tellform/app/controllers/users/users.password.server.controller.js

'use strict';

/**
 * Module dependencies.
 */
var _ = require('lodash'),
	errorHandler = require('../errors.server.controller'),
	mongoose = require('mongoose'),
	passport = require('passport'),
	User = mongoose.model('User'),
	config = require('../../../config/config'),
	nodemailer = require('nodemailer'),
	async = require('async'),
	crypto = require('crypto');

var smtpTransport = nodemailer.createTransport(config.mailer.options);

/**
 * Forgot for reset password (forgot POST)
 */
exports.forgot = function(req, res) {
	async.waterfall([
		// Generate random token
		function(done) {
			crypto.randomBytes(20, function(err, buffer) {
				var token = buffer.toString('hex');
				done(err, token);
			});
		},
		// Lookup user by username
		function(token, done) {
			if (req.body.username) {
				User.findOne({
					$or: [
						{'username': req.body.username},
						{'email': req.body.username}
					]
				}, '-salt -password', function(err, user) {
					if(err){
						return res.status(500).send({
							message: err.message
						});
					}
					if (!user) {
						var tempUserModel = mongoose.model(config.tempUserCollection);
						tempUserModel.findOne({
							$or: [
								{'username': req.body.username},
								{'email': req.body.username}
							]
						}).lean().exec(function(err, user) {
							if(err){
								return res.status(500).send({
									message: err.message
								});
							}
							if(!user){
								return res.status(400).send({
									message: 'No account with that username or email has been found'
								});	
							}

							return res.status(400).send({
								message: 'The account associated with this email has not been activated yet'
							});
						});
					} else {
						user.resetPasswordToken = token;
						user.resetPasswordExpires = Date.now() + 3600000; // 1 hour

						user.save(function(err) {
							done(err, token, user);
						});
					}
				});
			} else {
				return res.status(400).send({
					message: 'Username field must not be blank'
				});
			}
		},
		function(token, user, done) {
			res.render('templates/reset-password-email', {
				name: user.displayName || 'TellForm User',
				appName: config.app.title,
				url: 'http://' + req.headers.host + '/auth/reset/' + token
			}, function(err, emailHTML) {
				done(err, emailHTML, user);
			});
		},
		// If valid email, send reset email using service
		function(emailHTML, user, done) {
			var mailOptions = {
				to: user.email,
				from: config.mailer.from,
				subject: 'Password Reset',
				html: emailHTML
			};

            var userEmail = user.email;
			var user = userEmail.split('@')[0];
			var domain = userEmail.split('@')[1];

			var obfuscatedUser = user.substring(0, 1) + user.substring(1).replace(/./g, '*');
			var domainName = domain.split('.')[0];
			var tld = domain.split('.')[1];

			var obfuscatedDomainName = domainName.replace(/./g, '*');
			var obfuscatedEmail = obfuscatedUser + '@' + obfuscatedDomainName + '.' + tld;

			smtpTransport.sendMail(mailOptions, function(err) {
				done(err, obfuscatedEmail);
			});
		}
	], function(err, obfuscatedEmail) {
		if (err) {
			console.log(err);
			return res.status(400).send({
				message: 'Couldn\'t send reset password email due to internal server errors. Please contact support at team@tellform.com.'
			});
		} else {
			return res.send({
				message: 'An email has been sent to ' + obfuscatedEmail + ' with further instructions.'
			});
		}
	});
};

/**
 * Reset password GET from email token
 */
exports.validateResetToken = function(req, res) {
	User.findOne({
		resetPasswordToken: req.params.token,
		resetPasswordExpires: {
			$gt: Date.now()
		}
	}, function(err, user) {
		if(err){
			return res.status(500).send({
				message: err.message
			});
		}
		if (!user) {
			return res.redirect('/#!/password/reset/invalid');
		}

		res.redirect('/#!/password/reset/' + req.params.token);
	});
};

/**
 * Reset password POST from email token
 */
exports.reset = function(req, res, next) {
	// Init Variables
	var passwordDetails = req.body;
	async.waterfall([

		function(done) {
			User.findOne({
				resetPasswordToken: req.params.token,
				resetPasswordExpires: {
					$gt: Date.now()
				}
			}, function(err, user) {
				if (!err && user) {
					if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
						user.password = passwordDetails.newPassword;
						user.resetPasswordToken = null;
						user.resetPasswordExpires = null;

						user.save(function(err) {
							if (err) {
								done(err, null);
							}
							done(null, user);
						});
					} else {
						done('Passwords do not match', null);
					}
				} else {
					done('Password reset token is invalid or has expired.', null);
				}
			});
		},
		function(user, done) {
			res.render('templates/reset-password-confirm-email', {
				name: user.displayName,
				appName: config.app.title
			}, function(err, emailHTML) {
				done(err, emailHTML, user);
			});
		},
		// If valid email, send reset email using service
		function(emailHTML, user, done) {
			var mailOptions = {
				to: user.email,
				from: config.mailer.from,
				subject: 'Your password has been changed',
				html: emailHTML
			};

			smtpTransport.sendMail(mailOptions, function(err) {
				done(err);
			});
		}
	], function(err) {
		if (err) {
			res.status(500).send({
				message: err.message || err
			});
		}

		return res.json({
			message: 'Successfully changed your password!'
		});
	});
};

/**
 * Change Password
 */
exports.changePassword = function(req, res) {
	// Init Variables
	var passwordDetails = req.body;

	if (req.user) {
		if (passwordDetails.newPassword) {
			User.findById(req.user.id, function(err, user) {
				if (!err && user) {
					if (user.authenticate(passwordDetails.currentPassword)) {
						if (passwordDetails.newPassword === passwordDetails.verifyPassword) {
							user.password = passwordDetails.newPassword;

							user.save(function(err) {
								if (err) {
									return res.status(400).send({
										message: errorHandler.getErrorMessage(err)
									});
								} else {
									req.login(user, function(err) {
										if (err) {
											res.status(400).send(err);
										} else {
											res.send({
												message: 'Password changed successfully'
											});
										}
									});
								}
							});
						} else {
							res.status(400).send({
								message: 'Passwords do not match'
							});
						}
					} else {
						res.status(400).send({
							message: 'Current password is incorrect'
						});
					}
				} else {
					res.status(400).send({
						message: 'User is not found'
					});
				}
			});
		} else {
			res.status(400).send({
				message: 'Please provide a new password'
			});
		}
	} else {
		res.status(400).send({
			message: 'User is not signed in'
		});
	}
};
first commit 2015-06-29 22:51:29 +00:00			`'use strict';`

			`/**`
			`* Module dependencies.`
			`*/`
			`var _ = require('lodash'),`
			`errorHandler = require('../errors.server.controller'),`
			`mongoose = require('mongoose'),`
			`passport = require('passport'),`
			`User = mongoose.model('User'),`
			`config = require('../../../config/config'),`
			`nodemailer = require('nodemailer'),`
			`async = require('async'),`
			`crypto = require('crypto');`

			`var smtpTransport = nodemailer.createTransport(config.mailer.options);`

			`/**`
			`* Forgot for reset password (forgot POST)`
			`*/`
obfuscated email for forgot password 2017-10-06 05:32:50 +00:00			`exports.forgot = function(req, res) {`
first commit 2015-06-29 22:51:29 +00:00			`async.waterfall([`
			`// Generate random token`
			`function(done) {`
			`crypto.randomBytes(20, function(err, buffer) {`
			`var token = buffer.toString('hex');`
			`done(err, token);`
			`});`
			`},`
			`// Lookup user by username`
			`function(token, done) {`
			`if (req.body.username) {`
			`User.findOne({`
fix password reset 2016-11-14 18:59:08 +00:00			`$or: [`
			`{'username': req.body.username},`
			`{'email': req.body.username}`
			`]`
first commit 2015-06-29 22:51:29 +00:00			`}, '-salt -password', function(err, user) {`
improved style of form-submission 2016-04-29 06:16:17 +00:00			`if(err){`
			`return res.status(500).send({`
			`message: err.message`
			`});`
			`}`
first commit 2015-06-29 22:51:29 +00:00			`if (!user) {`
add error for unactivated account login/forgot password 2017-10-28 03:59:47 +00:00			`var tempUserModel = mongoose.model(config.tempUserCollection);`
			`tempUserModel.findOne({`
			`$or: [`
			`{'username': req.body.username},`
			`{'email': req.body.username}`
			`]`
			`}).lean().exec(function(err, user) {`
			`if(err){`
			`return res.status(500).send({`
			`message: err.message`
			`});`
			`}`
			`if(!user){`
			`return res.status(400).send({`
			`message: 'No account with that username or email has been found'`
			`});`
			`}`

			`return res.status(400).send({`
			`message: 'The account associated with this email has not been activated yet'`
			`});`
first commit 2015-06-29 22:51:29 +00:00			`});`
			`} else {`
			`user.resetPasswordToken = token;`
			`user.resetPasswordExpires = Date.now() + 3600000; // 1 hour`

			`user.save(function(err) {`
			`done(err, token, user);`
			`});`
			`}`
			`});`
			`} else {`
			`return res.status(400).send({`
			`message: 'Username field must not be blank'`
			`});`
			`}`
			`},`
			`function(token, user, done) {`
			`res.render('templates/reset-password-email', {`
match jshintrc config Signed-off-by: José Luis Di Biase <josx@interorganic.com.ar> 2017-06-23 17:54:28 +00:00			`name: user.displayName \|\| 'TellForm User',`
first commit 2015-06-29 22:51:29 +00:00			`appName: config.app.title,`
fixed password reset bug 2015-11-12 23:40:44 +00:00			`url: 'http://' + req.headers.host + '/auth/reset/' + token`
first commit 2015-06-29 22:51:29 +00:00			`}, function(err, emailHTML) {`
			`done(err, emailHTML, user);`
			`});`
			`},`
			`// If valid email, send reset email using service`
			`function(emailHTML, user, done) {`
			`var mailOptions = {`
			`to: user.email,`
			`from: config.mailer.from,`
			`subject: 'Password Reset',`
			`html: emailHTML`
			`};`

obfuscated email for forgot password 2017-10-06 05:32:50 +00:00			`var userEmail = user.email;`
			`var user = userEmail.split('@')[0];`
			`var domain = userEmail.split('@')[1];`

			`var obfuscatedUser = user.substring(0, 1) + user.substring(1).replace(/./g, '*');`
			`var domainName = domain.split('.')[0];`
			`var tld = domain.split('.')[1];`

			`var obfuscatedDomainName = domainName.replace(/./g, '*');`
			`var obfuscatedEmail = obfuscatedUser + '@' + obfuscatedDomainName + '.' + tld;`

			`smtpTransport.sendMail(mailOptions, function(err) {`
			`done(err, obfuscatedEmail);`
			`});`
			`}`
			`], function(err, obfuscatedEmail) {`
			`if (err) {`
			`console.log(err);`
			`return res.status(400).send({`
			`message: 'Couldn\'t send reset password email due to internal server errors. Please contact support at team@tellform.com.'`
			`});`
			`} else {`
			`return res.send({`
			`message: 'An email has been sent to ' + obfuscatedEmail + ' with further instructions.'`
first commit 2015-06-29 22:51:29 +00:00			`});`
			`}`
			`});`
			`};`

			`/**`
			`* Reset password GET from email token`
			`*/`
			`exports.validateResetToken = function(req, res) {`
			`User.findOne({`
			`resetPasswordToken: req.params.token,`
			`resetPasswordExpires: {`
			`$gt: Date.now()`
			`}`
			`}, function(err, user) {`
improved style of form-submission 2016-04-29 06:16:17 +00:00			`if(err){`
			`return res.status(500).send({`
			`message: err.message`
			`});`
			`}`
first commit 2015-06-29 22:51:29 +00:00			`if (!user) {`
fixed password reset bug 2015-11-12 23:40:44 +00:00			`return res.redirect('/#!/password/reset/invalid');`
first commit 2015-06-29 22:51:29 +00:00			`}`

fixed password reset bug 2015-11-12 23:40:44 +00:00			`res.redirect('/#!/password/reset/' + req.params.token);`
first commit 2015-06-29 22:51:29 +00:00			`});`
			`};`

			`/**`
			`* Reset password POST from email token`
			`*/`
			`exports.reset = function(req, res, next) {`
			`// Init Variables`
			`var passwordDetails = req.body;`
			`async.waterfall([`

			`function(done) {`
			`User.findOne({`
			`resetPasswordToken: req.params.token,`
			`resetPasswordExpires: {`
			`$gt: Date.now()`
			`}`
			`}, function(err, user) {`
			`if (!err && user) {`
			`if (passwordDetails.newPassword === passwordDetails.verifyPassword) {`
			`user.password = passwordDetails.newPassword;`
Change undefined to null in users.password.server.controller.js 2017-04-21 04:47:54 +00:00			`user.resetPasswordToken = null;`
			`user.resetPasswordExpires = null;`
first commit 2015-06-29 22:51:29 +00:00
			`user.save(function(err) {`
			`if (err) {`
match jshintrc config Signed-off-by: José Luis Di Biase <josx@interorganic.com.ar> 2017-06-23 17:54:28 +00:00			`done(err, null);`
first commit 2015-06-29 22:51:29 +00:00			`}`
fixed reset password 2017-03-30 22:14:19 +00:00			`done(null, user);`
first commit 2015-06-29 22:51:29 +00:00			`});`
			`} else {`
fixed reset password 2017-03-30 22:14:19 +00:00			`done('Passwords do not match', null);`
first commit 2015-06-29 22:51:29 +00:00			`}`
			`} else {`
match jshintrc config Signed-off-by: José Luis Di Biase <josx@interorganic.com.ar> 2017-06-23 17:54:28 +00:00			`done('Password reset token is invalid or has expired.', null);`
first commit 2015-06-29 22:51:29 +00:00			`}`
			`});`
			`},`
			`function(user, done) {`
			`res.render('templates/reset-password-confirm-email', {`
			`name: user.displayName,`
			`appName: config.app.title`
			`}, function(err, emailHTML) {`
			`done(err, emailHTML, user);`
			`});`
			`},`
			`// If valid email, send reset email using service`
			`function(emailHTML, user, done) {`
			`var mailOptions = {`
			`to: user.email,`
			`from: config.mailer.from,`
			`subject: 'Your password has been changed',`
			`html: emailHTML`
			`};`

			`smtpTransport.sendMail(mailOptions, function(err) {`
fixed reset password 2017-03-30 22:14:19 +00:00			`done(err);`
first commit 2015-06-29 22:51:29 +00:00			`});`
			`}`
			`], function(err) {`
fixed reset password 2017-03-30 22:14:19 +00:00			`if (err) {`
			`res.status(500).send({`
			`message: err.message \|\| err`
			`});`
			`}`

			`return res.json({`
match jshintrc config Signed-off-by: José Luis Di Biase <josx@interorganic.com.ar> 2017-06-23 17:54:28 +00:00			`message: 'Successfully changed your password!'`
fixed reset password 2017-03-30 22:14:19 +00:00			`});`
first commit 2015-06-29 22:51:29 +00:00			`});`
			`};`

			`/**`
			`* Change Password`
			`*/`
			`exports.changePassword = function(req, res) {`
			`// Init Variables`
			`var passwordDetails = req.body;`

			`if (req.user) {`
			`if (passwordDetails.newPassword) {`
			`User.findById(req.user.id, function(err, user) {`
			`if (!err && user) {`
			`if (user.authenticate(passwordDetails.currentPassword)) {`
			`if (passwordDetails.newPassword === passwordDetails.verifyPassword) {`
			`user.password = passwordDetails.newPassword;`

			`user.save(function(err) {`
			`if (err) {`
			`return res.status(400).send({`
			`message: errorHandler.getErrorMessage(err)`
			`});`
			`} else {`
			`req.login(user, function(err) {`
			`if (err) {`
			`res.status(400).send(err);`
			`} else {`
			`res.send({`
			`message: 'Password changed successfully'`
			`});`
			`}`
			`});`
			`}`
			`});`
			`} else {`
			`res.status(400).send({`
			`message: 'Passwords do not match'`
			`});`
			`}`
			`} else {`
			`res.status(400).send({`
			`message: 'Current password is incorrect'`
			`});`
			`}`
			`} else {`
			`res.status(400).send({`
			`message: 'User is not found'`
			`});`
			`}`
			`});`
			`} else {`
			`res.status(400).send({`
			`message: 'Please provide a new password'`
			`});`
			`}`
			`} else {`
			`res.status(400).send({`
			`message: 'User is not signed in'`
			`});`
			`}`
			`};`