mirror of
https://github.com/HabitRPG/habitica.git
synced 2025-12-14 13:17:24 +01:00
Merge branch 'develop' of github.com:HabitRPG/habitrpg into common-convert
Conflicts: bower.json public/manifest.json src/controllers/auth.js
This commit is contained in:
Blade Barringer
@@ -110,7 +110,7 @@ module.exports = function(grunt) {
|
||||
|
||||
//Load build files from public/manifest.json
|
||||
grunt.registerTask('loadManifestFiles', 'Load all build files from public/manifest.json', function(){
|
||||
var files = grunt.file.readJSON('./public/manifest.json');
|
||||
var files = grunt.file.readJSON('./website/public/manifest.json');
|
||||
var uglify = {};
|
||||
var cssmin = {};
|
||||
|
||||
@@ -130,6 +130,8 @@ module.exports = function(grunt) {
|
||||
});
|
||||
|
||||
});
|
||||
console.log(uglify);
|
||||
console.log(cssmin);
|
||||
|
||||
grunt.config.set('uglify.build.files', uglify);
|
||||
grunt.config.set('uglify.build.options', {compress: false});
|
||||
@@ -142,6 +144,7 @@ module.exports = function(grunt) {
|
||||
// Register tasks.
|
||||
grunt.registerTask('build:prod', ['loadManifestFiles', 'clean:build', 'uglify', 'stylus', 'cssmin', 'copy:build', 'hashres']);
|
||||
grunt.registerTask('build:dev', ['stylus']);
|
||||
grunt.registerTask('test', ['loadManifestFiles', 'uglify', 'cssmin']);
|
||||
|
||||
grunt.registerTask('run:dev', [ 'build:dev', 'concurrent' ]);
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@
|
||||
"angular-loading-bar": "~0.6.0",
|
||||
"bootstrap": "~3.1.0",
|
||||
"bootstrap-growl": "git://github.com/ifightcrime/bootstrap-growl.git#master",
|
||||
"bootstrap-tour": "~0.8.1",
|
||||
"bootstrap-tour": "~0.10.1",
|
||||
"BrowserQuest": "git://github.com/browserquest/BrowserQuest.git",
|
||||
"github-buttons": "git://github.com/mdo/github-buttons.git",
|
||||
"marked": "~0.2.9",
|
||||
|
||||
41
gulpfile.js
41
gulpfile.js
@@ -21,6 +21,7 @@ var gulp = require('gulp'),
|
||||
pkg = require('./package');
|
||||
|
||||
var paths = {
|
||||
build: "./website/build",
|
||||
stylus: {
|
||||
src: {
|
||||
app: './website/public/css/index.styl',
|
||||
@@ -165,6 +166,7 @@ gulp.task('sprite', function(cb) {
|
||||
STEP++;
|
||||
console.log("Finished spritesmith" + key + ".png");
|
||||
if(STEP >= COUNT) {
|
||||
console.log(paths.sprites.cssminSrc);
|
||||
gulp.src(paths.sprites.cssminSrc)
|
||||
.pipe(concat('habitrpg-shared.css'))
|
||||
.pipe(cssmin())
|
||||
@@ -185,6 +187,45 @@ gulp.task('browserify', function() {
|
||||
.pipe(gulp.dest(paths.common.dest))
|
||||
})
|
||||
|
||||
gulp.task('build', function() {
|
||||
var files = require('./website/public/manifest');
|
||||
var uglifySrc = {};
|
||||
var cssminSrc = {};
|
||||
|
||||
_.each(files, function(val, key){
|
||||
|
||||
var js = uglifySrc[key + '.js'] = [];
|
||||
|
||||
_.each(files[key]['js'], function(val){
|
||||
js.push('./website/public/' + val);
|
||||
});
|
||||
|
||||
var css = cssminSrc[key + '.css'] = [];
|
||||
|
||||
_.each(files[key]['css'], function(val){
|
||||
var path = (val == 'app.css' || val == 'static.css') ? paths.build : './website/public/';
|
||||
css.push(path + val)
|
||||
});
|
||||
|
||||
});
|
||||
|
||||
// Concat CSS
|
||||
_.each(cssminSrc, function(val, key) {
|
||||
gulp.src(val)
|
||||
.pipe(concat(key))
|
||||
.pipe(cssmin())
|
||||
.pipe(gulp.dest(paths.build))
|
||||
});
|
||||
|
||||
// Uglify JS
|
||||
_.each(uglifySrc, function(val, key) {
|
||||
gulp.src(val)
|
||||
.pipe(concat(key))
|
||||
.pipe(uglify())
|
||||
.pipe(gulp.dest(paths.build))
|
||||
});
|
||||
});
|
||||
|
||||
gulp.task('watch', ['stylus', 'browserify'], function() {
|
||||
gulp.watch(paths.stylus.watch, ['stylus']);
|
||||
gulp.watch(paths.common.watch, ['browserify']);
|
||||
|
||||
307
src/controllers/auth.js
Normal file
307
src/controllers/auth.js
Normal file
@@ -0,0 +1,307 @@
|
||||
var _ = require('lodash');
|
||||
var validator = require('validator');
|
||||
var passport = require('passport');
|
||||
var shared = require('habitrpg-shared');
|
||||
var async = require('async');
|
||||
var utils = require('../utils');
|
||||
var nconf = require('nconf');
|
||||
var request = require('request');
|
||||
var User = require('../models/user').model;
|
||||
var ga = require('./../utils').ga;
|
||||
var i18n = require('./../i18n');
|
||||
|
||||
var isProd = nconf.get('NODE_ENV') === 'production';
|
||||
|
||||
var api = module.exports;
|
||||
|
||||
var NO_TOKEN_OR_UID = { err: "You must include a token and uid (user id) in your request"};
|
||||
var NO_USER_FOUND = {err: "No user found."};
|
||||
var NO_SESSION_FOUND = { err: "You must be logged in." };
|
||||
var accountSuspended = function(uuid){
|
||||
return {
|
||||
err: 'Account has been suspended, please contact leslie@habitrpg.com with your UUID ('+uuid+') for assistance.',
|
||||
code: 'ACCOUNT_SUSPENDED'
|
||||
};
|
||||
}
|
||||
// Allow case-insensitive regex searching for Mongo queries. See http://stackoverflow.com/a/3561711/362790
|
||||
var RegexEscape = function(s){
|
||||
return new RegExp('^' + s.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&') + '$', 'i');
|
||||
}
|
||||
|
||||
api.auth = function(req, res, next) {
|
||||
var uid = req.headers['x-api-user'];
|
||||
var token = req.headers['x-api-key'];
|
||||
if (!(uid && token)) return res.json(401, NO_TOKEN_OR_UID);
|
||||
User.findOne({_id: uid,apiToken: token}, function(err, user) {
|
||||
if (err) return next(err);
|
||||
if (_.isEmpty(user)) return res.json(401, NO_USER_FOUND);
|
||||
if (user.auth.blocked) return res.json(401, accountSuspended(user._id));
|
||||
|
||||
res.locals.wasModified = req.query._v ? +user._v !== +req.query._v : true;
|
||||
res.locals.user = user;
|
||||
req.session.userId = user._id;
|
||||
return next();
|
||||
});
|
||||
};
|
||||
|
||||
api.authWithSession = function(req, res, next) { //[todo] there is probably a more elegant way of doing this...
|
||||
if (!(req.session && req.session.userId))
|
||||
return res.json(401, NO_SESSION_FOUND);
|
||||
User.findOne({_id: req.session.userId}, function(err, user) {
|
||||
if (err) return next(err);
|
||||
if (_.isEmpty(user)) return res.json(401, NO_USER_FOUND);
|
||||
res.locals.user = user;
|
||||
next();
|
||||
});
|
||||
};
|
||||
|
||||
api.authWithUrl = function(req, res, next) {
|
||||
User.findOne({_id:req.query._id, apiToken:req.query.apiToken}, function(err,user){
|
||||
if (err) return next(err);
|
||||
if (_.isEmpty(user)) return res.json(401, NO_USER_FOUND);
|
||||
res.locals.user = user;
|
||||
next();
|
||||
})
|
||||
}
|
||||
|
||||
api.registerUser = function(req, res, next) {
|
||||
async.auto({
|
||||
validate: function(cb) {
|
||||
if (!(req.body.username && req.body.password && req.body.email))
|
||||
return cb({code:401, err: ":username, :email, :password, :confirmPassword required"});
|
||||
if (req.body.password !== req.body.confirmPassword)
|
||||
return cb({code:401, err: ":password and :confirmPassword don't match"});
|
||||
if (!validator.isEmail(req.body.email))
|
||||
return cb({code:401, err: ":email invalid"});
|
||||
cb();
|
||||
},
|
||||
findEmail: function(cb) {
|
||||
User.findOne({'auth.local.email': RegexEscape(req.body.email)}, {_id:1}, cb);
|
||||
},
|
||||
findUname: function(cb) {
|
||||
User.findOne({'auth.local.username': RegexEscape(req.body.username)}, {_id:1}, cb);
|
||||
},
|
||||
findFacebook: function(cb){
|
||||
User.findOne({_id: req.headers['x-api-user'], apiToken: req.headers['x-api-key']}, {auth:1}, cb);
|
||||
},
|
||||
register: ['validate', 'findEmail', 'findUname', 'findFacebook', function(cb, data) {
|
||||
if (data.findEmail) return cb({code:401, err:"Email already taken"});
|
||||
if (data.findUname) return cb({code:401, err:"Username already taken"});
|
||||
var salt = utils.makeSalt();
|
||||
var newUser = {
|
||||
auth: {
|
||||
local: {
|
||||
username: req.body.username,
|
||||
email: req.body.email,
|
||||
salt: salt,
|
||||
hashed_password: utils.encryptPassword(req.body.password, salt)
|
||||
},
|
||||
timestamps: {created: +new Date(), loggedIn: +new Date()}
|
||||
}
|
||||
};
|
||||
// existing user, allow them to add local authentication
|
||||
if (data.findFacebook) {
|
||||
data.findFacebook.auth.local = newUser.auth.local;
|
||||
data.findFacebook.save(cb);
|
||||
// new user, register them
|
||||
} else {
|
||||
newUser.preferences = newUser.preferences || {};
|
||||
newUser.preferences.language = req.language; // User language detected from browser, not saved
|
||||
var user = new User(newUser);
|
||||
utils.txnEmail(user, 'welcome');
|
||||
ga.event('register', 'Local').send();
|
||||
user.save(cb);
|
||||
}
|
||||
}]
|
||||
}, function(err, data) {
|
||||
if (err) return err.code ? res.json(err.code, err) : next(err);
|
||||
res.json(200, data.register[0]);
|
||||
});
|
||||
};
|
||||
|
||||
/*
|
||||
Register new user with uname / password
|
||||
*/
|
||||
|
||||
|
||||
api.loginLocal = function(req, res, next) {
|
||||
var username = req.body.username;
|
||||
var password = req.body.password;
|
||||
if (!(username && password)) return res.json(401, {err:'Missing :username or :password in request body, please provide both'});
|
||||
var login = validator.isEmail(username) ? {'auth.local.email':username} : {'auth.local.username':username};
|
||||
User.findOne(login, {auth:1}, function(err, user){
|
||||
if (err) return next(err);
|
||||
if (!user) return res.json(401, {err:"Username or password incorrect. Click 'Forgot Password' for help with either. (Note: usernames are case-sensitive)"});
|
||||
if (user.auth.blocked) return res.json(401, accountSuspended(user._id));
|
||||
// We needed the whole user object first so we can get his salt to encrypt password comparison
|
||||
User.findOne(
|
||||
{$and: [login, {'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt)}]}
|
||||
, {_id:1, apiToken:1}
|
||||
, function(err, user){
|
||||
if (err) return next(err);
|
||||
if (!user) return res.json(401,{err:"Username or password incorrect. Click 'Forgot Password' for help with either. (Note: usernames are case-sensitive)"});
|
||||
res.json({id: user._id,token: user.apiToken});
|
||||
password = null;
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
/*
|
||||
POST /user/auth/social
|
||||
*/
|
||||
api.loginSocial = function(req, res, next) {
|
||||
var access_token = req.body.authResponse.access_token,
|
||||
network = req.body.network;
|
||||
if (network!=='facebook')
|
||||
return res.json(401, {err:"Only Facebook supported currently."});
|
||||
async.auto({
|
||||
profile: function (cb) {
|
||||
passport._strategies[network].userProfile(access_token, cb);
|
||||
},
|
||||
user: ['profile', function (cb, results) {
|
||||
var q = {};
|
||||
q['auth.' + network + '.id'] = results.profile.id;
|
||||
User.findOne(q, {_id: 1, apiToken: 1, auth: 1}, cb);
|
||||
}],
|
||||
register: ['profile', 'user', function (cb, results) {
|
||||
if (results.user) return cb(null, results.user);
|
||||
// Create new user
|
||||
var prof = results.profile;
|
||||
var user = {
|
||||
preferences: {
|
||||
language: req.language // User language detected from browser, not saved
|
||||
},
|
||||
auth: {
|
||||
timestamps: {created: +new Date(), loggedIn: +new Date()}
|
||||
}
|
||||
};
|
||||
user.auth[network] = prof;
|
||||
user = new User(user);
|
||||
user.save(cb);
|
||||
|
||||
utils.txnEmail(user, 'welcome');
|
||||
ga.event('register', network).send();
|
||||
}]
|
||||
}, function(err, results){
|
||||
if (err) return res.json(401, {err: err.toString ? err.toString() : err});
|
||||
var acct = results.register[0] ? results.register[0] : results.register;
|
||||
if (acct.auth.blocked) return res.json(401, accountSuspended(acct._id));
|
||||
return res.json(200, {id:acct._id, token:acct.apiToken});
|
||||
})
|
||||
};
|
||||
|
||||
/**
|
||||
* DELETE /user/auth/social
|
||||
*/
|
||||
api.deleteSocial = function(req,res,next){
|
||||
if (!res.locals.user.auth.local.username)
|
||||
return res.json(401, {err:"Account lacks another authentication method, can't detach Facebook"});
|
||||
//FIXME for some reason, the following gives https://gist.github.com/lefnire/f93eb306069b9089d123
|
||||
//res.locals.user.auth.facebook = null;
|
||||
//res.locals.user.auth.save(function(err, saved){
|
||||
User.update({_id:res.locals.user._id}, {$unset:{'auth.facebook':1}}, function(err){
|
||||
if (err) return next(err);
|
||||
res.send(200);
|
||||
})
|
||||
}
|
||||
|
||||
api.resetPassword = function(req, res, next){
|
||||
var email = req.body.email,
|
||||
salt = utils.makeSalt(),
|
||||
newPassword = utils.makeSalt(), // use a salt as the new password too (they'll change it later)
|
||||
hashed_password = utils.encryptPassword(newPassword, salt);
|
||||
|
||||
User.findOne({'auth.local.email': RegexEscape(email)}, function(err, user){
|
||||
if (err) return next(err);
|
||||
if (!user) return res.send(500, {err:"Couldn't find a user registered for email " + email});
|
||||
user.auth.local.salt = salt;
|
||||
user.auth.local.hashed_password = hashed_password;
|
||||
utils.txnEmail(user, 'reset-password', [
|
||||
{name: "NEW_PASSWORD", content: newPassword},
|
||||
{name: "USERNAME", content: user.auth.local.username}
|
||||
]);
|
||||
user.save(function(err){
|
||||
if(err) return next(err);
|
||||
res.send('New password sent to '+ email);
|
||||
email = salt = newPassword = hashed_password = null;
|
||||
});
|
||||
});
|
||||
};
|
||||
|
||||
var invalidPassword = function(user, password){
|
||||
var hashed_password = utils.encryptPassword(password, user.auth.local.salt);
|
||||
if (hashed_password !== user.auth.local.hashed_password)
|
||||
return {code:401, err:"Incorrect password"};
|
||||
return false;
|
||||
}
|
||||
|
||||
api.changeUsername = function(req, res, next) {
|
||||
async.waterfall([
|
||||
function(cb){
|
||||
User.findOne({'auth.local.username': RegexEscape(req.body.username)}, {auth:1}, cb);
|
||||
},
|
||||
function(found, cb){
|
||||
if (found) return cb({code:401, err: "Username already taken"});
|
||||
if (invalidPassword(res.locals.user, req.body.password)) return cb(invalidPassword(res.locals.user, req.body.password));
|
||||
res.locals.user.auth.local.username = req.body.username;
|
||||
res.locals.user.save(cb);
|
||||
}
|
||||
], function(err){
|
||||
if (err) return err.code ? res.json(err.code, err) : next(err);
|
||||
res.send(200);
|
||||
})
|
||||
}
|
||||
|
||||
api.changeEmail = function(req, res, next){
|
||||
async.waterfall([
|
||||
function(cb){
|
||||
User.findOne({'auth.local.email': RegexEscape(req.body.email)}, {auth:1}, cb);
|
||||
},
|
||||
function(found, cb){
|
||||
if(found) return cb({code:401, err: "Email already taken"});
|
||||
if (invalidPassword(res.locals.user, req.body.password)) return cb(invalidPassword(res.locals.user, req.body.password));
|
||||
res.locals.user.auth.local.email = req.body.email;
|
||||
res.locals.user.save(cb);
|
||||
}
|
||||
], function(err){
|
||||
if (err) return err.code ? res.json(err.code,err) : next(err);
|
||||
res.send(200);
|
||||
})
|
||||
}
|
||||
|
||||
api.changePassword = function(req, res, next) {
|
||||
var user = res.locals.user,
|
||||
oldPassword = req.body.oldPassword,
|
||||
newPassword = req.body.newPassword,
|
||||
confirmNewPassword = req.body.confirmNewPassword;
|
||||
|
||||
if (newPassword != confirmNewPassword)
|
||||
return res.json(401, {err: "Password & Confirm don't match"});
|
||||
|
||||
var salt = user.auth.local.salt,
|
||||
hashed_old_password = utils.encryptPassword(oldPassword, salt),
|
||||
hashed_new_password = utils.encryptPassword(newPassword, salt);
|
||||
|
||||
if (hashed_old_password !== user.auth.local.hashed_password)
|
||||
return res.json(401, {err:"Old password doesn't match"});
|
||||
|
||||
user.auth.local.hashed_password = hashed_new_password;
|
||||
user.save(function(err, saved){
|
||||
if (err) next(err);
|
||||
res.send(200);
|
||||
})
|
||||
}
|
||||
|
||||
/*
|
||||
Registers a new user. Only accepting username/password registrations, no Facebook
|
||||
*/
|
||||
|
||||
api.setupPassport = function(router) {
|
||||
|
||||
router.get('/logout', i18n.getUserLanguage, function(req, res) {
|
||||
req.logout();
|
||||
delete req.session.userId;
|
||||
res.redirect('/');
|
||||
})
|
||||
|
||||
};
|
||||
@@ -111,7 +111,7 @@ habitrpg.controller("GroupsCtrl", ['$scope', '$rootScope', 'Shared', 'Groups', '
|
||||
.controller("MemberModalCtrl", ['$scope', '$rootScope', 'Members', 'Shared', '$http', 'Notification', 'Groups',
|
||||
function($scope, $rootScope, Members, Shared, $http, Notification, Groups) {
|
||||
$scope.timestamp = function(timestamp){
|
||||
return moment(timestamp).format('MM/DD/YYYY');
|
||||
return moment(timestamp).format($rootScope.User.user.preferences.dateFormat.toUpperCase());
|
||||
}
|
||||
// We watch Members.selectedMember because it's asynchronously set, so would be a hassle to handle updates here
|
||||
$scope.$watch( function() { return Members.selectedMember; }, function (member) {
|
||||
|
||||
@@ -166,7 +166,7 @@ habitrpg.controller("RootCtrl", ['$scope', '$rootScope', '$location', 'User', '$
|
||||
}
|
||||
matrix = [[env.t('date'), env.t('score')]];
|
||||
_.each(history, function(obj) {
|
||||
matrix.push([moment(obj.date).format('MM/DD/YY'), obj.value]);
|
||||
matrix.push([moment(obj.date).format(User.user.preferences.dateFormat.toUpperCase().replace('YYYY','YY') ), obj.value]);
|
||||
});
|
||||
data = google.visualization.arrayToDataTable(matrix);
|
||||
options = {
|
||||
|
||||
@@ -5,8 +5,8 @@
|
||||
*/
|
||||
|
||||
angular.module('habitrpg').factory('Guide',
|
||||
['$rootScope', 'User', '$timeout',
|
||||
function($rootScope, User, $timeout) {
|
||||
['$rootScope', 'User', '$timeout', '$state',
|
||||
function($rootScope, User, $timeout, $state) {
|
||||
/**
|
||||
* Init and show the welcome tour. Note we do it listening to a $rootScope broadcasted 'userLoaded' message,
|
||||
* this because we need to determine whether to show the tour *after* the user has been pulled from the server,
|
||||
@@ -17,7 +17,7 @@ function($rootScope, User, $timeout) {
|
||||
if (User.user.flags.showTour === false) return;
|
||||
var tourSteps = [
|
||||
{
|
||||
element: ".main-herobox",
|
||||
orphan:true,
|
||||
title: window.env.t('welcomeHabit'),
|
||||
content: window.env.t('welcomeHabitT1') + " <a href='http://www.kickstarter.com/profile/1823740484' target='_blank'>Justin</a>, " + window.env.t('welcomeHabitT2'),
|
||||
}, {
|
||||
@@ -29,11 +29,11 @@ function($rootScope, User, $timeout) {
|
||||
title: window.env.t('avatarCustom'),
|
||||
content: window.env.t('avatarCustomText'),
|
||||
}, {
|
||||
element: "#bars",
|
||||
element: ".hero-stats",
|
||||
title: window.env.t('hitPoints'),
|
||||
content: window.env.t('hitPointsText'),
|
||||
}, {
|
||||
element: "#bars",
|
||||
element: ".hero-stats",
|
||||
title: window.env.t('expPoints'),
|
||||
content: window.env.t('expPointsText'),
|
||||
}, {
|
||||
@@ -55,7 +55,7 @@ function($rootScope, User, $timeout) {
|
||||
element: "ul.todos",
|
||||
title: window.env.t('todos'),
|
||||
content: window.env.t('tourTodos'),
|
||||
placement: "top"
|
||||
placement: "top",
|
||||
}, {
|
||||
element: "ul.main-list.rewards",
|
||||
title: window.env.t('rewards'),
|
||||
@@ -67,34 +67,32 @@ function($rootScope, User, $timeout) {
|
||||
content: window.env.t('hoverOverText'),
|
||||
placement: "right"
|
||||
}, {
|
||||
element: "ul.habits li:first-child",
|
||||
orphan:true,
|
||||
title: window.env.t('unlockFeatures'),
|
||||
content: window.env.t('unlockFeaturesT1') + " <a href='http://habitrpg.wikia.com' target='_blank'>" + window.env.t('habitWiki') + "</a> " + window.env.t('unlockFeaturesT2'),
|
||||
placement: "right"
|
||||
}
|
||||
];
|
||||
_.each(tourSteps, function(step){
|
||||
if (env.worldDmg.guide) {
|
||||
step.content = "<div><div class='npc_justin_broken float-left'></div>" + step.content + "</div>";
|
||||
} else {
|
||||
step.content = "<div><div class='npc_justin float-left'></div>" + step.content + "</div>";
|
||||
}
|
||||
});
|
||||
$('.main-herobox').popover('destroy');
|
||||
var tour = new Tour({
|
||||
template: "<div class='popover'>" +
|
||||
"<div class='arrow'></div><h3 class='popover-title'></h3><div class='popover-content'></div>" +
|
||||
"<div class='popover-navigation'><div class='btn-group'>" +
|
||||
"<button class='btn btn-sm btn-default' data-role='prev'>«</button>" +
|
||||
"<button class='btn btn-sm btn-default' data-role='next'>»</button>" +
|
||||
"<button class='btn btn-sm btn-default' data-role='pause-resume' data-pause-text='Pause' data-resume-text='Resume'>Pause</button></div>" +
|
||||
"<button class='btn btn-sm btn-default' data-role='end'>" + window.env.t('endTour') + "</button></div></div>",
|
||||
backdrop: true,
|
||||
//orphan: true,
|
||||
//keyboard: false,
|
||||
template: '<div class="popover" role="tooltip"> <div class="arrow"></div> <h3 class="popover-title"></h3> <div class="popover-content"></div> <div class="popover-navigation"> <div class="btn-group"> <button class="btn btn-sm btn-default" data-role="prev">« Prev</button> <button class="btn btn-sm btn-default" data-role="next">Next »</button> <button class="btn btn-sm btn-default" data-role="pause-resume" data-pause-text="Pause" data-resume-text="Resume">Pause</button> </div> <button class="btn btn-sm btn-default" data-role="end">' + window.env.t('endTour') + '</button> </div> </div>',
|
||||
onEnd: function(){
|
||||
User.set({'flags.showTour': false});
|
||||
}
|
||||
});
|
||||
tourSteps.forEach(function(step) {
|
||||
tour.addStep(_.defaults(step, {html: true}));
|
||||
_.each(tourSteps, function(step) {
|
||||
step.content = "<div><div class='" + (env.worldDmg.guide ? "npc_justin_broken" : "npc_justin") + " float-left'></div>" + step.content + "</div>";
|
||||
step.onShow = function(){
|
||||
// Since all the steps are currently on the tasks page, ensure we go back there for each step in case they
|
||||
// clicked elsewhere during the tour. FIXME: $state.go() returns a promise, necessary for async tour steps;
|
||||
// however, that's not working here - have to use timeout instead :/
|
||||
if (!$state.is('tasks')) return $timeout(function(){$state.go('tasks');}, 0)
|
||||
}
|
||||
step.html = true;
|
||||
tour.addStep(step);
|
||||
});
|
||||
tour.restart(); // Tour doesn't quite mesh with our handling of flags.showTour, just restart it on page load
|
||||
//tour.start(true);
|
||||
|
||||
@@ -73,6 +73,7 @@
|
||||
"bower_components/pnotify/jquery.pnotify.default.css",
|
||||
"bower_components/pnotify/jquery.pnotify.default.icons.css",
|
||||
"common/sprites/habitrpg-shared.css",
|
||||
"bower_components/bootstrap-tour/build/css/bootstrap-tour.css",
|
||||
"fontello/css/fontelico.css"
|
||||
]
|
||||
},
|
||||
|
||||
@@ -23,9 +23,9 @@ var accountSuspended = function(uuid){
|
||||
code: 'ACCOUNT_SUSPENDED'
|
||||
};
|
||||
}
|
||||
// escape email for regex, then search case-insensitive. See http://stackoverflow.com/a/3561711/362790
|
||||
var mongoEmailRegex = function(email){
|
||||
return new RegExp('^' + email.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&') + '$', 'i');
|
||||
// Allow case-insensitive regex searching for Mongo queries. See http://stackoverflow.com/a/3561711/362790
|
||||
var RegexEscape = function(s){
|
||||
return new RegExp('^' + s.replace(/[-\/\\^$*+?.()|[\]{}]/g, '\\$&') + '$', 'i');
|
||||
}
|
||||
|
||||
api.auth = function(req, res, next) {
|
||||
@@ -76,10 +76,10 @@ api.registerUser = function(req, res, next) {
|
||||
cb();
|
||||
},
|
||||
findEmail: function(cb) {
|
||||
User.findOne({'auth.local.email': req.body.email}, cb);
|
||||
User.findOne({'auth.local.email': RegexEscape(req.body.email)}, {_id:1}, cb);
|
||||
},
|
||||
findUname: function(cb) {
|
||||
User.findOne({'auth.local.username': req.body.username}, cb);
|
||||
User.findOne({'auth.local.username': RegexEscape(req.body.username)}, {_id:1}, cb);
|
||||
},
|
||||
findFacebook: function(cb){
|
||||
User.findOne({_id: req.headers['x-api-user'], apiToken: req.headers['x-api-key']}, {auth:1}, cb);
|
||||
@@ -211,7 +211,7 @@ api.resetPassword = function(req, res, next){
|
||||
newPassword = utils.makeSalt(), // use a salt as the new password too (they'll change it later)
|
||||
hashed_password = utils.encryptPassword(newPassword, salt);
|
||||
|
||||
User.findOne({'auth.local.email':mongoEmailRegex(email)}, function(err, user){
|
||||
User.findOne({'auth.local.email': RegexEscape(email)}, function(err, user){
|
||||
if (err) return next(err);
|
||||
if (!user) return res.send(500, {err:"Couldn't find a user registered for email " + email});
|
||||
user.auth.local.salt = salt;
|
||||
@@ -238,7 +238,7 @@ var invalidPassword = function(user, password){
|
||||
api.changeUsername = function(req, res, next) {
|
||||
async.waterfall([
|
||||
function(cb){
|
||||
User.findOne({'auth.local.username': req.body.username}, {auth:1}, cb);
|
||||
User.findOne({'auth.local.username': RegexEscape(req.body.username)}, {auth:1}, cb);
|
||||
},
|
||||
function(found, cb){
|
||||
if (found) return cb({code:401, err: "Username already taken"});
|
||||
@@ -255,7 +255,7 @@ api.changeUsername = function(req, res, next) {
|
||||
api.changeEmail = function(req, res, next){
|
||||
async.waterfall([
|
||||
function(cb){
|
||||
User.findOne({'auth.local.email': mongoEmailRegex(req.body.email)}, {auth:1}, cb);
|
||||
User.findOne({'auth.local.email': RegexEscape(req.body.email)}, {auth:1}, cb);
|
||||
},
|
||||
function(found, cb){
|
||||
if(found) return cb({code:401, err: "Email already taken"});
|
||||
|
||||
File diff suppressed because one or more lines are too long
File diff suppressed because one or more lines are too long
Reference in New Issue
Block a user