X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=routes%2Fusers.js;h=993c15eb54d7a0a5d8ed94ad2a1a5348764633f5;hb=73609d3bc662cf4c8a21746c5d1ad736ea0eecbd;hp=c42b447e2c6e3b28f394de5ffb5aaa97fe37c187;hpb=e99c53fb3be56eb4c685dd061eef0e5b5bf22b73;p=qomet.git

diff --git a/routes/users.js b/routes/users.js
index c42b447..993c15e 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -1,18 +1,17 @@
 let router = require("express").Router();
 const validator = require('../public/javascripts/utils/validation');
 const UserModel = require('../models/user');
-const UserEntity = require('../entities/user');
 const maild = require('../utils/mailer');
 const TokenGen = require("../utils/tokenGenerator");
 const access = require("../utils/access");
 const params = require("../config/parameters");
 
 // to: object user
-function sendLoginToken(subject, to, res)
+function setAndSendLoginToken(subject, to, res)
 {
 	// Set login token and send welcome(back) email with auth link
 	let token = TokenGen.generate(params.token.length);
-	UserEntity.setLoginToken(token, to._id, to.ip, (err,ret) => {
+	UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
 		access.checkRequest(res, err, ret, "Cannot set login token", () => {
 			maild.send({
 				from: params.mail.from,
@@ -29,26 +28,22 @@ function sendLoginToken(subject, to, res)
 	});
 }
 
-router.get('/register', access.ajax, access.unlogged, (req,res) => {
-	let email = decodeURIComponent(req.query.email);
-	let forename = decodeURIComponent(req.query.forename);
-	let name = decodeURIComponent(req.query.name);
+router.post('/register', access.ajax, access.unlogged, (req,res) => {
 	const newUser = {
-		email: email,
-		name: name,
-		forename: forename,
+		email: req.body.email,
+		name: req.body.name,
 	};
 	let error = validator(newUser, "User");
 	if (error.length > 0)
 		return res.json({errmsg:error});
 	if (!UserModel.whitelistCheck(newUser.email))
 		return res.json({errmsg: "Email not in whitelist"});
-	UserEntity.getByEmail(newUser.email, (err,user0) => {
+	UserModel.getByEmail(newUser.email, (err,user0) => {
 		access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
 			UserModel.create(newUser, (err,user) => {
 				access.checkRequest(res, err, user, "Registration failed", () => {
 					user.ip = req.ip;
-					sendLoginToken("Welcome to " + params.siteURL, user, res);
+					setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
 				});
 			});
 		});
@@ -56,26 +51,23 @@ router.get('/register', access.ajax, access.unlogged, (req,res) => {
 });
 
 // Login:
-router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => {
-	let email = decodeURIComponent(req.query.email);
+router.put('/sendtoken', access.ajax, access.unlogged, (req,res) => {
+	const email = req.body.email;
 	let error = validator({email:email}, "User");
 	if (error.length > 0)
 		return res.json({errmsg:error});
-	UserEntity.getByEmail(email, (err,user) => {
+	UserModel.getByEmail(email, (err,user) => {
 		access.checkRequest(res, err, user, "Unknown user", () => {
 			user.ip = req.ip;
-			sendLoginToken("Token for " + params.siteURL, user, res);
+			setAndSendLoginToken("Token for " + params.siteURL, user, res);
 		});
 	});
 });
 
 // Authentication process, optionally with email changing:
-router.get('/authenticate', access.unlogged, (req,res) => {
-	let loginToken = req.query.token;
-	let error = validator({token:loginToken}, "User");
-	if (error.length > 0)
-		return res.json({errmsg:error});
-	UserEntity.getByLoginToken(loginToken, (err,user) => {
+router.put('/authenticate/:token([a-z0-9]+)', access.unlogged, (req,res) => {
+	const loginToken = req.params.token;
+	UserModel.getByLoginToken(loginToken, (err,user) => {
 		access.checkRequest(res, err, user, "Invalid token", () => {
 			if (user.loginToken.ip != req.ip)
 				return res.json({errmsg: "IP address mismatch"});
@@ -86,7 +78,7 @@ router.get('/authenticate', access.unlogged, (req,res) => {
 				return res.json({errmsg: "Token expired"});
 			// Generate and update session token + destroy login token
 			let token = TokenGen.generate(params.token.length);
-			UserEntity.setSessionToken(token, user._id, (err,ret) => {
+			UserModel.setSessionToken(token, user._id, (err,ret) => {
 				access.checkRequest(res, err, ret, "Authentication failed", () => {
 					// Set cookies and redirect to user main control panel
 					res.cookie("token", token, {
@@ -104,8 +96,8 @@ router.get('/authenticate', access.unlogged, (req,res) => {
 	});
 });
 
-router.get('/logout', access.logged, (req,res) => {
-	UserModel.logout(req.user._id, req.cookies.token, (err,ret) => {
+router.put('/logout', access.logged, (req,res) => {
+	UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => {
 		access.checkRequest(res, err, ret, "Logout failed", () => {
 			res.clearCookie("initials");
 			res.clearCookie("token");