From cf3d1f14bbd20fa22a3229c9edda46383e0d3bee Mon Sep 17 00:00:00 2001 From: Joshua Treudler Date: Sun, 21 Jul 2024 02:06:41 +0200 Subject: [PATCH] add various checks to the nickname and email change functions --- server/index.js | 86 ++++++++++++++++++++++++++++++------------------- 1 file changed, 53 insertions(+), 33 deletions(-) diff --git a/server/index.js b/server/index.js index ea5219c..7315f3e 100644 --- a/server/index.js +++ b/server/index.js @@ -556,27 +556,6 @@ app.get(API_PATH + '/activate/:registration_key', (req, res) => { }); }); -// confirm email - confirm email with email verification key -app.get(API_PATH + '/verify/:email_verification_key', (req, res) => { - const email_verification_key = req.params.email_verification_key; - logger.info('Verifying email with email verification key: ' + email_verification_key); - db.query('UPDATE users SET email_verified = TRUE WHERE email_verification_key = ?', [email_verification_key], (err, result) => { - if (err) { - console.error('Error querying database: ' + err); - res.status(500).send('Internal Server Error'); - return; - } - db.query('UPDATE users SET email_verification_key = NULL WHERE email_verification_key = ?', [email_verification_key], (err, result) => { - if (err) { - console.error('Error querying database: ' + err); - res.status(500).send('Internal Server Error'); - return; - } - res.send('Email verified. You can now login.'); - }); - }); -}); - // initiate password reset - send email with password reset link // user enters email or username, check if user exists, generate password reset key, send email with password reset link app.post(API_PATH + '/password/reset', (req, res) => { @@ -697,24 +676,38 @@ app.put(API_PATH + '/user', checkAuth, (req, res) => { const user = result[0]; // Check if email is changed if (email !== user.email) { - const email_verification_key = Math.random().toString(36).substring(2, 15) + Math.random().toString(36).substring(2, 15); - const email_verification_expires = new Date(); - email_verification_expires.setHours(email_verification_expires.getHours() + 1); - db.query('UPDATE users SET email = ?, nickname = ?, updated_at = ?, email_verification_key = ?, email_verification_expires = ? WHERE id = ?', [email, nickname, updated_at, email_verification_key, email_verification_expires, req.session.userId], (err, result) => { + db.query('SELECT * FROM users WHERE email = ?', [email], (err, result) => { if (err) { - console.error('Error updating user in database: ' + err); + console.error('Error querying database: ' + err); res.status(500).send('Internal Server Error'); return; } - // Send email verification email - const subject = 'Email Verification'; - const text = 'Please click the link below to verify your email address:'; - const html = `

Please click the link below to verify your email address:

${HOST}/api/v1/verify/${email_verification_key}`; - sendEmail(email, subject, text, html); - res.json({ status: 'success', message: 'User updated. Please verify your email address.' }); - return; + if (result.length > 0) { + res.json({ status: 'error', message: 'Email is already in use' }); + return; + } + checkNickname(); }); } else { + checkNickname(); + } + + function checkNickname() { + db.query('SELECT * FROM users WHERE nickname = ?', [nickname], (err, result) => { + if (err) { + console.error('Error querying database: ' + err); + res.status(500).send('Internal Server Error'); + return; + } + if (result.length > 0) { + res.json({ status: 'error', message: 'Nickname is already in use' }); + return; + } + updateUserInfo(); + }); + } + + function updateUserInfo() { db.query('UPDATE users SET nickname = ?, updated_at = ? WHERE id = ?', [nickname, updated_at, req.session.userId], (err, result) => { if (err) { console.error('Error updating user in database: ' + err); @@ -727,6 +720,33 @@ app.put(API_PATH + '/user', checkAuth, (req, res) => { }); }); +// confirm email - confirm email with email verification key +// if the key is expired, send a new verification e-mail +app.get(API_PATH + '/user/email/verify/:email_verification_key', (req, res) => { + const email_verification_key = req.params.email_verification_key; + logger.info('Verifying email with email verification key: ' + email_verification_key); + db.query('SELECT * FROM users WHERE email_verification_key = ? AND email_verification_expires > ?', [email_verification_key, new Date()], (err, result) => { + if (err) { + console.error('Error querying database: ' + err); + res.status(500).send('Internal Server Error'); + return; + } + if (result.length === 0) { + res.json({ status: 'error', message: 'Invalid email verification key or expired' }); + return; + } + const user = result[0]; + db.query('UPDATE users SET email_verified = TRUE, email_verification_key = NULL, email_verification_expires = NULL WHERE id = ?', [user.id], (err, result) => { + if (err) { + console.error('Error updating email verification in database: ' + err); + res.status(500).send('Internal Server Error'); + return; + } + res.json({ status: 'success', message: 'Email verified' }); + }); + }); +}); + // create trainer setup app.post(API_PATH + '/trainer/setup', checkAuth, (req, res) => { const { name, url, setup_version, setup_class, setup_level } = req.body;