hidden", name="csrf", value=csrf) + if email + label(for="email") Current Email Address + small Email Hint: #{email} + br + input(type="email", name="email", id="email") + label(for="email_new") New Email Address + input(type="email", name="email_new", id="email_new") + label(for="password") Password + input(type="password", name="password", id="password") + input(type="submit", value="Change") diff --git a/views/login.pug b/views/login.pug index d1e36ba..2a32240 100644 --- a/views/login.pug +++ b/views/login.pug @@ -8,12 +8,13 @@ block body .box#login h1 Log in .left - if message + if message.text if message.error .message.error + span #{message.text} else .message - span #{message.text} + span #{message.text} form#loginForm(method="POST", action="") input(type="hidden", name="csrf", value=csrf) label(for="username") Username or Email Address diff --git a/views/password.pug b/views/password.pug index 70c03ff..eadfbe2 100644 --- a/views/password.pug +++ b/views/password.pug @@ -8,12 +8,13 @@ block body .box#totpcheck h1 Enter your password small.descr This action requires your password to continue - if message + if message.text if message.error .message.error + span #{message.text} else .message - span #{message.text} + span #{message.text} form#loginForm(method="POST", action="") input(type="hidden", name="csrf", value=csrf) label(for="password") Password diff --git a/views/password_new.pug b/views/password_new.pug index 806a952..d0381de 100644 --- a/views/password_new.pug +++ b/views/password_new.pug @@ -7,12 +7,13 @@ block body .boxcont .box#totpcheck h1 Change Your Password - if message + if message.text if message.error .message.error + span #{message.text} else .message - span #{message.text} + span #{message.text} form#loginForm(method="POST", action="") input(type="hidden", name="csrf", value=csrf) if !token diff --git a/views/register.pug b/views/register.pug index ffc738e..1f18486 100644 --- a/views/register.pug +++ b/views/register.pug @@ -8,12 +8,13 @@ block body .box#login h1 Create a new account .left - if message + if message.text if message.error .message.error + span #{message.text} else .message - span #{message.text} + span #{message.text} form#loginForm(method="POST", action="") input(type="hidden", name="csrf", value=csrf) label(for="username") Username diff --git a/views/settings.pug b/views/settings.pug index b92d0eb..3937ce6 100644 --- a/views/settings.pug +++ b/views/settings.pug @@ -8,12 +8,13 @@ block body .box#settings h1 User Settings .left - if message + if message.text if message.error .message.error + span #{message.text} else .message - span #{message.text} + span #{message.text} form#loginForm(method="POST", action="") input(type="hidden", name="csrf", value=csrf) label(for="username") Username diff --git a/views/totp-check.pug b/views/totp-check.pug index 8524ac5..b3beef3 100644 --- a/views/totp-check.pug +++ b/views/totp-check.pug @@ -8,12 +8,13 @@ block body .box#totpcheck h1 Enter Code small.descr This user has Two Factor Authentication enabled. Enter the code to log in. - if message + if message.text if message.error .message.error + span #{message.text} else .message - span #{message.text} + span #{message.text} form#loginForm(method="POST", action="") input(type="hidden", name="csrf", value=csrf) label(for="code") Code diff --git a/views/totp.pug b/views/totp.pug index c9b62d1..1629c0c 100644 --- a/views/totp.pug +++ b/views/totp.pug @@ -8,12 +8,13 @@ block body .box#login h1 Two Factor Authentication .left - if message + if message.text if message.error .message.error + span #{message.text} else .message - span #{message.text} + span #{message.text} img.qr(src="//api.qrserver.com/v1/create-qr-code/?data=" + uri) form#totpForm(method="POST", action="") input(type="hidden", name="csrf", value=csrf)