forked from rjvigilant/dvna
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathauthHandler.js
105 lines (99 loc) · 2.45 KB
/
authHandler.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
var db = require('../models')
var bCrypt = require('bcrypt')
var md5 = require('md5')
module.exports.isAuthenticated = function (req, res, next) {
if (req.isAuthenticated()) {
req.flash('authenticated', true)
return next();
}
res.redirect('/login');
}
module.exports.isNotAuthenticated = function (req, res, next) {
if (!req.isAuthenticated())
return next();
res.redirect('/learn');
}
module.exports.forgotPw = function (req, res) {
if (req.body.login) {
db.User.find({
where: {
'login': req.body.login
}
}).then(user => {
if (user) {
// Send reset link via email happens here
req.flash('info', 'Check email for reset link')
res.redirect('/login')
} else {
req.flash('danger', "Invalid login username")
res.redirect('/forgotpw')
}
})
} else {
req.flash('danger', "Invalid login username")
res.redirect('/forgotpw')
}
}
module.exports.resetPw = function (req, res) {
if (req.query.login) {
db.User.find({
where: {
'login': req.query.login
}
}).then(user => {
if (user) {
if (req.query.token == md5(req.query.login)) {
res.render('resetpw', {
login: req.query.login,
token: req.query.token
})
} else {
req.flash('danger', "Invalid reset token")
res.redirect('/forgotpw')
}
} else {
req.flash('danger', "Invalid login username")
res.redirect('/forgotpw')
}
})
} else {
req.flash('danger', "Non Existant login username")
res.redirect('/forgotpw')
}
}
module.exports.resetPwSubmit = function (req, res) {
if (req.body.password && req.body.cpassword && req.body.login && req.body.token) {
if (req.body.password == req.body.cpassword) {
db.User.find({
where: {
'login': req.body.login
}
}).then(user => {
if (user) {
if (req.body.token == md5(req.body.login)) {
user.password = bCrypt.hashSync(req.body.password, bCrypt.genSaltSync(10), null)
user.save().then(function () {
req.flash('success', "Passowrd successfully reset")
res.redirect('/login')
})
} else {
req.flash('danger', "Invalid reset token")
res.redirect('/forgotpw')
}
} else {
req.flash('danger', "Invalid login username")
res.redirect('/forgotpw')
}
})
} else {
req.flash('danger', "Passowords do not match")
res.render('resetpw', {
login: req.query.login,
token: req.query.token
})
}
} else {
req.flash('danger', "Invalid request")
res.redirect('/forgotpw')
}
}