From e6d61d1145f3c17a97b426819d8cb9e46d0f59ff Mon Sep 17 00:00:00 2001 From: Tyler Renelle Date: Fri, 6 Sep 2013 09:55:24 -0400 Subject: [PATCH] [#1446] add change-password back in --- assets/js/controllers/settingsCtrl.js | 14 ++++++++++++++ src/controllers/auth.js | 23 +++++++++++++++++++++++ src/routes/auth.js | 1 + views/options/settings.jade | 12 ++++++++++-- 4 files changed, 48 insertions(+), 2 deletions(-) diff --git a/assets/js/controllers/settingsCtrl.js b/assets/js/controllers/settingsCtrl.js index 5c1cb622e9..88aff16f43 100644 --- a/assets/js/controllers/settingsCtrl.js +++ b/assets/js/controllers/settingsCtrl.js @@ -35,5 +35,19 @@ habitrpg.controller('SettingsCtrl', }) } + $scope.changePassword = function(changePass){ + if (!changePass.oldPassword || !changePass.newPassword || !changePass.confirmNewPassword) { + return alert("Please fill out all fields"); + } + $http.post(API_URL + '/api/v1/user/change-password', changePass) + .success(function(){ + alert("Password successfully changed"); + $scope.changePass = {}; + }) + .error(function(data){ + alert(data); + }); + } + } ]); diff --git a/src/controllers/auth.js b/src/controllers/auth.js index dedbb240e1..c8bb3d475e 100644 --- a/src/controllers/auth.js +++ b/src/controllers/auth.js @@ -184,6 +184,29 @@ api.resetPassword = function(req, res, next){ }); }; +api.changePassword = function(req, res, next) { + var user = res.locals.user, + oldPassword = req.body.oldPassword, + newPassword = req.body.newPassword, + confirmNewPassword = req.body.confirmNewPassword; + + if (newPassword != confirmNewPassword) + return res.json(500, {err: "Password & Confirm don't match"}); + + var salt = user.auth.local.salt, + hashed_old_password = utils.encryptPassword(oldPassword, salt), + hashed_new_password = utils.encryptPassword(newPassword, salt); + + if (hashed_old_password !== user.auth.local.hashed_password) + return res.json(500, {err:"Old password doesn't match"}); + + user.auth.local.hashed_password = hashed_new_password; + user.save(function(err, saved){ + if (err) res.json(500,{err:err}); + res.send(200); + }) +} + /* Registers a new user. Only accepting username/password registrations, no Facebook */ diff --git a/src/routes/auth.js b/src/routes/auth.js index 7b85c93dad..b15f1b4a0f 100644 --- a/src/routes/auth.js +++ b/src/routes/auth.js @@ -8,5 +8,6 @@ router.post('/api/v1/register', auth.registerUser); router.post('/api/v1/user/auth/local', auth.loginLocal); router.post('/api/v1/user/auth/facebook', auth.loginFacebook); router.post('/api/v1/user/reset-password', auth.resetPassword); +router.post('/api/v1/user/change-password', auth.auth, auth.changePassword); module.exports = router; \ No newline at end of file diff --git a/views/options/settings.jade b/views/options/settings.jade index 69a4062ebe..f6d2c556d1 100644 --- a/views/options/settings.jade +++ b/views/options/settings.jade @@ -15,8 +15,16 @@ div(ng-show='user.auth.local') hr h4 Change Password - derby-auth:changepassword - hr + form(ng-submit='changePassword(changePass)', ng-show='user.auth.local') + .control-group + input(type='password', placeholder='Old Password', ng-model='changePass.oldPassword', required) + .control-group + input(type='password', placeholder='New Password', ng-model='changePass.newPassword', required) + .control-group + input(type='password', placeholder='Confirm New Password', ng-model='changePass.confirmNewPassword', required) + input.btn(type='submit', value='Submit') + + hr h4 Danger Zone a.btn.btn-danger(ng-click='notPorted()', data-target='#reset-modal', data-toggle='modal', tooltip='Resets your entire account (dangerous).') Reset a.btn.btn-danger(ng-click='notPorted()', data-target='#restore-modal', data-toggle='modal', tooltip='Restores attributes to your character.') Restore