hostr/web/routes/user.js

import {
  authenticate, setupSession, signup as signupUser, activateUser, sendResetToken,
  validateResetToken, updatePassword,
} from '../lib/auth';
import models from '../../models';
import debugname from 'debug';
const debug = debugname('hostr-web:user');

export function* signin() {
  if (!this.request.body.email) {
    yield this.render('signin', { csrf: this.csrf });
    return;
  }

  this.statsd.incr('auth.attempt', 1);
  this.assertCSRF(this.request.body);
  const user = yield authenticate.call(this, this.request.body.email, this.request.body.password);
  if (!user) {
    this.statsd.incr('auth.failure', 1);
    yield this.render('signin', { error: 'Invalid login details', csrf: this.csrf });
    return;
  } else if (user.activationCode) {
    yield this.render('signin', {
      error: 'Your account hasn\'t been activated yet. Check your for an activation email.',
      csrf: this.csrf,
    });
    return;
  }
  this.statsd.incr('auth.success', 1);
  yield setupSession.call(this, user);
  this.redirect('/');
}


export function* signup() {
  if (!this.request.body.email) {
    yield this.render('signup', { csrf: this.csrf });
    return;
  }

  this.assertCSRF(this.request.body);
  if (this.request.body.email !== this.request.body.confirm_email) {
    yield this.render('signup', { error: 'Emails do not match.', csrf: this.csrf });
    return;
  } else if (this.request.body.email && !this.request.body.terms) {
    yield this.render('signup', { error: 'You must agree to the terms of service.',
      csrf: this.csrf });
    return;
  } else if (this.request.body.password && this.request.body.password.length < 7) {
    yield this.render('signup', { error: 'Password must be at least 7 characters long.',
      csrf: this.csrf });
    return;
  }
  const ip = this.headers['x-real-ip'] || this.ip;
  const email = this.request.body.email;
  const password = this.request.body.password;
  try {
    yield signupUser.call(this, email, password, ip);
  } catch (e) {
    yield this.render('signup', { error: e.message, csrf: this.csrf });
    return;
  }
  this.statsd.incr('auth.signup', 1);
  yield this.render('signup', {
    message: 'Thanks for signing up, we\'ve sent you an email to activate your account.',
    csrf: '',
  });
  return;
}


export function* forgot() {
  const token = this.params.token;

  if (this.request.body.password) {
    if (this.request.body.password.length < 7) {
      yield this.render('forgot', {
        error: 'Password needs to be at least 7 characters long.',
        csrf: this.csrf,
        token,
      });
      return;
    }
    this.assertCSRF(this.request.body);
    const user = yield validateResetToken(token);
    yield updatePassword(user.id, this.request.body.password);
    yield models.reset.deleteById(token);
    yield setupSession(this, user);
    this.statsd.incr('auth.reset.success', 1);
    this.redirect('/');
  } else if (token) {
    const tokenUser = yield validateResetToken(token);
    if (!tokenUser) {
      this.statsd.incr('auth.reset.fail', 1);
      yield this.render('forgot', {
        error: 'Invalid password reset token. It might be expired, or has already been used.',
        csrf: this.csrf,
        token: null,
      });
      return;
    }
    yield this.render('forgot', { csrf: this.csrf, token });
    return;
  } else if (this.request.body.email) {
    this.assertCSRF(this.request.body);
    try {
      const email = this.request.body.email;
      yield sendResetToken.call(this, email);
      this.statsd.incr('auth.reset.request', 1);
      yield this.render('forgot', {
        message: `We've sent an email with a link to reset your password.
        Be sure to check your spam folder if you it doesn't appear within a few minutes`,
        csrf: this.csrf,
        token: null,
      });
      return;
    } catch (error) {
      debug(error);
    }
  } else {
    yield this.render('forgot', { csrf: this.csrf, token: null });
  }
}


export function* logout() {
  this.statsd.incr('auth.logout', 1);
  this.cookies.set('r', { expires: new Date(1), path: '/' });
  this.session = null;
  this.redirect('/');
}


export function* activate() {
  const code = this.params.code;
  if (yield activateUser.call(this, code)) {
    this.statsd.incr('auth.activation', 1);
    this.redirect('/');
  } else {
    this.throw(400);
  }
}
Get linting passing again 2016-06-06 15:37:00 +01:00			`import {`
			`authenticate, setupSession, signup as signupUser, activateUser, sendResetToken,`
			`validateResetToken, updatePassword,`
			`} from '../lib/auth';`
Postgres. 2016-06-19 10:14:47 -07:00			`import models from '../../models';`
Fix password reset 2015-08-23 16:50:40 +01:00			`import debugname from 'debug';`
			`const debug = debugname('hostr-web:user');`
Initial commit. 2015-07-09 23:01:43 +01:00
			`export function* signin() {`
			`if (!this.request.body.email) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signin', { csrf: this.csrf });`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Add csrf checking for cookie posts, fix file hotlinking 2015-08-10 11:44:47 +01:00
Add CSRF protection. 2015-08-22 23:07:34 +01:00			`this.statsd.incr('auth.attempt', 1);`
			`this.assertCSRF(this.request.body);`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`const user = yield authenticate.call(this, this.request.body.email, this.request.body.password);`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`if (!user) {`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('auth.failure', 1);`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signin', { error: 'Invalid login details', csrf: this.csrf });`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`} else if (user.activationCode) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signin', {`
			`error: 'Your account hasn\'t been activated yet. Check your for an activation email.',`
			`csrf: this.csrf,`
			`});`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`this.statsd.incr('auth.success', 1);`
			`yield setupSession.call(this, user);`
			`this.redirect('/');`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`


			`export function* signup() {`
			`if (!this.request.body.email) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signup', { csrf: this.csrf });`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`

Add CSRF protection. 2015-08-22 23:07:34 +01:00			`this.assertCSRF(this.request.body);`
Initial commit. 2015-07-09 23:01:43 +01:00			`if (this.request.body.email !== this.request.body.confirm_email) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signup', { error: 'Emails do not match.', csrf: this.csrf });`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`} else if (this.request.body.email && !this.request.body.terms) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signup', { error: 'You must agree to the terms of service.',`
			`csrf: this.csrf });`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`} else if (this.request.body.password && this.request.body.password.length < 7) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signup', { error: 'Password must be at least 7 characters long.',`
			`csrf: this.csrf });`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
			`const ip = this.headers['x-real-ip'] \|\| this.ip;`
			`const email = this.request.body.email;`
			`const password = this.request.body.password;`
			`try {`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`yield signupUser.call(this, email, password, ip);`
Initial commit. 2015-07-09 23:01:43 +01:00			`} catch (e) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signup', { error: e.message, csrf: this.csrf });`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('auth.signup', 1);`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('signup', {`
			`message: 'Thanks for signing up, we\'ve sent you an email to activate your account.',`
			`csrf: '',`
			`});`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`


Add CSRF protection. 2015-08-22 23:07:34 +01:00			`export function* forgot() {`
			`const token = this.params.token;`

Fix password reset 2015-08-23 16:50:40 +01:00			`if (this.request.body.password) {`
Initial commit. 2015-07-09 23:01:43 +01:00			`if (this.request.body.password.length < 7) {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('forgot', {`
			`error: 'Password needs to be at least 7 characters long.',`
			`csrf: this.csrf,`
			`token,`
			`});`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Fix password reset 2015-08-23 16:50:40 +01:00			`this.assertCSRF(this.request.body);`
Postgres. 2016-06-19 10:14:47 -07:00			`const user = yield validateResetToken(token);`
			`yield updatePassword(user.id, this.request.body.password);`
			`yield models.reset.deleteById(token);`
			`yield setupSession(this, user);`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('auth.reset.success', 1);`
Initial commit. 2015-07-09 23:01:43 +01:00			`this.redirect('/');`
Fix password reset 2015-08-23 16:50:40 +01:00			`} else if (token) {`
Postgres. 2016-06-19 10:14:47 -07:00			`const tokenUser = yield validateResetToken(token);`
Initial commit. 2015-07-09 23:01:43 +01:00			`if (!tokenUser) {`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('auth.reset.fail', 1);`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('forgot', {`
			`error: 'Invalid password reset token. It might be expired, or has already been used.',`
			`csrf: this.csrf,`
			`token: null,`
			`});`
			`return;`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('forgot', { csrf: this.csrf, token });`
			`return;`
Fix password reset 2015-08-23 16:50:40 +01:00			`} else if (this.request.body.email) {`
			`this.assertCSRF(this.request.body);`
			`try {`
Apply Javascript styleguide 2015-08-23 22:12:32 +01:00			`const email = this.request.body.email;`
Fix password reset 2015-08-23 16:50:40 +01:00			`yield sendResetToken.call(this, email);`
			`this.statsd.incr('auth.reset.request', 1);`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('forgot', {`
			message: `We've sent an email with a link to reset your password.
			Be sure to check your spam folder if you it doesn't appear within a few minutes`,
			`csrf: this.csrf,`
			`token: null,`
			`});`
			`return;`
Fix password reset 2015-08-23 16:50:40 +01:00			`} catch (error) {`
			`debug(error);`
			`}`
Initial commit. 2015-07-09 23:01:43 +01:00			`} else {`
Get linting passing again 2016-06-06 15:37:00 +01:00			`yield this.render('forgot', { csrf: this.csrf, token: null });`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`
			`}`


			`export function* logout() {`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('auth.logout', 1);`
Get linting passing again 2016-06-06 15:37:00 +01:00			`this.cookies.set('r', { expires: new Date(1), path: '/' });`
Initial commit. 2015-07-09 23:01:43 +01:00			`this.session = null;`
			`this.redirect('/');`
			`}`


Add CSRF protection. 2015-08-22 23:07:34 +01:00			`export function* activate() {`
			`const code = this.params.code;`
Migrate from koa-route to koa-router 2015-08-22 16:16:15 +01:00			`if (yield activateUser.call(this, code)) {`
Add more stat collection 2015-08-09 17:21:39 +01:00			`this.statsd.incr('auth.activation', 1);`
Add CSRF protection. 2015-08-22 23:07:34 +01:00			`this.redirect('/');`
			`} else {`
			`this.throw(400);`
Add more stat collection 2015-08-09 17:21:39 +01:00			`}`
Initial commit. 2015-07-09 23:01:43 +01:00			`}`