TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-14 09:52:09 +03:00
Code Issues Projects Releases Wiki Activity
8e9b27f0b5
Ghost/core/server/models/user.js

284 lines
10 KiB
JavaScript
Raw Normal View History

issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
var User,
Users,
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
_ = require('underscore'),
uuid = require('node-uuid'),
when = require('when'),
errors = require('../errorHandling'),
nodefn = require('when/node/function'),
Replace nodejs-bcrypt with bcryptjs * https://github.com/shaneGirish/bcrypt-nodejs * https://github.com/dcodeIO/bcrypt.js
2013-10-23 17:00:28 +04:00
bcrypt = require('bcryptjs'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
Posts = require('./post').Posts,
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
ghostBookshelf = require('./base'),
Cleanup indentation and quotes Aligns all requirements vertically for easier reading + adds single quote standard consistently throughout Ghost, except in long strings.
2013-09-24 14:46:30 +04:00
Role = require('./role').Role,
Add users Gravatar on signup When a user registers try to find their gravatar.
2013-11-11 23:55:22 +04:00
Permission = require('./permission').Permission,
http = require('http'),
crypto = require('crypto');
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
function validatePasswordLength(password) {
try {
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
ghostBookshelf.validator.check(password, "Your must be at least 8 characters long.").len(8);
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
} catch (error) {
return when.reject(error);
}
return when.resolve();
}
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
User = ghostBookshelf.Model.extend({
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
tableName: 'users',
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
permittedAttributes: [
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase
2013-09-14 23:01:46 +04:00
'id', 'uuid', 'name', 'slug', 'password', 'email', 'image', 'cover', 'bio', 'website', 'location',
Add API tests closes #1189 - added tests - added request module - added status codes to API calls - fixed return values of API calls - fixed that drafts caused an error when being deleted - fixed X-Invalidate-Cache headers - moved testUtils.js to utils/index.js
2013-11-03 21:13:19 +04:00
'accessibility', 'status', 'language', 'meta_title', 'meta_description', 'last_login', 'created_at',
'created_by', 'updated_at', 'updated_by'
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
],
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
validate: function () {
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
ghostBookshelf.validator.check(this.get('email'), "Please enter a valid email address. That one looks a bit dodgy.").isEmail();
ghostBookshelf.validator.check(this.get('bio'), "We're not writing a novel here! I'm afraid your bio has to stay under 200 characters.").len(0, 200);
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase
2013-09-14 23:01:46 +04:00
if (this.get('website') && this.get('website').length > 0) {
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
ghostBookshelf.validator.check(this.get('website'), "Looks like your website is not actually a website. Try again?").isUrl();
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
}
Added server validation for location field
2013-10-17 15:22:24 +04:00
ghostBookshelf.validator.check(this.get('location'), 'This seems a little too long! Please try and keep your location under 150 characters.').len(0, 150);
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
return true;
},
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase
2013-09-14 23:01:46 +04:00
creating: function () {
var self = this;
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
ghostBookshelf.Model.prototype.creating.call(this);
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase
2013-09-14 23:01:46 +04:00
if (!this.get('slug')) {
// Generating a slug requires a db call to look for conflicting slugs
return this.generateSlug(User, this.get('name'))
.then(function (slug) {
self.set({slug: slug});
});
}
Agressive stripping of the model attributes - fixes #517 - prevents this from occuring again in future with other relations - validation function & stripping done for all models - casper test for flow, plus validation & logged out tests
2013-08-25 14:49:31 +04:00
},
Escaping several fields to prevent XSS issue #938 - escapes post's title field - escapes settings title, description, email - escapes user's name field - includes test for post title
2013-10-07 21:02:57 +04:00
saving: function () {
Swapping escape to sanitze issue #938 - rather than using escape, use node-validatiors santize function which is designed for preventing xss vectors - added listener for changes to both editor and settings page - added more sanitization to the user model - consistently use triple-braces when outputting blog post titles
2013-10-09 22:11:29 +04:00
this.set('name', this.sanitize('name'));
this.set('email', this.sanitize('email'));
this.set('location', this.sanitize('location'));
this.set('website', this.sanitize('website'));
this.set('bio', this.sanitize('bio'));
Escaping several fields to prevent XSS issue #938 - escapes post's title field - escapes settings title, description, email - escapes user's name field - includes test for post title
2013-10-07 21:02:57 +04:00
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
return ghostBookshelf.Model.prototype.saving.apply(this, arguments);
Escaping several fields to prevent XSS issue #938 - escapes post's title field - escapes settings title, description, email - escapes user's name field - includes test for post title
2013-10-07 21:02:57 +04:00
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
posts: function () {
return this.hasMany(Posts, 'created_by');
},
roles: function () {
return this.belongsToMany(Role);
},
permissions: function () {
return this.belongsToMany(Permission);
}
}, {
/**
* Naive user add
* @param _user
*
* Hashes the password provided before saving to the database.
*/
add: function (_user) {
Edit Post Permissions
2013-08-16 03:22:08 +04:00
var self = this,
// Clone the _user so we don't expose the hashed password unnecessarily
userData = _.extend({}, _user);
simplifying the model structure, again
2013-06-01 18:47:41 +04:00
/**
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
* This only allows one user to be added to the database, otherwise fails.
* @param {object} user
* @author javorszky
simplifying the model structure, again
2013-06-01 18:47:41 +04:00
*/
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
return validatePasswordLength(userData.password).then(function () {
return self.forge().fetch();
}).then(function (user) {
Edit Post Permissions
2013-08-16 03:22:08 +04:00
// Check if user exists
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
if (user) {
return when.reject(new Error('A user is already registered. Only one user for now!'));
}
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
}).then(function () {
Replace nodejs-bcrypt with bcryptjs * https://github.com/shaneGirish/bcrypt-nodejs * https://github.com/dcodeIO/bcrypt.js
2013-10-23 17:00:28 +04:00
// Generate a new salt
return nodefn.call(bcrypt.genSalt);
}).then(function (salt) {
Edit Post Permissions
2013-08-16 03:22:08 +04:00
// Hash the provided password with bcrypt
Replace nodejs-bcrypt with bcryptjs * https://github.com/shaneGirish/bcrypt-nodejs * https://github.com/dcodeIO/bcrypt.js
2013-10-23 17:00:28 +04:00
return nodefn.call(bcrypt.hash, _user.password, salt);
Edit Post Permissions
2013-08-16 03:22:08 +04:00
}).then(function (hash) {
// Assign the hashed password
userData.password = hash;
Add users Gravatar on signup When a user registers try to find their gravatar.
2013-11-11 23:55:22 +04:00
// LookupGravatar
return self.gravatarLookup(userData);
}).then(function (userData) {
Edit Post Permissions
2013-08-16 03:22:08 +04:00
// Save the user with the hashed password
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
return ghostBookshelf.Model.add.call(self, userData);
Edit Post Permissions
2013-08-16 03:22:08 +04:00
}).then(function (addedUser) {
// Assign the userData to our created user so we can pass it back
userData = addedUser;
// Add this user to the admin role (assumes admin = role_id: 1)
Small model update for tags and users - tags are now created with uuid & timestamps - user role is no longer a model, just a join done with attach
2013-09-13 18:06:17 +04:00
return userData.roles().attach(1);
Edit Post Permissions
2013-08-16 03:22:08 +04:00
}).then(function (addedUserRole) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Edit Post Permissions
2013-08-16 03:22:08 +04:00
// Return the added user as expected
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
Edit Post Permissions
2013-08-16 03:22:08 +04:00
return when.resolve(userData);
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
});
simplifying the model structure, again
2013-06-01 18:47:41 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
/**
* Temporarily replacing the function below with another one that checks
* whether there's anyone registered at all. This is due to #138
* @author javorszky
*/
simplifying the model structure, again
2013-06-01 18:47:41 +04:00
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase
2013-09-14 23:01:46 +04:00
// return this.forge({email: userData.email}).fetch().then(function (user) {
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
// if (user !== null) {
// return when.reject(new Error('A user with that email address already exists.'));
// }
// return nodefn.call(bcrypt.hash, _user.password, null, null).then(function (hash) {
// userData.password = hash;
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
// ghostBookshelf.Model.add.call(UserRole, userRoles);
// return ghostBookshelf.Model.add.call(User, userData);
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
// }, errors.logAndThrowError);
// }, errors.logAndThrowError);
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Minor code cleanup, docs and other bits & pieces
2013-08-06 23:27:56 +04:00
// Finds the user by email, and checks the password
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
check: function (_userdata) {
return this.forge({
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase
2013-09-14 23:01:46 +04:00
email: _userdata.email
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}).fetch({require: true}).then(function (user) {
return nodefn.call(bcrypt.compare, _userdata.pw, user.get('password')).then(function (matched) {
if (!matched) {
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
return when.reject(new Error('Your password is incorrect'));
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
return user;
Added consistent error handling throughout the models
2013-06-17 01:36:28 +04:00
}, errors.logAndThrowError);
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
}, function (error) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Added validation for signup and login screens Closes #374 * Included node-validator as a package * Implemented server side validation (the client side js is a mess, need a LOT of work) * Validates email address both on signup and login screens, gives error message on malformed email addresses * Requires at least 8 chars of password * Tells user if password is too short * Tells user if no such user on login * Tells user if wrong password on login * Tells user if server responds with a 404 (goes away, dies, etc) * Added middleware between req and login / signup for validation
2013-08-19 01:50:42 +04:00
return when.reject(new Error('There is no user with that email address.'));
Current user added Closes #340. Closes #375 * Replaced session with id of current user * Added method to ghostlocals to always send profile picture and full name to templates (template checks if falsy) * Modified user saving (`forge().set(new).save()` died on me, `forge().save(new)` didn't) * If user has profile picture, that will be used * If user has name, that will be used * Password changing doesn't care about your email. Uses cookies. Tasty! * User pane uses current user id. Had to set path to me, otherwise goes to `browse` instead of `read`. * Added logic to user api to check for `id === 'me'`, and then use the cookie value * User data saves are now correct * There is no logout error
2013-08-09 05:22:49 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
},
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
/**
* Naive change password method
* @param {object} _userdata email, old pw, new pw, new pw2
*
*/
changePassword: function (_userdata) {
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
var self = this,
userid = _userdata.currentUser,
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
oldPassword = _userdata.oldpw,
newPassword = _userdata.newpw,
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
ne2Password = _userdata.ne2pw,
user = null;
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
if (newPassword !== ne2Password) {
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
return when.reject(new Error('Your new passwords do not match'));
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
}
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
return validatePasswordLength(newPassword).then(function () {
return self.forge({id: userid}).fetch({require: true});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
}).then(function (_user) {
user = _user;
return nodefn.call(bcrypt.compare, oldPassword, user.get('password'));
}).then(function (matched) {
if (!matched) {
return when.reject(new Error('Your password is incorrect'));
}
Replace nodejs-bcrypt with bcryptjs * https://github.com/shaneGirish/bcrypt-nodejs * https://github.com/dcodeIO/bcrypt.js
2013-10-23 17:00:28 +04:00
return nodefn.call(bcrypt.genSalt);
}).then(function (salt) {
return nodefn.call(bcrypt.hash, newPassword, salt);
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
}).then(function (hash) {
user.save({password: hash});
return user;
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
});
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
},
forgottenPassword: function (email) {
var newPassword = Math.random().toString(36).slice(2, 12), // This is magick
user = null;
Validation consistency - introduced validation method in the post and user model - moved signup validation onto model - consistent use of validation & error messaging in the admin UI - helper methods in base view moved to a utils object
2013-08-20 22:52:44 +04:00
Set migrations to use new 000 schema issue #632 - removed old schemas - updated base model to reflect all of the consistent behaviours and properties across the models - updated all models to match the new schema TODO - no fixtures are currently loaded except settings - need to rename properties across the codebase
2013-09-14 23:01:46 +04:00
return this.forge({email: email}).fetch({require: true}).then(function (_user) {
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
user = _user;
Replace nodejs-bcrypt with bcryptjs * https://github.com/shaneGirish/bcrypt-nodejs * https://github.com/dcodeIO/bcrypt.js
2013-10-23 17:00:28 +04:00
return nodefn.call(bcrypt.genSalt);
}).then(function (salt) {
return nodefn.call(bcrypt.hash, newPassword, salt);
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
}).then(function (hash) {
user.save({password: hash});
return { user: user, newPassword: newPassword };
}, function (error) {
Remove unparam:true from jslint config in Gruntfile.js issue #1365 - added /*jslint unparam:true*/ to functions where absolutely necessary - added /*jslint unparam:true*/ to functions in which keeping parameter list added clarity to the underlying api, even when those parameters are not currently used - removed unused parameters in a few places
2013-10-31 22:02:34 +04:00
/*jslint unparam:true*/
Repaired email sending, implement password reset Closes #288 * I use SendGrid for sending the emails, and it works fine (provided you supply the correct credentials in `config.mail` in `config.js`) * Generates a random 12 char long alphanumeric password, replaces user's pw, and sends an email about it.
2013-09-01 02:20:12 +04:00
return when.reject(new Error('There is no user by that email address. Check again.'));
});
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
},
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
effectivePermissions: function (id) {
return this.read({id: id}, { withRelated: ['permissions', 'roles.permissions'] })
.then(function (foundUser) {
var seenPerms = {},
rolePerms = _.map(foundUser.related('roles').models, function (role) {
return role.related('permissions').models;
}),
allPerms = [];
rolePerms.push(foundUser.related('permissions').models);
_.each(rolePerms, function (rolePermGroup) {
_.each(rolePermGroup, function (perm) {
var key = perm.get('action_type') + '-' + perm.get('object_type') + '-' + perm.get('object_id');
// Only add perms once
if (seenPerms[key]) {
return;
}
allPerms.push(perm);
seenPerms[key] = true;
Permissions / ACL - Created Role model - Created Permission model - Linked Users->Roles with a belongsToMany relationship - Linked Permissions to Users and Roles with a belongsToMany relationship - Created permissions helper with functions for initializing and checking permissions (canThis) - Unit tests for lots of things
2013-06-05 07:47:11 +04:00
});
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
Permissions / ACL - Created Role model - Created Permission model - Linked Users->Roles with a belongsToMany relationship - Linked Permissions to Users and Roles with a belongsToMany relationship - Created permissions helper with functions for initializing and checking permissions (canThis) - Unit tests for lots of things
2013-06-05 07:47:11 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
return when.resolve(allPerms);
}, errors.logAndThrowError);
Add users Gravatar on signup When a user registers try to find their gravatar.
2013-11-11 23:55:22 +04:00
},
gravatarLookup: function (userData) {
var gravatarUrl = 'http://www.gravatar.com/avatar/' +
crypto.createHash('md5').update(userData.email.toLowerCase().trim()).digest('hex') +
"?d=404",
checkPromise = when.defer();
http.get(gravatarUrl, function (res) {
if (res.statusCode !== 404) {
userData.image = gravatarUrl;
}
checkPromise.resolve(userData);
}).on('error', function () {
//Error making request just continue.
checkPromise.resolve(userData);
});
return checkPromise.promise;
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
}
simplifying the model structure, again
2013-06-01 18:47:41 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
});
simplifying the model structure, again
2013-06-01 18:47:41 +04:00
Updating to bookshelf 0.5.7 & knex 0.4.11
2013-09-23 02:20:08 +04:00
Users = ghostBookshelf.Collection.extend({
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
model: User
});
simplifying the model structure, again
2013-06-01 18:47:41 +04:00
issue #58 - removing the iiwf Function wrapper and use strict pragma removed from all node files
2013-06-25 15:43:15 +04:00
module.exports = {
User: User,
Users: Users
Users can change password Closes #282 * Added a new route * Added new methods * Triple security! * Passwords are actually changed * Also added a change password button, because 'save' has too much baggage. On security: checks whether you're logged in. Then checks whether your old password is actually the one that belongs to you (gets value from the email field for the email, see caveat no2). Checks the new passwords for === and length > 6 on client and server side as well. And THEN changes passwords. Caveats: * didn't add a test, as mocha fails spectacularly on my machine. SQLITE_CORRUPT: database disk image is malformed. Cute, huh? * Because we don't have / I'm not aware of / could not find a "currentuser" variable, I need to get the email address of the user we want to change from the email field. Theoretically if they replace that with another user's email address, and supply their pw, they will change THEIR password instead of their own.
2013-08-06 03:49:06 +04:00
};
Reference in New Issue Copy Permalink