summaryrefslogtreecommitdiffstats
path: root/server/api/users.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-03-04 01:14:38 +0100
committerJannik Schönartz2019-03-04 01:14:38 +0100
commit6471511909de79c1f3739ba9d6a5b45b7eb1fadb (patch)
treeb0702eae88cea3ce8fff89f1fa2f91849e79e1ee /server/api/users.js
parent[webapp] add option to disable all animations (diff)
downloadbas-6471511909de79c1f3739ba9d6a5b45b7eb1fadb.tar.gz
bas-6471511909de79c1f3739ba9d6a5b45b7eb1fadb.tar.xz
bas-6471511909de79c1f3739ba9d6a5b45b7eb1fadb.zip
[authentication] Restructure api to match our new error code standard
Moved most of the res.send from the lib to the api Fixed frontend to match the new api
Diffstat (limited to 'server/api/users.js')
-rw-r--r--server/api/users.js56
1 files changed, 29 insertions, 27 deletions
diff --git a/server/api/users.js b/server/api/users.js
index 178c6fb..c4d9a2f 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -13,13 +13,7 @@ var authentication = require(path.join(__appdir, 'lib', 'authentication'))
* @return: Returns a list of all users in the database and their given roles.
*/
router.getAsync('', async (req, res) => {
- const users = await db.user.findAll({ include: ['roles'], order: [['name', 'ASC']] })
-
- // Remove passwords
- await users.forEach(x => {
- x = x.dataValues
- delete x.password
- })
+ const users = await db.user.findAll({ attributes: { exclude: ['password'] }, include: ['roles'], order: [['name', 'ASC']] })
res.status(200).send(users)
})
@@ -28,12 +22,9 @@ router.getAsync('', async (req, res) => {
*/
router.getAsync('/:id', async (req, res) => {
const id = req.params.id === 'current' ? req.user.id : req.params.id
- const user = await db.user.findOne({ where: { id } })
+ const user = await db.user.findOne({ where: { id }, attributes: { exclude: ['password'] } })
if (user) {
- // Remove the hased password.
- let u = user.dataValues
- delete u.password
- res.status(200).send(u)
+ res.status(200).send(user)
} else {
res.status(404).end()
}
@@ -62,48 +53,54 @@ router.postAsync('/:id/roles', async (req, res) => {
// Post request for creating new user accounts.
router.postAsync(['/', '/:id'], async (req, res) => {
+ const body = req.body
if (req.params.id !== 'current') {
// TODO: Check for permission to delete / create / update user
}
if (req.query.delete !== undefined && req.query.delete !== 'false') {
- const count = await db.user.destroy({ where: { id: req.body.ids } })
- return res.status(200).send({ count })
+ const count = await db.user.destroy({ where: { id: body.ids } })
+ return res.send({ count })
}
if (req.params.id === undefined) {
- await authentication.signup(req, res)
- return res.status(200).send({ auth: true, status: 'VALID' })
+ const result = await authentication.signup(body)
+ const code = result.code
+ delete result.code
+ return res.status(code).send(result)
} else {
const id = req.params.id === 'current' ? req.user.id : req.params.id
let email = req.body.email
- if (!authentication.validateEmail(req.body.email)) return res.status(500).send({ status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
+ if (!authentication.validateEmail(req.body.email)) return res.status(500).send({ error: 'EMAIL_INVALID', message: 'The provided email is invalid.' })
let user
user = await db.user.findOne({ where: { id: id } })
if (user) {
let userinfo = {
- name: req.body.name,
+ name: body.name,
email: email
}
// Check if the username is set and if it's valid.
- let username = req.body.username
+ let username = body.username
if (username && req.params.id !== 'current') {
- if (!authentication.validateUsername(username)) return res.status(400).send({ auth: false, status: 'INVALID_USERNAME', error_message: 'Username does not fullfill the requirements. (No whitespaces)' })
+ if (!authentication.validateUsername(username)) return res.status(400).send({ error: 'INVALID_USERNAME', message: 'Username does not fullfill the requirements. (No whitespaces)' })
// Check if the username already exists.
let userDb = await db.user.findOne({ where: { username: username, id: { $not: id } } })
- if (userDb) return res.status(400).send({ auth: false, status: 'USER_ALREADY_EXISTS', error_message: 'The provided username already exists.' })
+ if (userDb) return res.status(400).send({ error: 'USER_ALREADY_EXISTS', message: 'The provided username already exists.' })
userinfo.username = username
}
// Update the user.
await user.update(userinfo)
- if (req.body.password) {
- return authentication.changePassword(req, res)
+ if (body.password) {
+ const result = await authentication.changePassword(id, body.password, body.passwordCurrent)
+ const code = result.code
+ delete result.code
+ res.status(code).send(result)
}
}
res.status(200).end()
@@ -112,11 +109,16 @@ router.postAsync(['/', '/:id'], async (req, res) => {
// Post request for changing the password.
router.postAsync('/:id/password', async (req, res) => {
+ const id = req.params.id
+ const body = req.body
// Check if passwords are set.
- if (req.body.passwordCurrent && req.body.password) {
- if (req.body.passwordCurrent === req.body.password) return res.status(500).send({ auth: false, status: 'PASSWORD_ERROR', error_message: 'The provided password must be different than the old password.' })
- return authentication.changePassword(req, res)
- } else res.status(400).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This service requires the current and the new password.' })
+ if (body.passwordCurrent && body.password) {
+ if (body.passwordCurrent === body.password) return res.status(500).send({ error: 'PASSWORD_ERROR', message: 'The provided password must be different than the old password.' })
+ const result = await authentication.changePassword(id, body.password, body.passwordCurrent)
+ const code = result.code
+ delete result.code
+ res.status(code).send(result)
+ } else res.status(400).send({ error: 'PASSWORD_MISSING', message: 'This service requires the current and the new password.' })
})
// Function for deleting a single user