mirror of
				https://gitlab.com/comunic/comunicapiv2
				synced 2025-10-25 06:34:42 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			174 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
	
	
			
		
		
	
	
			174 lines
		
	
	
		
			4.2 KiB
		
	
	
	
		
			TypeScript
		
	
	
	
	
	
| import { RequestHandler } from "../entities/RequestHandler";
 | |
| import { AccountHelper } from "../helpers/AccountHelper";
 | |
| import { UserHelper } from "../helpers/UserHelper";
 | |
| 
 | |
| /**
 | |
|  * Account controller
 | |
|  * 
 | |
|  * @author Pierre HUBERT
 | |
|  */
 | |
| 
 | |
| export class AccountController {
 | |
| 
 | |
| 	/**
 | |
| 	 * Attempt to login user
 | |
| 	 * 
 | |
| 	 * @param handler 
 | |
| 	 */
 | |
| 	public static async LoginUser(handler: RequestHandler) {
 | |
| 
 | |
| 		// Get post data
 | |
| 		const email = handler.postEmail("userMail");
 | |
| 		const password = handler.postString("userPassword");
 | |
| 
 | |
| 		// TODO : add limits
 | |
| 
 | |
| 		// Authenticate user
 | |
| 		const tokens = await AccountHelper.LoginUser(email, password, handler.getClientInfo());
 | |
| 
 | |
| 		if(tokens == null) {
 | |
| 			// TODO : add limits
 | |
| 
 | |
| 			handler.error(401, "Invalid e-mail address / password !");
 | |
| 		}
 | |
| 
 | |
| 		// Success
 | |
| 		handler.send({
 | |
| 			success: "User signed in!",
 | |
| 			tokens: {
 | |
| 				token1: tokens.token1,
 | |
| 				token2: tokens.token2
 | |
| 			}
 | |
| 		});
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Disconnect user
 | |
| 	 * 
 | |
| 	 * @param handler 
 | |
| 	 */
 | |
| 	public static async LogoutUser(handler: RequestHandler) {
 | |
| 
 | |
| 		await AccountHelper.DestroyUserTokens(handler.getClientInfo(), 
 | |
| 			handler.getUserId());
 | |
| 
 | |
| 		handler.success("User has been disconnected!");
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Get current user ID
 | |
| 	 * 
 | |
| 	 * @param handler
 | |
| 	 */
 | |
| 	public static CurrentUserID(handler: RequestHandler) {
 | |
| 		handler.send({
 | |
| 			userID: handler.getUserId()
 | |
| 		});
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Check out whether an email is associated to an account
 | |
| 	 * or not
 | |
| 	 * 
 | |
| 	 * @param h Request handler
 | |
| 	 */
 | |
| 	public static async ExistsMail(h: RequestHandler) {
 | |
| 		const email = h.postEmail("email");
 | |
| 
 | |
| 		h.send({
 | |
| 			exists: await AccountHelper.ExistsEmail(email)
 | |
| 		})
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Check if an account associated with an email address has
 | |
| 	 * setup security questions or not
 | |
| 	 * 
 | |
| 	 * @param h Request handler
 | |
| 	 */
 | |
| 	public static async HasSecurityQuestions(h: RequestHandler) {
 | |
| 		const userID = await h.postUserIdFromEmail("email");
 | |
| 		const settings = await UserHelper.GetUserInfo(userID);
 | |
| 
 | |
| 		h.send({
 | |
| 			defined: settings.hasSecurityQuestions
 | |
| 		})
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Get the security questions of a user, in order to reset its
 | |
| 	 * password
 | |
| 	 * 
 | |
| 	 * @param h Request handler
 | |
| 	 */
 | |
| 	public static async GetSecurityQuestions(h: RequestHandler) {
 | |
| 		const userID = await h.postUserIdFromEmail("email");
 | |
| 		const settings = await UserHelper.GetUserInfo(userID);
 | |
| 
 | |
| 		if(!settings.hasSecurityQuestions)
 | |
| 			h.error(401, "Specified user has not setup security questions !");
 | |
| 		
 | |
| 		h.send({
 | |
| 			questions: [
 | |
| 				settings.security_question_1,
 | |
| 				settings.security_question_2
 | |
| 			]
 | |
| 		})
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Check the answer given by the user
 | |
| 	 * 
 | |
| 	 * @param h Request handler
 | |
| 	 */
 | |
| 	public static async CheckSecurityAnswers(h: RequestHandler) {
 | |
| 		const userID = await h.postUserIdFromEmail("email");
 | |
| 		const settings = await UserHelper.GetUserInfo(userID);
 | |
| 
 | |
| 		if(!settings.hasSecurityQuestions)
 | |
| 			h.error(401, "Specified user has not setup security questions !");
 | |
| 		
 | |
| 		// Get the answers of the user
 | |
| 		const answers = h.postString("answers", 3).split("&")
 | |
| 			.map((e) => decodeURIComponent(e).toLowerCase().trim());
 | |
| 
 | |
| 		if(answers.length != 2)
 | |
| 			h.error(401, "Please specify two security answers !");
 | |
| 		
 | |
| 		// Check the answers
 | |
| 		if(answers[0] != settings.security_answer_1.toLowerCase().trim() ||
 | |
| 			answers[1] != settings.security_answer_2.toLowerCase().trim())
 | |
| 			h.error(401, "Specified ecurity answers are invalid!");
 | |
| 
 | |
| 		// If we get there, security answers are valid, we can create a password reset token
 | |
| 		h.send({
 | |
| 			reset_token: await AccountHelper.GenerateNewPasswordResetToken(userID)
 | |
| 		});
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Check the validity of a password reset Token
 | |
| 	 * 
 | |
| 	 * @param h Request handler
 | |
| 	 */
 | |
| 	public static async CheckPasswordResetToken(h: RequestHandler) {
 | |
| 		await this.GetUserIDFromPasswordResetToken(h, "token");
 | |
| 		h.success("The token is valid.");
 | |
| 	}
 | |
| 
 | |
| 	/**
 | |
| 	 * Get the user ID associated to a password reset token
 | |
| 	 * 
 | |
| 	 * @param h Request handler
 | |
| 	 * @param name The name of the POST field containing the token
 | |
| 	 */
 | |
| 	private static async GetUserIDFromPasswordResetToken(h: RequestHandler, name: string) : Promise<number> {
 | |
| 		const token = h.postString(name, 10);
 | |
| 		const userID = await AccountHelper.GetUserIDFromPasswordResetToken(token);
 | |
| 
 | |
| 		if(userID < 1)
 | |
| 			h.error(401, "Invalid password reset token!");
 | |
| 		
 | |
| 		return userID;
 | |
| 	}
 | |
| } |