summaryrefslogtreecommitdiffstats
path: root/server/lib/authentication.js
diff options
context:
space:
mode:
authorJannik Schönartz2019-02-25 07:52:15 +0100
committerJannik Schönartz2019-02-25 07:52:15 +0100
commitf42e850ad0778c147bead82a91d3805c81b66150 (patch)
tree2b5189a7f8a96ca4a15777a06a71581cd1b93ce3 /server/lib/authentication.js
parent[webapp/datatable] small design fixes (diff)
downloadbas-f42e850ad0778c147bead82a91d3805c81b66150.tar.gz
bas-f42e850ad0778c147bead82a91d3805c81b66150.tar.xz
bas-f42e850ad0778c147bead82a91d3805c81b66150.zip
[webapp/user] Add user management module for creating / deleting user accounts
Diffstat (limited to 'server/lib/authentication.js')
-rw-r--r--server/lib/authentication.js58
1 files changed, 32 insertions, 26 deletions
diff --git a/server/lib/authentication.js b/server/lib/authentication.js
index f412e31..9c1062c 100644
--- a/server/lib/authentication.js
+++ b/server/lib/authentication.js
@@ -34,37 +34,37 @@ function loginToken (req, res) {
}
// Method for creating a new user.
-function signup (req, res) {
+async function signup (req, res) {
// TODO: Implement some security stuff. Not every user who call this request should be able to sign up.
var params = req.body
- if (!params.username) return res.status(500).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
- if (!params.password) return res.status(500).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' })
+ if (!params.username) return res.status(400).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' })
+ if (validateUsername(params.username)) return res.status(400).send({ auth: false, status: 'INVALID_USERNAME', error_message: 'Username does not fullfill the requirements. (No whitespaces)' })
+ if (!params.password) return res.status(400).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' })
// if (!params.email) return res.status(500).send({ auth: false, status: 'EMAIL_MISSING', error_message: 'This services requires an email.' })
// Database and user validation.
- db.user.findOne({ where: { username: params.username } }).then(userDb => {
- // User exists validation.
- if (userDb) return res.status(500).send({ auth: false, status: 'USER_ALREADY_EXISTS', error_message: 'The provided username already exists.' })
- // Password requirements validation.
- if (!validatePassword(params.password)) return res.status(500).send({ auth: false, status: 'PASSWORD_REQUIREMENTS', error_message: 'The password requirements are not fullfilled.' })
- // Email validation.
- if (!validateEmail(params.email)) return res.status(500).send({ auth: false, status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
- var userPassword = Buffer.from(params.password)
-
- // Register user
- pwd.hash(userPassword, function (err, hash) {
- if (err) return res.status(500).send({ auth: false, status: 'PASSWORD_HASH_ERROR', error_message: 'Hashing the password failed.' })
- // Saving the non improved hash and creating the user in the db.
- db.user.create({ username: params.username, password: hash, email: params.email, name: params.name }).then(userDb => {
- // TODO: Username could also be used because those are unique as well.
- var userId = userDb.id
- // Verify & improving the hash.
- verifyHash(res, userPassword, hash, userId, function () {
- return res.status(200).send({ auth: true, status: 'VALID' })
- })
- })
- })
- })
+ let userDb = await db.user.findOne({ where: { username: params.username } })
+
+ // User exists validation.
+ if (userDb) return res.status(500).send({ auth: false, status: 'USER_ALREADY_EXISTS', error_message: 'The provided username already exists.' })
+ // Password requirements validation.
+ if (!validatePassword(params.password)) return res.status(400).send({ auth: false, status: 'PASSWORD_REQUIREMENTS', error_message: 'The password requirements are not fullfilled.' })
+ // Email validation.
+ // if (!validateEmail(params.email)) return res.status(500).send({ auth: false, status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' })
+ var userPassword = Buffer.from(params.password)
+
+ // Register user
+ const hash = await pwd.hash(userPassword)
+ // if (err) return res.status(500).send({ auth: false, status: 'PASSWORD_HASH_ERROR', error_message: 'Hashing the password failed.' })
+
+ // Saving the non improved hash and creating the user in the db.
+ const newUser = await db.user.create({ username: params.username, password: hash, email: params.email, name: params.name })
+ // TODO: Username could also be used because those are unique as well.
+ var userId = newUser.id
+
+ // Verify & improving the hash.
+ await verifyHash(res, userPassword, hash, userId, () => {})
+ return res.status(200).send({ auth: true, status: 'VALID' })
}
// Logout method for the frontend. Deleting the cookies by overwriting them.
@@ -222,3 +222,9 @@ function validatePassword (password) {
if (password.length < 8) return false
return true
}
+
+// Function for validating the username. Username requirements are implemented here.
+function validateUsername (username) {
+ // Disallow whitespaces
+ return !/\s/.test(username)
+}