Finished up with email change backend. Just need to make a prompt on the profile page for our AJAX call.

2024-12-30 09:43:25 -05:00 · 2024-12-30 09:43:25 -05:00 · a51152a89d
commit a51152a89d
parent 4a865e8aa8
14 changed files with 444 additions and 13 deletions
--- a/src/controllers/404Controller.js
+++ b/src/controllers/404Controller.js
@ -21,7 +21,7 @@ const config = require('../../config.json');
 const csrfUtils = require('../utils/csrfUtils');

 //register page functions
-module.exports = async function(req, res, next){
+module.exports = async function(req, res){
    //set status
    res.status(404);

--- a/src/controllers/api/account/emailChangeRequestController.js
+++ b/src/controllers/api/account/emailChangeRequestController.js
@ -0,0 +1,96 @@
+
+/*Canopy - The next generation of stoner streaming software
+Copyright (C) 2024-2025 Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
+
+//Config
+const config = require('../../../../config.json');
+
+//NPM Imports
+const {validationResult, matchedData} = require('express-validator');
+
+//local imports
+const {userModel} = require('../../../schemas/user/userSchema');
+const emailChangeModel = require('../../../schemas/user/emailChangeSchema');
+const mailUtils = require('../../../utils/mailUtils');
+const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
+
+//Gateway for generating request token and having it emailed to the user
+module.exports.post = async function(req, res){
+    try{
+        //Check for validation errors
+        const validResult = validationResult(req);
+
+        //If there are none
+        if(validResult.isEmpty()){
+            //Get sanatized/validated data
+            const {email, pass} = matchedData(req);
+
+            //Check to make sure the user is logged in
+            if(req.session.user == null){
+                errorHandler(res, "Invalid user!");
+            }
+
+            //Authenticate and find user model from DB
+            const userDB = await userModel.authenticate(req.session.user.user, pass, "Bad password.");
+
+            //If we have an invalid user
+            if(userDB == null){
+                errorHandler(res, "Invalid user!");
+            }
+
+            if(userDB.email == email){
+                errorHandler(res, "Cannot set current email!");
+            }
+
+            //Generate the password reset link
+            const requestDB = await emailChangeModel.create({user: userDB._id, newEmail: email, ipHash: req.ip});
+
+            //Don't wait on mailer to get back to the browser
+            res.sendStatus(200);
+
+            //Send the reset url via email
+            await mailUtils.mailem(
+                email,
+                `Email Change Request - ${userDB.user}`,
+                `<h1>Email Change Request</h1>
+                <p>A request to change the email associated with the ${config.instanceName} account '${userDB.user}' to this address has been requested.<br>
+                <a href="${requestDB.getChangeURL()}">Click here</a> to confirm this change.</p>
+                <sup>If you received this email without request, feel free to ignore and delete it! -Tokebot</sup>`,
+                true
+            );
+
+            //If the user has a pre-existing email address
+            if(userDB.email != null && userDB.email != ""){
+                await mailUtils.mailem(
+                    userDB.email,
+                    `Email Change Request - ${userDB.user}`,
+                    `<h1>Email Change Request Notification</h1>
+                    <p>A request to change the email associated with the ${config.instanceName} account '${userDB.user}' to another address has been requested.<br>
+                    <sup>If you received this email without request, you should <strong>immediately</strong> change your password and contact the server adminsitrator! -Tokebot</sup>`,
+                    true
+                );
+            }
+
+            //Clean our hands of the operation
+            return;
+        }else{
+            res.status(400);
+            return res.send({errors: validResult.array()});
+        }
+    }catch(err){
+        return exceptionHandler(res, err);
+    }
+}
--- a/src/controllers/emailChangeController.js
+++ b/src/controllers/emailChangeController.js
@ -0,0 +1,57 @@
+/*Canopy - The next generation of stoner streaming software
+Copyright (C) 2024-2025 Rainbownapkin and the TTN Community
+
+This program is free software: you can redistribute it and/or modify
+it under the terms of the GNU Affero General Public License as
+published by the Free Software Foundation, either version 3 of the
+License, or (at your option) any later version.
+
+This program is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+GNU Affero General Public License for more details.
+
+You should have received a copy of the GNU Affero General Public License
+along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
+
+//Config
+const config = require('../../config.json');
+
+//NPM Imports
+const {validationResult, matchedData} = require('express-validator');
+
+//local imports
+const emailChangeModel = require('../schemas/user/emailChangeSchema');
+const csrfUtils = require('../utils/csrfUtils');
+
+//gateway for resetting password
+module.exports.get = async function(req, res){
+    try{
+        //Check for validation errors
+        const validResult = validationResult(req);
+
+        //If there are none
+        if(validResult.isEmpty()){
+            //Get sanatized/validated data
+            const {token} = matchedData(req);
+
+            //Consume the password reset token using given input
+            const requestDB = await emailChangeModel.findOne({token});
+
+            //If we have an invalid request
+            if(requestDB == null){
+                return res.render('emailChange', {instance: config.instanceName, user: req.session.user, csrfToken: csrfUtils.generateToken(req), valid: false});
+            }
+
+            //Speak of our success (don't wait for the emails to be sent)
+            res.render('emailChange', {instance: config.instanceName, user: req.session.user, csrfToken: csrfUtils.generateToken(req), valid: true});
+
+            //Consume the request
+            await requestDB.consume();
+        }else{
+            return res.render('emailChange', {instance: config.instanceName, user: req.session.user, csrfToken: csrfUtils.generateToken(req), valid: false});
+        }
+    }catch(err){
+        return res.render('emailChange', {instance: config.instanceName, user: req.session.user, csrfToken: csrfUtils.generateToken(req), valid: false});
+    }
+}