Advertisement
Guest User

Untitled

a guest
May 5th, 2019
154
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.24 KB | None | 0 0
  1. const bcrypt = require('bcrypt');
  2. const templates = require('../lib/templates');
  3. const parseBody = require('../lib/parse-body');
  4. const db = require('../data/user-database');
  5. const serve500 = require('../src/serve500');
  6. const serveHome = require('../src/serve-home');
  7. const sessions = require('../lib/sessions');
  8. const newPassword = require('../src/new-password');
  9.  
  10. const ENCRYPTION_PASSES = 10;
  11.  
  12. /** @module createUser
  13. * POST enpiont for creating a user
  14. */
  15. module.exports = updateUser;
  16.  
  17. /** @function updateUser
  18. * Starts the process of creating a user from the POSTed form data
  19. * @param {http.incomingMessage} req - the request object
  20. * @param {http.serverResponse} res - the response object
  21. */
  22. function updateUser(req, res) {
  23. parseBody(req, res, (req, res) => {
  24. validateUser(req, res);
  25. });
  26. }
  27.  
  28. /** @function validateUser
  29. * Validates the provided user and invokes createPasswordHash()
  30. * or failure().
  31. * @param {http.incomingMessage} req - the request object
  32. * @param {http.serverResponse} res - the response object
  33. * @param {object} user - the user to validate
  34. */
  35. function validateUser(req, res) {
  36. var user = req.user;
  37. var currentPassword = req.body.currentPassword;
  38. var newPassword = req.body.newPassword;
  39. var newPasswordConfirmation = req.body.newPasswordConfirmation;
  40.  
  41. bcrypt.hash(currentPassword, ENCRYPTION_PASSES, (err, hash) => {
  42. if(err) return failure(req, res);
  43. db.get("SELECT cryptedPassword FROM users WHERE username = ?", user.username, (err, row) => {
  44. if(err) failure(req, res, error);
  45. if(row.cryptedPassword != hash) failure(req, res, "Incorrect password");
  46.  
  47. if(typeof newPassword !== "string" || newPassword.length < 10)
  48. return failure(req, res, "Password must be at least ten characters in length");
  49. if(newPassword !== newPasswordConfirmation)
  50. return failure(req, res, "New Password and New Password Confirmation must match");
  51.  
  52. user.password = newPassword;
  53. createPasswordHash(req, res, user);
  54. });
  55. });
  56. }
  57.  
  58. /** @function createPasswordHash
  59. * Creates a hashed version of the user password and invokes
  60. * saveUser() or failure().
  61. * @param {http.incomingMessage} req - the request object
  62. * @param {http.serverResponse} res - the response object
  63. * @param {object} user - the user to create a hash for
  64. */
  65. function createPasswordHash(req, res, user) {
  66. bcrypt.hash(user.password, ENCRYPTION_PASSES, (err, hash) => {
  67. if(err) return failure(req, res);
  68. user.cryptedPassword = hash;
  69. updatePassword(req, res, user);
  70. });
  71. }
  72.  
  73. /** @function saveUser
  74. * Saves the provided user to the database and invokes createPasswordHash()
  75. * or failure().
  76. * @param {http.incomingMessage} req - the request object
  77. * @param {http.serverResponse} res - the response object
  78. * @param {object} user - the user to validate
  79. */
  80. function updatePassword(req, res, user) {
  81. db.run("UPDATE users SET cryptedPassword = ? WHERE username = ?",
  82. user.cryptedPassword,
  83. user.username,
  84. (err) => {
  85. if(err) failure(req, res, error);
  86. else success(req, res, user);
  87. }
  88. );
  89. }
  90.  
  91. /** @function success
  92. * Creates a session for the newly created user and
  93. * redirects them to the home page.
  94. * @param {http.incomingMessage} req - the request object
  95. * @param {http.serverResponse} res - the response object
  96. * @param {Object} user - the user this session belongs to
  97. */
  98. function success(req, res, user) {
  99. sessions.get(user.id, (err, sid) => {
  100. if(err) return serve500(req, res, err);
  101. // Set the cookie containing the SID
  102. res.setHeader("Set-Cookie", `SID=${sid}; Secure`);
  103. // Redirect to the home page
  104. res.setHeader("Location", "/");
  105. res.statusCode = 302;
  106. res.end();
  107. });
  108. }
  109.  
  110. /** @function failure
  111. * Enpoint that renders the sign up form on a failure with an optional message.
  112. * @param {http.incomingMessage} req - the request object
  113. * @param {http.serverResponse} res - the response object
  114. * @param {string} errorMessage (optional) - an error message to display
  115. */
  116. function failure(req, res, errorMessage) {
  117. if(!errorMessage) errorMessage = "There was a problem updating your password. Please try again.";
  118. newPassword(req, res, errorMessage);
  119. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement