X-Git-Url: https://git.auder.net/?a=blobdiff_plain;f=routes%2Fusers.js;h=f56b4afe793d8818404401502698c186a1dd3672;hb=cb39647ade2e424bcdf015228a7c1a09a92b5212;hp=c42b447e2c6e3b28f394de5ffb5aaa97fe37c187;hpb=e99c53fb3be56eb4c685dd061eef0e5b5bf22b73;p=qomet.git

diff --git a/routes/users.js b/routes/users.js
index c42b447..f56b4af 100644
--- a/routes/users.js
+++ b/routes/users.js
@@ -1,18 +1,17 @@
 let router = require("express").Router();
 const validator = require('../public/javascripts/utils/validation');
 const UserModel = require('../models/user');
-const UserEntity = require('../entities/user');
 const maild = require('../utils/mailer');
 const TokenGen = require("../utils/tokenGenerator");
 const access = require("../utils/access");
 const params = require("../config/parameters");
 
 // to: object user
-function sendLoginToken(subject, to, res)
+function setAndSendLoginToken(subject, to, res)
 {
 	// Set login token and send welcome(back) email with auth link
 	let token = TokenGen.generate(params.token.length);
-	UserEntity.setLoginToken(token, to._id, to.ip, (err,ret) => {
+	UserModel.setLoginToken(token, to._id, to.ip, (err,ret) => {
 		access.checkRequest(res, err, ret, "Cannot set login token", () => {
 			maild.send({
 				from: params.mail.from,
@@ -20,7 +19,7 @@ function sendLoginToken(subject, to, res)
 				subject: subject,
 				body: "Hello " + to.initials + "!\n" +
 					"Access your account here: " +
-					params.siteURL + "/authenticate?token=" + token + "\\n" +
+					params.siteURL + "/authenticate/" + token + "\\n" +
 					"Token will expire in " + params.token.expire/(1000*60) + " minutes."
 			}, err => {
 				res.json(err || {});
@@ -29,26 +28,22 @@ function sendLoginToken(subject, to, res)
 	});
 }
 
-router.get('/register', access.ajax, access.unlogged, (req,res) => {
-	let email = decodeURIComponent(req.query.email);
-	let forename = decodeURIComponent(req.query.forename);
-	let name = decodeURIComponent(req.query.name);
+router.post('/register', access.ajax, access.unlogged, (req,res) => {
 	const newUser = {
-		email: email,
-		name: name,
-		forename: forename,
+		email: decodeURIComponent(req.body.email),
+		name: decodeURIComponent(req.body.name),
 	};
 	let error = validator(newUser, "User");
 	if (error.length > 0)
 		return res.json({errmsg:error});
 	if (!UserModel.whitelistCheck(newUser.email))
 		return res.json({errmsg: "Email not in whitelist"});
-	UserEntity.getByEmail(newUser.email, (err,user0) => {
+	UserModel.getByEmail(newUser.email, (err,user0) => {
 		access.checkRequest(res, err, !user0?["ok"]:{}, "An account exists with this email", () => {
 			UserModel.create(newUser, (err,user) => {
 				access.checkRequest(res, err, user, "Registration failed", () => {
 					user.ip = req.ip;
-					sendLoginToken("Welcome to " + params.siteURL, user, res);
+					setAndSendLoginToken("Welcome to " + params.siteURL, user, res);
 				});
 			});
 		});
@@ -56,26 +51,23 @@ router.get('/register', access.ajax, access.unlogged, (req,res) => {
 });
 
 // Login:
-router.get('/sendtoken', access.ajax, access.unlogged, (req,res) => {
-	let email = decodeURIComponent(req.query.email);
+router.put('/sendtoken', access.ajax, access.unlogged, (req,res) => {
+	const email = decodeURIComponent(req.body.email);
 	let error = validator({email:email}, "User");
 	if (error.length > 0)
 		return res.json({errmsg:error});
-	UserEntity.getByEmail(email, (err,user) => {
+	UserModel.getByEmail(email, (err,user) => {
 		access.checkRequest(res, err, user, "Unknown user", () => {
 			user.ip = req.ip;
-			sendLoginToken("Token for " + params.siteURL, user, res);
+			setAndSendLoginToken("Token for " + params.siteURL, user, res);
 		});
 	});
 });
 
 // Authentication process, optionally with email changing:
-router.get('/authenticate', access.unlogged, (req,res) => {
-	let loginToken = req.query.token;
-	let error = validator({token:loginToken}, "User");
-	if (error.length > 0)
-		return res.json({errmsg:error});
-	UserEntity.getByLoginToken(loginToken, (err,user) => {
+router.get('/authenticate/:token([a-z0-9]+)', access.unlogged, (req,res) => {
+	const loginToken = req.params.token;
+	UserModel.getByLoginToken(loginToken, (err,user) => {
 		access.checkRequest(res, err, user, "Invalid token", () => {
 			if (user.loginToken.ip != req.ip)
 				return res.json({errmsg: "IP address mismatch"});
@@ -86,7 +78,7 @@ router.get('/authenticate', access.unlogged, (req,res) => {
 				return res.json({errmsg: "Token expired"});
 			// Generate and update session token + destroy login token
 			let token = TokenGen.generate(params.token.length);
-			UserEntity.setSessionToken(token, user._id, (err,ret) => {
+			UserModel.setSessionToken(token, user._id, (err,ret) => {
 				access.checkRequest(res, err, ret, "Authentication failed", () => {
 					// Set cookies and redirect to user main control panel
 					res.cookie("token", token, {
@@ -105,7 +97,7 @@ router.get('/authenticate', access.unlogged, (req,res) => {
 });
 
 router.get('/logout', access.logged, (req,res) => {
-	UserModel.logout(req.user._id, req.cookies.token, (err,ret) => {
+	UserModel.removeToken(req.user._id, req.cookies.token, (err,ret) => {
 		access.checkRequest(res, err, ret, "Logout failed", () => {
 			res.clearCookie("initials");
 			res.clearCookie("token");