src/routes/profile.js

'use strict';

exports = module.exports = {
    get: get,
    update: update,
    changePassword: changePassword,
    setTwoFactorAuthenticationSecret: setTwoFactorAuthenticationSecret,
    enableTwoFactorAuthentication: enableTwoFactorAuthentication,
    disableTwoFactorAuthentication: disableTwoFactorAuthentication
};

var assert = require('assert'),
    HttpError = require('connect-lastmile').HttpError,
    HttpSuccess = require('connect-lastmile').HttpSuccess,
    users = require('../users.js'),
    UsersError = users.UsersError,
    _ = require('underscore');

function auditSource(req) {
    var ip = req.headers['x-forwarded-for'] || req.connection.remoteAddress || null;
    return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };
}

function get(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

    next(new HttpSuccess(200, {
        id: req.user.id,
        username: req.user.username,
        email: req.user.email,
        fallbackEmail: req.user.fallbackEmail,
        displayName: req.user.displayName,
        twoFactorAuthenticationEnabled: req.user.twoFactorAuthenticationEnabled,
        admin: req.user.admin
    }));
}

function update(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');
    assert.strictEqual(typeof req.body, 'object');

    if ('email' in req.body && typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));
    if ('fallbackEmail' in req.body && typeof req.body.fallbackEmail !== 'string') return next(new HttpError(400, 'fallbackEmail must be string'));
    if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));

    var data = _.pick(req.body, 'email', 'fallbackEmail', 'displayName');

    users.update(req.user.id, data, auditSource(req), function (error) {
        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));
        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(204));
    });
}

function changePassword(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');
    assert.strictEqual(typeof req.user, 'object');

    if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'newPassword must be a string'));

    users.setPassword(req.user.id, req.body.newPassword, function (error) {
        if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));
        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(204));
    });
}

function setTwoFactorAuthenticationSecret(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

    users.setTwoFactorAuthenticationSecret(req.user.id, function (error, result) {
        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is enabled, disable first'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(201, { secret: result.secret, qrcode: result.qrcode }));
    });
}

function enableTwoFactorAuthentication(req, res, next) {
    assert.strictEqual(typeof req.body, 'object');
    assert.strictEqual(typeof req.user, 'object');

    if (!req.body.totpToken || typeof req.body.totpToken !== 'string') return next(new HttpError(400, 'totpToken must be a nonempty string'));

    users.enableTwoFactorAuthentication(req.user.id, req.body.totpToken, function (error) {
        if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));
        if (error && error.reason === UsersError.BAD_TOKEN) return next(new HttpError(401, 'Invalid token'));
        if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is already enabled'));
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, {}));
    });
}

function disableTwoFactorAuthentication(req, res, next) {
    assert.strictEqual(typeof req.user, 'object');

    users.disableTwoFactorAuthentication(req.user.id, function (error) {
        if (error) return next(new HttpError(500, error));

        next(new HttpSuccess(202, {}));
    });
}
Add specific user profile routes 2016-04-17 16:22:39 +02:00			`'use strict';`

			`exports = module.exports = {`
			`get: get,`
			`update: update,`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00			`changePassword: changePassword,`
			`setTwoFactorAuthenticationSecret: setTwoFactorAuthenticationSecret,`
			`enableTwoFactorAuthentication: enableTwoFactorAuthentication,`
			`disableTwoFactorAuthentication: disableTwoFactorAuthentication`
Add specific user profile routes 2016-04-17 16:22:39 +02:00			`};`

Remove scope from users.get 2018-06-17 15:25:41 -07:00			`var assert = require('assert'),`
Add specific user profile routes 2016-04-17 16:22:39 +02:00			`HttpError = require('connect-lastmile').HttpError,`
			`HttpSuccess = require('connect-lastmile').HttpSuccess,`
Rename user.js to users.js 2018-04-29 10:58:45 -07:00			`users = require('../users.js'),`
Fix nasssty typo 2018-04-29 17:37:53 -07:00			`UsersError = users.UsersError,`
user.update does not need the user object 2016-06-02 23:53:06 -07:00			`_ = require('underscore');`
Add specific user profile routes 2016-04-17 16:22:39 +02:00
make user.remove and user.update add eventlog 2016-05-01 20:09:31 -07:00			`function auditSource(req) {`
			`var ip = req.headers['x-forwarded-for'] \|\| req.connection.remoteAddress \|\| null;`
			`return { ip: ip, username: req.user ? req.user.username : null, userId: req.user ? req.user.id : null };`
			`}`

Add specific user profile routes 2016-04-17 16:22:39 +02:00			`function get(req, res, next) {`
			`assert.strictEqual(typeof req.user, 'object');`

No need to again check the groups for admin 2016-06-23 13:03:39 +02:00			`next(new HttpSuccess(200, {`
			`id: req.user.id,`
			`username: req.user.username,`
			`email: req.user.email,`
Replace alternateEmail with fallbackEmail 2018-01-21 14:50:24 +01:00			`fallbackEmail: req.user.fallbackEmail,`
Send 2fa auth status with profile info 2018-04-26 16:29:40 +02:00			`displayName: req.user.displayName,`
Send admin flag in the profile 2018-08-03 09:28:58 -07:00			`twoFactorAuthenticationEnabled: req.user.twoFactorAuthenticationEnabled,`
			`admin: req.user.admin`
No need to again check the groups for admin 2016-06-23 13:03:39 +02:00			`}));`
Add specific user profile routes 2016-04-17 16:22:39 +02:00			`}`

			`function update(req, res, next) {`
			`assert.strictEqual(typeof req.user, 'object');`
			`assert.strictEqual(typeof req.body, 'object');`

			`if ('email' in req.body && typeof req.body.email !== 'string') return next(new HttpError(400, 'email must be string'));`
Allow changing fallbackEmail via the profile api 2018-01-22 15:55:55 +01:00			`if ('fallbackEmail' in req.body && typeof req.body.fallbackEmail !== 'string') return next(new HttpError(400, 'fallbackEmail must be string'));`
Add specific user profile routes 2016-04-17 16:22:39 +02:00			`if ('displayName' in req.body && typeof req.body.displayName !== 'string') return next(new HttpError(400, 'displayName must be string'));`

Allow changing fallbackEmail via the profile api 2018-01-22 15:55:55 +01:00			`var data = _.pick(req.body, 'email', 'fallbackEmail', 'displayName');`
user.update does not need the user object 2016-06-02 23:53:06 -07:00
Rename user.js to users.js 2018-04-29 10:58:45 -07:00			`users.update(req.user.id, data, auditSource(req), function (error) {`
Fix nasssty typo 2018-04-29 17:37:53 -07:00			`if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));`
			`if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, error.message));`
			`if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));`
Add specific user profile routes 2016-04-17 16:22:39 +02:00			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(204));`
			`});`
			`}`

			`function changePassword(req, res, next) {`
			`assert.strictEqual(typeof req.body, 'object');`
			`assert.strictEqual(typeof req.user, 'object');`

profile updates must be POST 2016-06-02 00:31:41 -07:00			`if (typeof req.body.newPassword !== 'string') return next(new HttpError(400, 'newPassword must be a string'));`
Add specific user profile routes 2016-04-17 16:22:39 +02:00
Rename user.js to users.js 2018-04-29 10:58:45 -07:00			`users.setPassword(req.user.id, req.body.newPassword, function (error) {`
Fix nasssty typo 2018-04-29 17:37:53 -07:00			`if (error && error.reason === UsersError.BAD_FIELD) return next(new HttpError(400, error.message));`
Fix various error codes 2018-06-15 20:51:26 -07:00			`if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));`
Add specific user profile routes 2016-04-17 16:22:39 +02:00			`if (error) return next(new HttpError(500, error));`

			`next(new HttpSuccess(204));`
			`});`
			`}`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00
			`function setTwoFactorAuthenticationSecret(req, res, next) {`
2fa routest work with the req.user object 2018-04-26 15:12:14 +02:00			`assert.strictEqual(typeof req.user, 'object');`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00
Rename user.js to users.js 2018-04-29 10:58:45 -07:00			`users.setTwoFactorAuthenticationSecret(req.user.id, function (error, result) {`
Fix nasssty typo 2018-04-29 17:37:53 -07:00			`if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is enabled, disable first'));`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00			`if (error) return next(new HttpError(500, error));`

Remove unused property on set 2fa secret 2018-04-27 08:20:12 +02:00			`next(new HttpSuccess(201, { secret: result.secret, qrcode: result.qrcode }));`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00			`});`
			`}`

			`function enableTwoFactorAuthentication(req, res, next) {`
2fa routest work with the req.user object 2018-04-26 15:12:14 +02:00			`assert.strictEqual(typeof req.body, 'object');`
			`assert.strictEqual(typeof req.user, 'object');`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00
			`if (!req.body.totpToken \|\| typeof req.body.totpToken !== 'string') return next(new HttpError(400, 'totpToken must be a nonempty string'));`

Rename user.js to users.js 2018-04-29 10:58:45 -07:00			`users.enableTwoFactorAuthentication(req.user.id, req.body.totpToken, function (error) {`
Fix nasssty typo 2018-04-29 17:37:53 -07:00			`if (error && error.reason === UsersError.NOT_FOUND) return next(new HttpError(404, 'User not found'));`
Fix various error codes 2018-06-15 20:51:26 -07:00			`if (error && error.reason === UsersError.BAD_TOKEN) return next(new HttpError(401, 'Invalid token'));`
Fix nasssty typo 2018-04-29 17:37:53 -07:00			`if (error && error.reason === UsersError.ALREADY_EXISTS) return next(new HttpError(409, 'TwoFactor Authentication is already enabled'));`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00			`if (error) return next(new HttpError(500, error));`
Send 2fa auth status with profile info 2018-04-26 16:29:40 +02:00
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00			`next(new HttpSuccess(202, {}));`
			`});`
			`}`

			`function disableTwoFactorAuthentication(req, res, next) {`
2fa routest work with the req.user object 2018-04-26 15:12:14 +02:00			`assert.strictEqual(typeof req.user, 'object');`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00
Rename user.js to users.js 2018-04-29 10:58:45 -07:00			`users.disableTwoFactorAuthentication(req.user.id, function (error) {`
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00			`if (error) return next(new HttpError(500, error));`
Send 2fa auth status with profile info 2018-04-26 16:29:40 +02:00
Add 2fa routest and business logic 2018-04-25 19:08:15 +02:00			`next(new HttpSuccess(202, {}));`
			`});`
			`}`