summaryrefslogtreecommitdiffstats
path: root/server/lib/authentication.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-02-24 03:16:04 +0100
committerJannik Schönartz2019-02-24 03:16:04 +0100
commitceb166a81c74ca41b7d9099fb5a067c5cfc1827d (patch)
tree8283f2110a0d74ea37c5856ae3fc683cf52b9fdf /server/lib/authentication.js
parent[webapp/groups] rework old tables to new data table (diff)
downloadbas-ceb166a81c74ca41b7d9099fb5a067c5cfc1827d.tar.gz
bas-ceb166a81c74ca41b7d9099fb5a067c5cfc1827d.tar.xz
bas-ceb166a81c74ca41b7d9099fb5a067c5cfc1827d.zip
[account] Add editable user info, change statuscodes, delete account
[server] Add method for updating user info Add method for deleteing user Switch from statuscode 500 to 401 Fixed stauts null exception Validate Email now allows empty email [webapp/AccountPage] Add button to delete the user account (including a dialog) Some order fixes with the info fields User info is now editable
Diffstat (limited to 'server/lib/authentication.js')
-rw-r--r--server/lib/authentication.js48
1 files changed, 27 insertions, 21 deletions
diff --git a/server/lib/authentication.js b/server/lib/authentication.js
index 7b616d4..f412e31 100644
--- a/server/lib/authentication.js
+++ b/server/lib/authentication.js
@@ -6,7 +6,7 @@ var db = require(path.join(__appdir, 'lib', 'sequelize'))
var securePassword = require('secure-password')
var pwd = securePassword()
-module.exports = { loginCookie, loginToken, logout, verifyToken, signup, changePassword }
+module.exports = { loginCookie, loginToken, logout, verifyToken, signup, changePassword, validateEmail }
// Authentifivation method for the frontend using secure httpOnly cookies. (POST)
function loginCookie (req, res) {
@@ -39,7 +39,7 @@ function signup (req, res) {
var params = req.body
if (!params.username) return res.status(500).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
if (!params.password) return res.status(500).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' })
- if (!params.email) return res.status(500).send({ auth: false, status: 'EMAIL_MISSING', error_message: 'This services requires an email.' })
+ // if (!params.email) return res.status(500).send({ auth: false, status: 'EMAIL_MISSING', error_message: 'This services requires an email.' })
// Database and user validation.
db.user.findOne({ where: { username: params.username } }).then(userDb => {
@@ -121,14 +121,14 @@ function verifyToken (req, res, next) {
} else if (req.cookies.jwt_hp && req.cookies.jwt_s) {
token = req.cookies.jwt_hp + '.' + req.cookies.jwt_s
} else {
- if (res) return res.status(403).send({ auth: false, status: 'TOKEN_MISSING', error_message: 'This service requires a token.' })
+ if (res) return res.status(401).send({ auth: false, status: 'TOKEN_MISSING', error_message: 'This service requires a token.' })
else return next(new Error('TOKEN_MISSING'))
}
// Verify the token with the secret.
jwt.verify(token, config.secret, err => {
if (err) {
- if (res) return res.status(500).send({ auth: false, status: 'TOKEN_INVALID', error_message: 'The provided token is invalid.' })
+ if (res) return res.status(401).send({ auth: false, status: 'TOKEN_INVALID', error_message: 'The provided token is invalid.' })
else return next(new Error('TOKEN_INVALID'))
}
req.token = token
@@ -138,23 +138,36 @@ function verifyToken (req, res, next) {
// Check weather the user exists.
db.user.findOne({ where: { id: req.user.id } }).then(user => {
if (user) next()
- else return res.status(500).send({ auth: false, status: 'TOKEN_INVALID', error_message: 'The token is from an invalid userid.' })
+ else {
+ if (res) return res.status(401).send({ auth: false, status: 'TOKEN_INVALID', error_message: 'The token is from an invalid userid.' })
+ else return next(new Error('TOKEN_INVALID'))
+ }
})
})
}
+// Function for validating the e-mail.
+function validateEmail (email) {
+ // TODO: Remove if email is not optional
+ if (email === '') return true
+
+ // Removed escape before [ because eslint told me so.
+ var re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
+ return re.test(String(email).toLowerCase())
+}
+
// ################################################
// ############## Helper function #################
// ################################################
// The function for verifying a user. Callback only gets called if the user gets verified.
function verifyUser (res, username, password, callback) {
- if (!username) return res.status(500).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
- if (!password) return res.status(500).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' })
+ if (!username) return res.status(401).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
+ if (!password) return res.status(401).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' })
db.user.findOne({ where: { username: username } }).then(userDb => {
if (!userDb) {
- return res.status(404).send({ auth: false, status: 'USER_NOTFOUND', error_message: 'User does not exist.' })
+ return res.status(401).send({ auth: false, status: 'USER_NOTFOUND', error_message: 'User does not exist.' })
}
var user = {}
user.id = userDb.id
@@ -164,7 +177,7 @@ function verifyUser (res, username, password, callback) {
// Verify & improving the hash.
verifyHash(res, userPassword, hash, user.id, () => {
jwt.sign({ user }, config.secret, { expiresIn: '12h' }, (err, token) => {
- if (err) return res.status(500).send({ auth: false, status: 'JWT_ERROR', error_message: 'Jwt sign failed.' })
+ if (err) return res.status(401).send({ auth: false, status: 'JWT_ERROR', error_message: 'Jwt sign failed.' })
return callback(token)
})
})
@@ -175,17 +188,17 @@ function verifyUser (res, username, password, callback) {
function verifyHash (res, password, hash, userId, callback) {
// Check if the hash in the database fullfills the requirements needed for pwd.verify.
// Hash will be a Buffer of length SecurePassword.HASH_BYTES.
- if (hash.length !== securePassword.HASH_BYTES) return res.status(500).send({ auth: false, status: 'DATABASE_HASH_INVALID', error_message: 'The hash in the database is corrupted.' })
+ if (hash.length !== securePassword.HASH_BYTES) return res.status(401).send({ auth: false, status: 'DATABASE_HASH_INVALID', error_message: 'The hash in the database is corrupted.' })
// Password must be a Buffer of length SecurePassword.PASSWORD_BYTES_MIN - SecurePassword.PASSWORD_BYTES_MAX.
- if (password.length < securePassword.PASSWORD_BYTES_MIN || password.length > securePassword.PASSWORD_BYTES_MAX) return res.status(500).send({ auth: false, status: 'PASSWORD_INVALID', error_message: 'The provided password has an invalid length.' })
+ if (password.length < securePassword.PASSWORD_BYTES_MIN || password.length > securePassword.PASSWORD_BYTES_MAX) return res.status(401).send({ auth: false, status: 'PASSWORD_INVALID', error_message: 'The provided password has an invalid length.' })
// Verification of the password. Rehash if needed.
pwd.verify(password, hash, function (err, result) {
- if (err) return res.status(500).send({ auth: false, status: 'PASSWORD_VERIFY_ERROR', error_message: 'Verifying the password failed.' })
+ if (err) return res.status(401).send({ auth: false, status: 'PASSWORD_VERIFY_ERROR', error_message: 'Verifying the password failed.' })
// Check the state of the verification.
- if (result === securePassword.INVALID_UNRECOGNIZED_HASH) return res.status(500).send({ auth: false, status: 'INVALID_UNRECOGNIZED_HASH', error_message: 'This hash was not made with secure-password. Attempt legacy algorithm.' })
- if (result === securePassword.INVALID) return res.status(500).send({ auth: false, status: 'PASSWORD_INVALID', error_message: 'The provided password is invalid.' })
+ if (result === securePassword.INVALID_UNRECOGNIZED_HASH) return res.status(401).send({ auth: false, status: 'INVALID_UNRECOGNIZED_HASH', error_message: 'This hash was not made with secure-password. Attempt legacy algorithm.' })
+ if (result === securePassword.INVALID) return res.status(401).send({ auth: false, status: 'PASSWORD_INVALID', error_message: 'The provided password is invalid.' })
if (result === securePassword.VALID) callback()
if (result === securePassword.VALID_NEEDS_REHASH) {
pwd.hash(password, function (err, improvedHash) {
@@ -203,13 +216,6 @@ function verifyHash (res, password, hash, userId, callback) {
})
}
-// Function for validating the e-mail.
-function validateEmail (email) {
-// Removed escape before [ because eslint told me so.
- var re = /^(([^<>()[\]\\.,;:\s@"]+(\.[^<>()[\]\\.,;:\s@"]+)*)|(".+"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA-Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
- return re.test(String(email).toLowerCase())
-}
-
// Function for validating the password. Password requirements are implemented here.
function validatePassword (password) {
// TODO: implement pw requirements like in the frontend. (SetupPage)