});
// NOTE: this method is safe because the sessionToken must be guessed
-router.get("/whoami", (req,res) => {
+router.get("/whoami", access.ajax, (req,res) => {
const callback = (user) => {
res.json({
name: user.name,
const token = genToken(params.token.length);
UserModel.setLoginToken(token, to.id);
const body =
- "Hello " + to.name + "!" + `
+ "Hello " + to.name + " !" + `
` +
"Access your account here: " +
params.siteURL + "/#/authenticate/" + token + `