From f42e850ad0778c147bead82a91d3805c81b66150 Mon Sep 17 00:00:00 2001 From: Jannik Schönartz Date: Mon, 25 Feb 2019 06:52:15 +0000 Subject: [webapp/user] Add user management module for creating / deleting user accounts --- server/lib/authentication.js | 58 ++++++++++++++++++++++++-------------------- 1 file changed, 32 insertions(+), 26 deletions(-) (limited to 'server/lib/authentication.js') diff --git a/server/lib/authentication.js b/server/lib/authentication.js index f412e31..9c1062c 100644 --- a/server/lib/authentication.js +++ b/server/lib/authentication.js @@ -34,37 +34,37 @@ function loginToken (req, res) { } // Method for creating a new user. -function signup (req, res) { +async function signup (req, res) { // TODO: Implement some security stuff. Not every user who call this request should be able to sign up. var params = req.body - if (!params.username) return res.status(500).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' }) - if (!params.password) return res.status(500).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' }) + if (!params.username) return res.status(400).send({ auth: false, status: 'USER_MISSING', error_message: 'This service requires an username.' }) + if (validateUsername(params.username)) return res.status(400).send({ auth: false, status: 'INVALID_USERNAME', error_message: 'Username does not fullfill the requirements. (No whitespaces)' }) + if (!params.password) return res.status(400).send({ auth: false, status: 'PASSWORD_MISSING', error_message: 'This services requires a password.' }) // if (!params.email) return res.status(500).send({ auth: false, status: 'EMAIL_MISSING', error_message: 'This services requires an email.' }) // Database and user validation. - db.user.findOne({ where: { username: params.username } }).then(userDb => { - // User exists validation. - if (userDb) return res.status(500).send({ auth: false, status: 'USER_ALREADY_EXISTS', error_message: 'The provided username already exists.' }) - // Password requirements validation. - if (!validatePassword(params.password)) return res.status(500).send({ auth: false, status: 'PASSWORD_REQUIREMENTS', error_message: 'The password requirements are not fullfilled.' }) - // Email validation. - if (!validateEmail(params.email)) return res.status(500).send({ auth: false, status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' }) - var userPassword = Buffer.from(params.password) - - // Register user - pwd.hash(userPassword, function (err, hash) { - if (err) return res.status(500).send({ auth: false, status: 'PASSWORD_HASH_ERROR', error_message: 'Hashing the password failed.' }) - // Saving the non improved hash and creating the user in the db. - db.user.create({ username: params.username, password: hash, email: params.email, name: params.name }).then(userDb => { - // TODO: Username could also be used because those are unique as well. - var userId = userDb.id - // Verify & improving the hash. - verifyHash(res, userPassword, hash, userId, function () { - return res.status(200).send({ auth: true, status: 'VALID' }) - }) - }) - }) - }) + let userDb = await db.user.findOne({ where: { username: params.username } }) + + // User exists validation. + if (userDb) return res.status(500).send({ auth: false, status: 'USER_ALREADY_EXISTS', error_message: 'The provided username already exists.' }) + // Password requirements validation. + if (!validatePassword(params.password)) return res.status(400).send({ auth: false, status: 'PASSWORD_REQUIREMENTS', error_message: 'The password requirements are not fullfilled.' }) + // Email validation. + // if (!validateEmail(params.email)) return res.status(500).send({ auth: false, status: 'EMAIL_INVALID', error_message: 'The provided email is invalid.' }) + var userPassword = Buffer.from(params.password) + + // Register user + const hash = await pwd.hash(userPassword) + // if (err) return res.status(500).send({ auth: false, status: 'PASSWORD_HASH_ERROR', error_message: 'Hashing the password failed.' }) + + // Saving the non improved hash and creating the user in the db. + const newUser = await db.user.create({ username: params.username, password: hash, email: params.email, name: params.name }) + // TODO: Username could also be used because those are unique as well. + var userId = newUser.id + + // Verify & improving the hash. + await verifyHash(res, userPassword, hash, userId, () => {}) + return res.status(200).send({ auth: true, status: 'VALID' }) } // Logout method for the frontend. Deleting the cookies by overwriting them. @@ -222,3 +222,9 @@ function validatePassword (password) { if (password.length < 8) return false return true } + +// Function for validating the username. Username requirements are implemented here. +function validateUsername (username) { + // Disallow whitespaces + return !/\s/.test(username) +} -- cgit v1.2.3-55-g7522