import { RequestHandler } from "../entities/RequestHandler"; import { AccountHelper } from "../helpers/AccountHelper"; import { UserHelper } from "../helpers/UserHelper"; /** * Account controller * * @author Pierre HUBERT */ export class AccountController { /** * Attempt to login user * * @param handler */ public static async LoginUser(handler: RequestHandler) { // Get post data const email = handler.postEmail("userMail"); const password = handler.postString("userPassword"); // TODO : add limits // Authenticate user const tokens = await AccountHelper.LoginUser(email, password, handler.getClientInfo()); if(tokens == null) { // TODO : add limits handler.error(401, "Invalid e-mail address / password !"); } // Success handler.send({ success: "User signed in!", tokens: { token1: tokens.token1, token2: tokens.token2 } }); } /** * Disconnect user * * @param handler */ public static async LogoutUser(handler: RequestHandler) { await AccountHelper.DestroyUserTokens(handler.getClientInfo(), handler.getUserId()); handler.success("User has been disconnected!"); } /** * Get current user ID * * @param handler */ public static CurrentUserID(handler: RequestHandler) { handler.send({ userID: handler.getUserId() }); } /** * Check out whether an email is associated to an account * or not * * @param h Request handler */ public static async ExistsMail(h: RequestHandler) { const email = h.postEmail("email"); h.send({ exists: await AccountHelper.ExistsEmail(email) }) } /** * Check if an account associated with an email address has * setup security questions or not * * @param h Request handler */ public static async HasSecurityQuestions(h: RequestHandler) { const userID = await h.postUserIdFromEmail("email"); const settings = await UserHelper.GetUserInfo(userID); h.send({ defined: settings.hasSecurityQuestions }) } /** * Get the security questions of a user, in order to reset its * password * * @param h Request handler */ public static async GetSecurityQuestions(h: RequestHandler) { const userID = await h.postUserIdFromEmail("email"); const settings = await UserHelper.GetUserInfo(userID); if(!settings.hasSecurityQuestions) h.error(401, "Specified user has not setup security questions !"); h.send({ questions: [ settings.security_question_1, settings.security_question_2 ] }) } /** * Check the answer given by the user * * @param h Request handler */ public static async CheckSecurityAnswers(h: RequestHandler) { const userID = await h.postUserIdFromEmail("email"); const settings = await UserHelper.GetUserInfo(userID); if(!settings.hasSecurityQuestions) h.error(401, "Specified user has not setup security questions !"); // Get the answers of the user const answers = h.postString("answers", 3).split("&") .map((e) => decodeURIComponent(e).toLowerCase().trim()); if(answers.length != 2) h.error(401, "Please specify two security answers !"); // Check the answers if(answers[0] != settings.security_answer_1.toLowerCase().trim() || answers[1] != settings.security_answer_2.toLowerCase().trim()) h.error(401, "Specified ecurity answers are invalid!"); // If we get there, security answers are valid, we can create a password reset token h.send({ reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID) }); } /** * Check the validity of a password reset Token * * @param h Request handler */ public static async CheckPasswordResetToken(h: RequestHandler) { // We just get user ID to check the validity of the token await this.GetUserIDFromPasswordResetToken(h, "token"); h.success("The token is valid."); } /** * Reset user password * * @param h Request handler */ public static async ResetUserPassword(h: RequestHandler) { const userID = await this.GetUserIDFromPasswordResetToken(h, "token"); const newPassword = h.postString("password", 3); // Set new password await AccountHelper.ChangePassword(userID, newPassword); // Destroy reset token await AccountHelper.DestroyPasswordResetTokenForUser(userID); h.success("Password changed!"); } /** * Get the user ID associated to a password reset token * * @param h Request handler * @param name The name of the POST field containing the token */ private static async GetUserIDFromPasswordResetToken(h: RequestHandler, name: string) : Promise { const token = h.postString(name, 10); const userID = await AccountHelper.GetUserIDFromPasswordResetToken(token); if(userID < 1) h.error(401, "Invalid password reset token!"); return userID; } }