projects
/
vchess.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Debugging problems page; TODO: hash navigation is wrong
[vchess.git]
/
models
/
User.js
diff --git
a/models/User.js
b/models/User.js
index
171dc2c
..
4b5c840
100644
(file)
--- a/
models/User.js
+++ b/
models/User.js
@@
-1,6
+1,6
@@
var db = require("../utils/database");
var maild = require("../utils/mailer.js");
var db = require("../utils/database");
var maild = require("../utils/mailer.js");
-var
TokenG
en = require("../utils/tokenGenerator");
+var
genTok
en = require("../utils/tokenGenerator");
var params = require("../config/parameters");
/*
var params = require("../config/parameters");
/*
@@
-14,10
+14,7
@@
var params = require("../config/parameters");
* notify: boolean (send email notifications for corr games)
*/
* notify: boolean (send email notifications for corr games)
*/
-// TODO: consider sanitizing http://www.unixwiz.net/techtips/sql-injection.html
-// But parameters are supposed to already be cleaned (in controller).
-
-// User creation
+// NOTE: parameters are already cleaned (in controller), thus no sanitization here
exports.create = function(name, email, notify, callback)
{
db.serialize(function() {
exports.create = function(name, email, notify, callback)
{
db.serialize(function() {
@@
-73,7
+70,7
@@
exports.trySetSessionToken = function(uid, cb)
db.get(querySessionToken, (err,ret) => {
if (!!err)
return cb(err);
db.get(querySessionToken, (err,ret) => {
if (!!err)
return cb(err);
- const token = ret.sessionToken ||
TokenGen.generate
(params.token.length);
+ const token = ret.sessionToken ||
genToken
(params.token.length);
const queryUpdate =
"UPDATE Users " +
"SET loginToken = NULL" +
const queryUpdate =
"UPDATE Users " +
"SET loginToken = NULL" +