krikkert/habitica
1
0
Fork 0
mirror of https://github.com/HabitRPG/habitica.git synced 2025-12-19 15:48:04 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'develop' into api-v3

Browse Source
This commit is contained in:
Blade Barringer
2016-03-28 16:02:04 -05:00
parent 1112d93b15 f4b43f55f0
commit 02a60d90d8
137 changed files with 1041 additions and 896 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
website/src/controllers/api-v2/auth.js
View File

@@ -29,11 +29,11 @@ var accountSuspended = function(uuid){
api.auth = function(req, res, next) {
var uid = req.headers['x-api-user'];
var token = req.headers['x-api-key'];
if (!(uid && token)) return res.json(401, NO_TOKEN_OR_UID);
if (!(uid && token)) return res.status(401).json(NO_TOKEN_OR_UID);
User.findOne({_id: uid, apiToken: token}, function(err, user) {
if (err) return next(err);
if (_.isEmpty(user)) return res.json(401, NO_USER_FOUND);
if (user.auth.blocked) return res.json(401, accountSuspended(user._id));
if (_.isEmpty(user)) return res.status(401).json(NO_USER_FOUND);
if (user.auth.blocked) return res.status(401).json(accountSuspended(user._id));
res.locals.wasModified = req.query._v ? +user._v !== +req.query._v : true;
res.locals.user = user;
@@ -44,10 +44,10 @@ api.auth = function(req, res, next) {
api.authWithSession = function(req, res, next) { //[todo] there is probably a more elegant way of doing this...
if (!(req.session && req.session.userId))
return res.json(401, NO_SESSION_FOUND);
return res.status(401).json(NO_SESSION_FOUND);
User.findOne({_id: req.session.userId}, function(err, user) {
if (err) return next(err);
if (_.isEmpty(user)) return res.json(401, NO_USER_FOUND);
if (_.isEmpty(user)) return res.status(401).json(NO_USER_FOUND);
res.locals.user = user;
next();
});
@@ -57,7 +57,7 @@ api.authWithSession = function(req, res, next) { //[todo] there is probably a mo
api.authWithUrl = function(req, res, next) {
User.findOne({_id:req.query._id, apiToken:req.query.apiToken}, function(err,user){
if (err) return next(err);
if (_.isEmpty(user)) return res.json(401, NO_USER_FOUND);
if (_.isEmpty(user)) return res.status(401).json(NO_USER_FOUND);
res.locals.user = user;
next();
});
@@ -137,8 +137,8 @@ api.registerUser = function(req, res, next) {
}
}]
}, function(err, data) {
if (err) return err.code ? res.json(err.code, err) : next(err);
res.json(200, data.register[0]);
if (err) return err.code ? res.status(err.code).json(err) : next(err);
res.status(200).json(data.register[0]);
});
};
@@ -150,22 +150,22 @@ api.registerUser = function(req, res, next) {
api.loginLocal = function(req, res, next) {
var username = req.body.username;
var password = req.body.password;
if (!(username && password)) return res.json(401, {err:'Missing :username or :password in request body, please provide both'});
if (!(username && password)) return res.status(401).json({err:'Missing :username or :password in request body, please provide both'});
var login = validator.isEmail(username) ?
{'auth.local.email':username.toLowerCase()} : // Emails are all lowercase
{'auth.local.username':username}; // Use the username as the user typed it
User.findOne(login, {auth:1}, function(err, user){
if (err) return next(err);
if (!user) return res.json(401, {err:"Uh-oh - your username or password is incorrect.\n- Make sure your username or email is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login.\n- If you forgot your password, click \"Forgot Password\" on the habitica.com website's login form."});
if (user.auth.blocked) return res.json(401, accountSuspended(user._id));
if (!user) return res.status(401).json({err:"Uh-oh - your username or password is incorrect.\n- Make sure your username or email is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login.\n- If you forgot your password, click \"Forgot Password\" on the habitica.com website's login form."});
if (user.auth.blocked) return res.status(401).json(accountSuspended(user._id));
// We needed the whole user object first so we can get his salt to encrypt password comparison
User.findOne(
{$and: [login, {'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt)}]}
, {_id:1, apiToken:1}
, function(err, user){
if (err) return next(err);
if (!user) return res.json(401,{err:"Uh-oh - your username or password is incorrect.\n- Make sure your username or email is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login.\n- If you forgot your password, click \"Forgot Password\" on the habitica.com website's login form."});
if (!user) return res.status(401).json({err:"Uh-oh - your username or password is incorrect.\n- Make sure your username or email is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login.\n- If you forgot your password, click \"Forgot Password\" on the habitica.com website's login form."});
res.json({id: user._id,token: user.apiToken});
password = null;
});
@@ -179,7 +179,7 @@ api.loginSocial = function(req, res, next) {
var access_token = req.body.authResponse.access_token,
network = req.body.network;
if (network!=='facebook')
return res.json(401, {err:"Only Facebook supported currently."});
return res.status(401).json({err:"Only Facebook supported currently."});
async.auto({
profile: function (cb) {
passport._strategies[network].userProfile(access_token, cb);
@@ -224,10 +224,10 @@ api.loginSocial = function(req, res, next) {
analytics.track('register', analyticsData)
}]
}, function(err, results){
if (err) return res.json(401, {err: err.toString ? err.toString() : err});
if (err) return res.status(401).json({err: err.toString ? err.toString() : err});
var acct = results.register[0] ? results.register[0] : results.register;
if (acct.auth.blocked) return res.json(401, accountSuspended(acct._id));
return res.json(200, {id:acct._id, token:acct.apiToken});
if (acct.auth.blocked) return res.status(401).json(accountSuspended(acct._id));
return res.status(200).json({id:acct._id, token:acct.apiToken});
})
};
@@ -236,13 +236,13 @@ api.loginSocial = function(req, res, next) {
*/
api.deleteSocial = function(req,res,next){
if (!res.locals.user.auth.local.username)
return res.json(401, {err:"Account lacks another authentication method, can't detach Facebook"});
return res.status(401).json({err:"Account lacks another authentication method, can't detach Facebook"});
//FIXME for some reason, the following gives https://gist.github.com/lefnire/f93eb306069b9089d123
//res.locals.user.auth.facebook = null;
//res.locals.user.auth.save(function(err, saved){
User.update({_id:res.locals.user._id}, {$unset:{'auth.facebook':1}}, function(err){
if (err) return next(err);
res.send(200);
res.sendStatus(200);
})
}
@@ -252,11 +252,11 @@ api.resetPassword = function(req, res, next){
newPassword = utils.makeSalt(), // use a salt as the new password too (they'll change it later)
hashed_password = utils.encryptPassword(newPassword, salt);
if(!email) return res.json(400, {err: "Email not provided"});
if(!email) return res.status(400).json({err: "Email not provided"});
User.findOne({'auth.local.email': email}, function(err, user){
if (err) return next(err);
if (!user) return res.send(401, {err:"Sorry, we can't find a user registered with email " + email + "\n- Make sure your email address is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login."});
if (!user) return res.status(401).json({err:"Sorry, we can't find a user registered with email " + email + "\n- Make sure your email address is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login."});
user.auth.local.salt = salt;
user.auth.local.hashed_password = hashed_password;
utils.sendEmail({
@@ -286,7 +286,7 @@ api.changeUsername = function(req, res, next) {
var username = req.body.username;
var lowerCaseUsername = username && username.toLowerCase(); // we search for the lowercased version to intercept duplicates
if(!username) return res.json(400, {err: "Username not provided"});
if(!username) return res.status(400).json({err: "Username not provided"});
async.waterfall([
function(cb){
User.findOne({'auth.local.lowerCaseUsername': lowerCaseUsername}, {auth:1}, cb);
@@ -300,14 +300,14 @@ api.changeUsername = function(req, res, next) {
user.save(cb);
}
], function(err){
if (err) return err.code ? res.json(err.code, err) : next(err);
res.send(200);
if (err) return err.code ? res.status(err.code).json(err) : next(err);
res.sendStatus(200);
})
}
api.changeEmail = function(req, res, next){
var email = req.body.email && req.body.email.toLowerCase(); // emails are all lowercase
if(!email) return res.json(400, {err: "Email not provided"});
if(!email) return res.status(400).json({err: "Email not provided"});
async.waterfall([
function(cb){
@@ -320,8 +320,8 @@ api.changeEmail = function(req, res, next){
res.locals.user.save(cb);
}
], function(err){
if (err) return err.code ? res.json(err.code,err) : next(err);
res.send(200);
if (err) return err.code ? res.status(err.code).json(err) : next(err);
res.sendStatus(200);
})
}
@@ -332,19 +332,19 @@ api.changePassword = function(req, res, next) {
confirmNewPassword = req.body.confirmNewPassword;
if (newPassword != confirmNewPassword)
return res.json(401, {err: "Password & Confirm don't match"});
return res.status(401).json({err: "Password & Confirm don't match"});
var salt = user.auth.local.salt,
hashed_old_password = utils.encryptPassword(oldPassword, salt),
hashed_new_password = utils.encryptPassword(newPassword, salt);
if (hashed_old_password !== user.auth.local.hashed_password)
return res.json(401, {err:"Old password doesn't match"});
return res.status(401).json({err:"Old password doesn't match"});
user.auth.local.hashed_password = hashed_new_password;
user.save(function(err, saved){
if (err) next(err);
res.send(200);
res.sendStatus(200);
})
};
@@ -363,7 +363,7 @@ api.getFirebaseToken = function(req, res, next) {
expires: expires
});
res.json(200, {
res.status(200).json({
token: token,
expires: expires
});