1
0
mirror of https://gitlab.com/comunic/comunicapiv2 synced 2024-11-27 15:59:22 +00:00
comunicapiv2/src/controllers/AccountController.ts

193 lines
4.7 KiB
TypeScript
Raw Normal View History

2019-11-22 07:50:15 +00:00
import { RequestHandler } from "../entities/RequestHandler";
2019-11-23 12:16:28 +00:00
import { AccountHelper } from "../helpers/AccountHelper";
import { UserHelper } from "../helpers/UserHelper";
2019-11-22 07:50:15 +00:00
/**
* Account controller
*
* @author Pierre HUBERT
*/
export class AccountController {
/**
* Attempt to login user
*
* @param handler
*/
2019-11-23 12:16:28 +00:00
public static async LoginUser(handler: RequestHandler) {
2019-11-22 07:50:15 +00:00
2019-11-23 12:16:28 +00:00
// Get post data
const email = handler.postEmail("userMail");
const password = handler.postString("userPassword");
// TODO : add limits
// Authenticate user
const tokens = await AccountHelper.LoginUser(email, password, handler.getClientInfo());
if(tokens == null) {
// TODO : add limits
handler.error(401, "Invalid e-mail address / password !");
}
// Success
handler.send({
success: "User signed in!",
tokens: {
token1: tokens.token1,
token2: tokens.token2
}
});
2019-11-22 07:50:15 +00:00
}
2019-11-23 13:03:14 +00:00
/**
* Disconnect user
*
* @param handler
*/
public static async LogoutUser(handler: RequestHandler) {
await AccountHelper.DestroyUserTokens(handler.getClientInfo(),
handler.getUserId());
handler.success("User has been disconnected!");
}
2019-11-23 12:48:16 +00:00
/**
* Get current user ID
*
* @param handler
*/
public static CurrentUserID(handler: RequestHandler) {
handler.send({
userID: handler.getUserId()
});
}
/**
* Check out whether an email is associated to an account
* or not
*
* @param h Request handler
*/
public static async ExistsMail(h: RequestHandler) {
const email = h.postEmail("email");
h.send({
exists: await AccountHelper.ExistsEmail(email)
})
}
/**
* Check if an account associated with an email address has
* setup security questions or not
*
* @param h Request handler
*/
public static async HasSecurityQuestions(h: RequestHandler) {
const userID = await h.postUserIdFromEmail("email");
const settings = await UserHelper.GetUserInfo(userID);
h.send({
defined: settings.hasSecurityQuestions
})
}
2019-12-30 07:16:10 +00:00
/**
* Get the security questions of a user, in order to reset its
* password
*
* @param h Request handler
*/
public static async GetSecurityQuestions(h: RequestHandler) {
const userID = await h.postUserIdFromEmail("email");
const settings = await UserHelper.GetUserInfo(userID);
if(!settings.hasSecurityQuestions)
h.error(401, "Specified user has not setup security questions !");
h.send({
questions: [
settings.security_question_1,
settings.security_question_2
]
})
}
2019-12-30 07:36:55 +00:00
/**
* Check the answer given by the user
*
* @param h Request handler
*/
public static async CheckSecurityAnswers(h: RequestHandler) {
const userID = await h.postUserIdFromEmail("email");
const settings = await UserHelper.GetUserInfo(userID);
if(!settings.hasSecurityQuestions)
h.error(401, "Specified user has not setup security questions !");
// Get the answers of the user
const answers = h.postString("answers", 3).split("&")
.map((e) => decodeURIComponent(e).toLowerCase().trim());
if(answers.length != 2)
h.error(401, "Please specify two security answers !");
// Check the answers
if(answers[0] != settings.security_answer_1.toLowerCase().trim() ||
answers[1] != settings.security_answer_2.toLowerCase().trim())
h.error(401, "Specified ecurity answers are invalid!");
// If we get there, security answers are valid, we can create a password reset token
h.send({
reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
});
}
2019-12-30 11:11:33 +00:00
/**
* Check the validity of a password reset Token
*
* @param h Request handler
*/
public static async CheckPasswordResetToken(h: RequestHandler) {
2019-12-30 12:20:24 +00:00
// We just get user ID to check the validity of the token
2019-12-30 11:11:33 +00:00
await this.GetUserIDFromPasswordResetToken(h, "token");
h.success("The token is valid.");
}
2019-12-30 12:20:24 +00:00
/**
* Reset user password
*
* @param h Request handler
*/
public static async ResetUserPassword(h: RequestHandler) {
const userID = await this.GetUserIDFromPasswordResetToken(h, "token");
const newPassword = h.postString("password", 3);
// Set new password
await AccountHelper.ChangePassword(userID, newPassword);
// Destroy reset token
await AccountHelper.DestroyPasswordResetTokenForUser(userID);
h.success("Password changed!");
}
2019-12-30 11:11:33 +00:00
/**
* Get the user ID associated to a password reset token
*
* @param h Request handler
* @param name The name of the POST field containing the token
*/
private static async GetUserIDFromPasswordResetToken(h: RequestHandler, name: string) : Promise<number> {
const token = h.postString(name, 10);
const userID = await AccountHelper.GetUserIDFromPasswordResetToken(token);
if(userID < 1)
h.error(401, "Invalid password reset token!");
return userID;
}
2019-11-22 07:50:15 +00:00
}