zydronium/enigma-bbs
1
0
Fork 0
mirror of https://github.com/NuSkooler/enigma-bbs.git synced 2025-07-20 09:45:53 +02:00
Code Issues Projects Releases Packages Wiki Activity

Pardon the noise. More tab to space conversion!

Browse source
This commit is contained in:
Bryan Ashby 2018-06-22 21:26:46 -06:00
parent c3635bb26b
commit 1d8be6b014
128 changed files with 8017 additions and 8017 deletions
Download patch file Download diff file Expand all files Collapse all files

128
core/web_password_reset.js
View file

@ -1,29 +1,29 @@
/* jslint node: true */
'use strict';
// ENiGMA½
const Config = require('./config.js').get;
const Errors = require('./enig_error.js').Errors;
const getServer = require('./listening_server.js').getServer;
const webServerPackageName = require('./servers/content/web.js').moduleInfo.packageName;
const User = require('./user.js');
const userDb = require('./database.js').dbs.user;
const getISOTimestampString = require('./database.js').getISOTimestampString;
const Log = require('./logger.js').log;
// ENiGMA½
const Config = require('./config.js').get;
const Errors = require('./enig_error.js').Errors;
const getServer = require('./listening_server.js').getServer;
const webServerPackageName = require('./servers/content/web.js').moduleInfo.packageName;
const User = require('./user.js');
const userDb = require('./database.js').dbs.user;
const getISOTimestampString = require('./database.js').getISOTimestampString;
const Log = require('./logger.js').log;
// deps
const async = require('async');
const crypto = require('crypto');
const fs = require('graceful-fs');
const url = require('url');
const querystring = require('querystring');
// deps
const async = require('async');
const crypto = require('crypto');
const fs = require('graceful-fs');
const url = require('url');
const querystring = require('querystring');
const PW_RESET_EMAIL_TEXT_TEMPLATE_DEFAULT =
`%USERNAME%:
`%USERNAME%:
a password reset has been requested for your account on %BOARDNAME%.
* If this was not you, please ignore this email.
* Otherwise, follow this link: %RESET_URL%
* If this was not you, please ignore this email.
* Otherwise, follow this link: %RESET_URL%
`;
function getWebServer() {
@ -67,7 +67,7 @@ class WebPasswordReset {
},
function generateAndStoreResetToken(user, callback) {
//
// Reset "token" is simply HEX encoded cryptographically generated bytes
// Reset "token" is simply HEX encoded cryptographically generated bytes
//
crypto.randomBytes(256, (err, token) => {
if(err) {
@ -77,11 +77,11 @@ class WebPasswordReset {
token = token.toString('hex');
const newProperties = {
email_password_reset_token : token,
email_password_reset_token_ts : getISOTimestampString(),
email_password_reset_token : token,
email_password_reset_token_ts : getISOTimestampString(),
};
// we simply place the reset token in the user's properties
// we simply place the reset token in the user's properties
user.persistProperties(newProperties, err => {
return callback(err, user);
});
@ -107,10 +107,10 @@ class WebPasswordReset {
function replaceTokens(s) {
return s
.replace(/%BOARDNAME%/g, Config().general.boardName)
.replace(/%USERNAME%/g, user.username)
.replace(/%TOKEN%/g, user.properties.email_password_reset_token)
.replace(/%RESET_URL%/g, resetUrl)
.replace(/%BOARDNAME%/g, Config().general.boardName)
.replace(/%USERNAME%/g, user.username)
.replace(/%TOKEN%/g, user.properties.email_password_reset_token)
.replace(/%RESET_URL%/g, resetUrl)
;
}
@ -120,11 +120,11 @@ class WebPasswordReset {
}
const message = {
to : `${user.properties.display_name||user.username} <${user.properties.email_address}>`,
// from will be filled in
subject : 'Forgot Password',
text : textTemplate,
html : htmlTemplate,
to : `${user.properties.display_name||user.username} <${user.properties.email_address}>`,
// from will be filled in
subject : 'Forgot Password',
text : textTemplate,
html : htmlTemplate,
};
sendMail(message, (err, info) => {
@ -145,32 +145,32 @@ class WebPasswordReset {
}
static scheduleEvents(cb) {
// :TODO: schedule ~daily cleanup task
// :TODO: schedule ~daily cleanup task
return cb(null);
}
static registerRoutes(cb) {
const webServer = getWebServer();
if(!webServer) {
return cb(null); // no webserver enabled
return cb(null); // no webserver enabled
}
if(!webServer.instance.isEnabled()) {
return cb(null); // no error, but we're not serving web stuff
return cb(null); // no error, but we're not serving web stuff
}
[
{
// this is the page displayed to user when they GET it
method : 'GET',
path : '^\\/reset_password\\?token\\=[a-f0-9]+$', // Config.contentServers.web.forgotPasswordPageTemplate
handler : WebPasswordReset.routeResetPasswordGet,
// this is the page displayed to user when they GET it
method : 'GET',
path : '^\\/reset_password\\?token\\=[a-f0-9]+$', // Config.contentServers.web.forgotPasswordPageTemplate
handler : WebPasswordReset.routeResetPasswordGet,
},
// POST handler for performing the actual reset
// POST handler for performing the actual reset
{
method : 'POST',
path : '^\\/reset_password$',
handler : WebPasswordReset.routeResetPasswordPost,
method : 'POST',
path : '^\\/reset_password$',
handler : WebPasswordReset.routeResetPasswordPost,
}
].forEach(r => {
webServer.instance.addRoute(r);
@ -213,10 +213,10 @@ class WebPasswordReset {
}
static routeResetPasswordGet(req, resp) {
const webServer = getWebServer(); // must be valid, we just got a req!
const webServer = getWebServer(); // must be valid, we just got a req!
const urlParts = url.parse(req.url, true);
const token = urlParts.query && urlParts.query.token;
const urlParts = url.parse(req.url, true);
const token = urlParts.query && urlParts.query.token;
if(!token) {
return WebPasswordReset.accessDenied(webServer, resp);
@ -224,7 +224,7 @@ class WebPasswordReset {
WebPasswordReset.getUserByToken(token, (err, user) => {
if(err) {
// assume it's expired
// assume it's expired
return webServer.instance.respondWithError(resp, 410, 'Invalid or expired reset link.', 'Expired Link');
}
@ -236,11 +236,11 @@ class WebPasswordReset {
(templateData, preprocessFinished) => {
const finalPage = templateData
.replace(/%BOARDNAME%/g, config.general.boardName)
.replace(/%USERNAME%/g, user.username)
.replace(/%TOKEN%/g, token)
.replace(/%RESET_URL%/g, postResetUrl)
;
.replace(/%BOARDNAME%/g, config.general.boardName)
.replace(/%USERNAME%/g, user.username)
.replace(/%TOKEN%/g, token)
.replace(/%RESET_URL%/g, postResetUrl)
;
return preprocessFinished(null, finalPage);
},
@ -250,7 +250,7 @@ class WebPasswordReset {
}
static routeResetPasswordPost(req, resp) {
const webServer = getWebServer(); // must be valid, we just got a req!
const webServer = getWebServer(); // must be valid, we just got a req!
let bodyData = '';
req.on('data', data => {
@ -266,8 +266,8 @@ class WebPasswordReset {
const config = Config();
if(!formData.token || !formData.password || !formData.confirm_password ||
formData.password !== formData.confirm_password ||
formData.password.length < config.users.passwordMin || formData.password.length > config.users.passwordMax)
formData.password !== formData.confirm_password ||
formData.password.length < config.users.passwordMin || formData.password.length > config.users.passwordMax)
{
return badRequest();
}
@ -282,7 +282,7 @@ class WebPasswordReset {
return badRequest();
}
// delete assoc properties - no need to wait for completion
// delete assoc properties - no need to wait for completion
user.removeProperty('email_password_reset_token');
user.removeProperty('email_password_reset_token_ts');
@ -298,15 +298,15 @@ function performMaintenanceTask(args, cb) {
const forgotPassExpireTime = args[0] || '24 hours';
// remove all reset token associated properties older than |forgotPassExpireTime|
// remove all reset token associated properties older than |forgotPassExpireTime|
userDb.run(
`DELETE FROM user_property
WHERE user_id IN (
SELECT user_id
FROM user_property
WHERE prop_name = "email_password_reset_token_ts"
AND DATETIME("now") >= DATETIME(prop_value, "+${forgotPassExpireTime}")
) AND prop_name IN ("email_password_reset_token_ts", "email_password_reset_token");`,
WHERE user_id IN (
SELECT user_id
FROM user_property
WHERE prop_name = "email_password_reset_token_ts"
AND DATETIME("now") >= DATETIME(prop_value, "+${forgotPassExpireTime}")
) AND prop_name IN ("email_password_reset_token_ts", "email_password_reset_token");`,
err => {
if(err) {
Log.warn( { error : err.message }, 'Failed deleting old email reset tokens');
@ -316,5 +316,5 @@ function performMaintenanceTask(args, cb) {
);
}
exports.WebPasswordReset = WebPasswordReset;
exports.performMaintenanceTask = performMaintenanceTask;
exports.WebPasswordReset = WebPasswordReset;
exports.performMaintenanceTask = performMaintenanceTask;