sudoxreboot/habitica
1
0
Fork 0
mirror of https://github.com/sudoxnym/habitica.git synced 2026-04-14 19:56:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Revert "use lowercase only emails - register phase"

Browse source 
This reverts commit 69fdff615a.
This commit is contained in:
Matteo Pagliazzi 2015-10-19 19:42:25 +02:00
parent 7a2d2fd3dc
commit ad6be153f4
1 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
website/src/controllers/auth.js
View file

@ -67,7 +67,8 @@ api.authWithUrl = function(req, res, next) {
}
api.registerUser = function(req, res, next) {
var regUname = RegexEscape(req.body.username);
var regEmail = RegexEscape(req.body.email),
regUname = RegexEscape(req.body.username);
async.auto({
validate: function(cb) {
if (!(req.body.username && req.body.password && req.body.email))
@ -79,14 +80,14 @@ api.registerUser = function(req, res, next) {
cb();
},
findReg: function(cb) {
User.findOne({$or:[{'auth.local.email': req.body.email}, {'auth.local.username': regUname}]}, {'auth.local':1}, cb);
User.findOne({$or:[{'auth.local.email': regEmail}, {'auth.local.username': regUname}]}, {'auth.local':1}, cb);
},
findFacebook: function(cb){
User.findOne({_id: req.headers['x-api-user'], apiToken: req.headers['x-api-key']}, {auth:1}, cb);
},
register: ['validate', 'findReg', 'findFacebook', function(cb, data) {
if (data.findReg) {
if (req.body.email === data.findReg.auth.local.email) return cb({code:401, err:"Email already taken"});
if (regEmail.test(data.findReg.auth.local.email)) return cb({code:401, err:"Email already taken"});
if (regUname.test(data.findReg.auth.local.username)) return cb({code:401, err:"Username already taken"});
}
var salt = utils.makeSalt();
@ -94,7 +95,7 @@ api.registerUser = function(req, res, next) {
auth: {
local: {
username: req.body.username,
email: req.body.email.toLowerCase(),
email: req.body.email,
salt: salt,
hashed_password: utils.encryptPassword(req.body.password, salt)
},
@ -142,7 +143,7 @@ api.loginLocal = function(req, res, next) {
var username = req.body.username;
var password = req.body.password;
if (!(username && password)) return res.json(401, {err:'Missing :username or :password in request body, please provide both'});
var login = validator.isEmail(username) ? {'auth.local.email':username.toLowerCase()} : {'auth.local.username':username};
var login = validator.isEmail(username) ? {'auth.local.email':username} : {'auth.local.username':username};
User.findOne(login, {auth:1}, function(err, user){
if (err) return next(err);
if (!user) return res.json(401, {err:"Uh-oh - your username or password is incorrect.\n- Make sure your username or email is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login.\n- If you forgot your password, click \"Forgot Password\"."});
@ -232,12 +233,12 @@ api.deleteSocial = function(req,res,next){
}
api.resetPassword = function(req, res, next){
var email = req.body.email && req.body.email.toLowerCase(),
var email = req.body.email,
salt = utils.makeSalt(),
newPassword = utils.makeSalt(), // use a salt as the new password too (they'll change it later)
hashed_password = utils.encryptPassword(newPassword, salt);
User.findOne({'auth.local.email': email}, function(err, user){
User.findOne({'auth.local.email': RegexEscape(email)}, function(err, user){
if (err) return next(err);
if (!user) return res.send(401, {err:"Sorry, we can't find a user registered with email " + email + "\n- Make sure your email address is typed correctly.\n- You may have signed up with Facebook, not email. Double-check by trying Facebook login."});
user.auth.local.salt = salt;
@ -282,15 +283,14 @@ api.changeUsername = function(req, res, next) {
}
api.changeEmail = function(req, res, next){
var email = req.body.email && req.body.email.toLowerCase()
async.waterfall([
function(cb){
User.findOne({'auth.local.email': email}, {auth:1}, cb);
User.findOne({'auth.local.email': RegexEscape(req.body.email)}, {auth:1}, cb);
},
function(found, cb){
if(found) return cb({code:401, err: "Email already taken"});
if (invalidPassword(res.locals.user, req.body.password)) return cb(invalidPassword(res.locals.user, req.body.password));
res.locals.user.auth.local.email = email;
res.locals.user.auth.local.email = req.body.email;
res.locals.user.save(cb);
}
], function(err){