X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=routes%2Fusers.js;h=f56b4afe793d8818404401502698c186a1dd3672;hb=cb39647ade2e424bcdf015228a7c1a09a92b5212;hp=5dab77e3daefce0084ea7555a2e7cc115ec075a3;hpb=43828378be054cf3604b753e8d9ab24af911188f;p=qomet.git

diff --git a/routes/users.js b/routes/users.js
index 5dab77e..f56b4af 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -7,7 +7,7 @@ const access = require("../utils/access");
 const params = require("../config/parameters");
 
 // to: object user
-function sendLoginToken(subject, to, res)
+function setAndSendLoginToken(subject, to, res)
 {
 	// Set login token and send welcome(back) email with auth link
 	let token = TokenGen.generate(params.token.length);
@@ -19,7 +19,7 @@ function sendLoginToken(subject, to, res)
 				subject: subject,
 				body: "Hello " + to.initials + "!\n" +
 					"Access your account here: " +
-					params.siteURL + "/authenticate?token=" + token + "\\n" +
+					params.siteURL + "/authenticate/" + token + "\\n" +
 					"Token will expire in " + params.token.expire/(1000*60) + " minutes."
 			}, err => {
 				res.json(err || {});
@@ -28,12 +28,10 @@ function sendLoginToken(subject, to, res)
 	});
 }
 
-router.get('/register', access.ajax, access.unlogged, (req,res) => {
-	let email = decodeURIComponent(req.query.email);
-	let name = decodeURIComponent(req.query.name);
+router.post('/register', access.ajax, access.unlogged, (req,res) => {
 	const newUser = {
-		email: email,
-		name: name,
+		email: decodeURIComponent(req.body.email),
+		name: decodeURIComponent(req.body.name),
 	};
 	let error = validator(newUser, "User");
 	if (error.length > 0)
@@ -45,7 +43,7 @@ router.get('/register', access.ajax, access.unlogged, (req,res) => {
 			UserModel.create(newUser, (err,user) => {
 				access.checkRequest(res, err, user, "Registration failed", () => {
 					user.ip = req.ip;
-					sendLoginToken("Welcome to " + params.siteURL, user, res);
+					setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
 				});
 			});
 		});
@@ -53,25 +51,22 @@ router.get('/register', access.ajax, access.unlogged, (req,res) => {
 });
 
 // Login:
-router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => {
-	let email = decodeURIComponent(req.query.email);
+router.put('/sendtoken', access.ajax, access.unlogged, (req,res) => {
+	const email = decodeURIComponent(req.body.email);
 	let error = validator({email:email}, "User");
 	if (error.length > 0)
 		return res.json({errmsg:error});
 	UserModel.getByEmail(email, (err,user) => {
 		access.checkRequest(res, err, user, "Unknown user", () => {
 			user.ip = req.ip;
-			sendLoginToken("Token for " + params.siteURL, user, res);
+			setAndSendLoginToken("Token for " + params.siteURL, user, res);
 		});
 	});
 });
 
 // Authentication process, optionally with email changing:
-router.get('/authenticate', access.unlogged, (req,res) => {
-	let loginToken = req.query.token;
-	let error = validator({token:loginToken}, "User");
-	if (error.length > 0)
-		return res.json({errmsg:error});
+router.get('/authenticate/:token([a-z0-9]+)', access.unlogged, (req,res) => {
+	const loginToken = req.params.token;
 	UserModel.getByLoginToken(loginToken, (err,user) => {
 		access.checkRequest(res, err, user, "Invalid token", () => {
 			if (user.loginToken.ip != req.ip)