summaryrefslogtreecommitdiffstats
path: root/server/api/users.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-02-26 08:18:52 +0100
committerJannik Schönartz2019-02-26 08:18:52 +0100
commitdcd82e1c5847151678ae7ffc982b4595304c1eeb (patch)
treed3a7ea5a6390e0c1c2bb49ef24f31b1ddec50606 /server/api/users.js
parent[webapp/configurator] disable touch swipe tabs switching (diff)
downloadbas-dcd82e1c5847151678ae7ffc982b4595304c1eeb.tar.gz
bas-dcd82e1c5847151678ae7ffc982b4595304c1eeb.tar.xz
bas-dcd82e1c5847151678ae7ffc982b4595304c1eeb.zip
[authentication] Rewrite code in async/await, fix edit account module
Diffstat (limited to 'server/api/users.js')
-rw-r--r--server/api/users.js74
1 files changed, 37 insertions, 37 deletions
diff --git a/server/api/users.js b/server/api/users.js
index c5eb822..a754155 100644
--- a/server/api/users.js
+++ b/server/api/users.js
@@ -63,32 +63,52 @@ router.postAsync('/:id/roles', async (req, res) => {
// Post request for creating new user accounts.
router.postAsync(['/', '/:id'], async (req, res) => {
+ if (req.params.id !== 'current') {
+ // TODO: Check for permission to delete / create / update user
+ }
+
if (req.query.delete !== undefined && req.query.delete !== 'false') {
const count = await db.user.destroy({ where: { id: req.body.ids } })
- res.status(200).send({ count })
+ return res.status(200).send({ count })
+ }
+
+ if (req.params.id === undefined) {
+ await authentication.signup(req, res)
+ return res.status(200).send({ auth: true, status: 'VALID' })
} else {
- if (req.params.id === undefined) return authentication.signup(req, res)
- else {
- let user
- user = await db.user.findOne({ where: { id: req.params.id } })
- if (user) {
- await user.update({
- username: req.body.username,
- name: req.body.name,
- email: req.body.email
- })
-
- if (req.body.password) {
- return authentication.changePassword(req, res)
- }
+ const id = req.params.id === 'current' ? req.user.id : req.params.id
+
+ let email = req.body.email
+ if (!authentication.validateEmail(req.body.email)) return res.status(500).send({ status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
+
+ let user
+ user = await db.user.findOne({ where: { id: id } })
+
+ if (user) {
+ let userinfo = {
+ name: req.body.name,
+ email: email
+ }
+
+ // Check if the username is set and if it's valid.
+ let username = req.body.username
+ if (username && req.params.id !== 'current') {
+ if (!authentication.validateUsername(username)) return res.status(400).send({ auth: false, status: 'INVALID_USERNAME', error_message: 'Username does not fullfill the requirements. (No whitespaces)' })
+ userinfo.username = username
+ }
+
+ // Update the user.
+ await user.update(userinfo)
+ if (req.body.password) {
+ return authentication.changePassword(req, res)
}
- res.status(200).end()
}
+ res.status(200).end()
}
})
// Post request for changing the password.
-router.post('/:id/password', (req, res) => {
+router.postAsync('/:id/password', async (req, res) => {
// Check if passwords are set.
if (req.body.passwordCurrent && req.body.password) {
if (req.body.passwordCurrent === req.body.password) return res.status(500).send({ auth: false, status: 'PASSWORD_ERROR', error_message: 'The provided password must be different than the old password.' })
@@ -96,26 +116,6 @@ router.post('/:id/password', (req, res) => {
} else res.status(400).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This service requires the current and the new password.' })
})
-// Post request for chaning the user info. (name, email)
-router.post('/:id', (req, res) => {
- if (req.params.id !== 'current') {
- // Check if the user has the permission for chaning those userdata. Else return.
- return res.status(500).end()
- }
- const id = req.params.id === 'current' ? req.user.id : req.params.id
-
- let email = req.body.email
- if (!authentication.validateEmail(req.body.email)) return res.status(500).send({ status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
- db.user.findOne({ where: { id } }).then(user => {
- user.update({
- name: req.body.name,
- email
- }).then(() => {
- res.send(200)
- })
- })
-})
-
// Function for deleting a single user
router.delete('/:id/', (req, res) => {
// Check if the user has the permission for chaning those userdata. Else return.