"Token will expire in " + params.token.expire/(1000*60) + " minutes."
sendEmail(params.mail.noreply, to.email, subject, body, err => {
"Token will expire in " + params.token.expire/(1000*60) + " minutes."
sendEmail(params.mail.noreply, to.email, subject, body, err => {
// "id" is generally the only info missing on client side,
// but the name is also unknown if log-in with the email.
res.json(err || {id: to.id, name: to.name});
// "id" is generally the only info missing on client side,
// but the name is also unknown if log-in with the email.
res.json(err || {id: to.id, name: to.name});
-router.get('/authenticate', access.unlogged, (req,res) => {
- UserModel.getOne("loginToken", req.query.token, (err,user) => {
+router.get('/authenticate', access.unlogged, access.ajax, (req,res) => {
+ UserModel.getOne("loginToken", req.query.token, (err,user) => {
access.checkRequest(res, err, user, "Invalid token", () => {
// If token older than params.tokenExpire, do nothing
if (Date.now() > user.loginTime + params.token.expire)
access.checkRequest(res, err, user, "Invalid token", () => {
// If token older than params.tokenExpire, do nothing
if (Date.now() > user.loginTime + params.token.expire)
secure: !!params.siteURL.match(/^https/),
maxAge: params.cookieExpire,
});
secure: !!params.siteURL.match(/^https/),
maxAge: params.cookieExpire,
});
-// Logout on server because the token cookie is httpOnly
-router.get('/logout', access.logged, (req,res) => {
+router.get('/logout', access.logged, access.ajax, (req,res) => {