email changing, fix message box

README.md

@@ -1,5 +1,5 @@
 # IcyNet.eu
-Icy Network Primary Web Application - Authentication and News - Coming Soon
+Icy Network Primary Web Application - Authentication and News
 
 ## About Icy Network
 Icy Network is a community network aimed at anyone who likes friendly discussions and playing multiplayer games, such as Minecraft.
@@ -7,7 +7,6 @@ Icy Network is a community network aimed at anyone who likes friendly discussion
 ### Currently IcyNet-owned community platforms
 * mc.icynet.eu - Minecraft Server
 * [Discord server](https://discord.gg/Xe7MKSx)
-* matrix.icynet.eu - Matrix server
 * icynet.ml - IRC Network
 
 ## The Goal of this Application

server/routes/index.js

@@ -184,6 +184,19 @@ router.get('/user/manage/password', wrap(async (req, res) => {
   res.render('password_new')
 }))
 
+router.get('/user/manage/email', wrap(async (req, res) => {
+  if (!req.session.user) return res.redirect('/login')
+
+  let obfuscated = req.session.user.email
+  if (obfuscated) {
+    let split = obfuscated.split('@')
+    let rep = split[0].charAt(0) + '***' + split[0].charAt(split[0].length - 1)
+    obfuscated = rep + '@' + split[1]
+  }
+
+  res.render('email_change', {email: obfuscated})
+}))
+
 /*
   =================
     POST HANDLING
@@ -484,6 +497,53 @@ router.post('/user/manage/password', wrap(async (req, res, next) => {
   return res.redirect('/user/manage')
 }))
 
+router.post('/user/manage/email', wrap(async (req, res, next) => {
+  if (!req.session.user) return next()
+
+  if (req.body.csrf !== req.session.csrf) {
+    return formError(req, res, 'Invalid session! Try reloading the page.')
+  }
+
+  let user = req.session.user
+  let email = req.body.email
+  let newEmail = req.body.email_new
+  let password = req.body.password
+
+  if (!password || !newEmail || (!email && user.email != null)) {
+    return formError(req, res, 'Please fill in all of the fields.')
+  }
+
+  if (req.session.user.email != null && email !== user.email) {
+    return formError(req, res, 'The email you provided is incorrect.')
+  }
+
+  let passwordMatch = await API.User.Login.password(user, password)
+  if (!passwordMatch) {
+    return formError(req, res, 'The password you provided is incorrect.')
+  }
+
+  let emailValid = API.User.Register.validateEmail(newEmail)
+  if (!emailValid) {
+    return formError(req, res, 'Invalid email address.')
+  }
+
+  let success = await API.User.update(user, {
+    email: newEmail
+  })
+
+  if (success.error) {
+    return formError(req, res, success.error)
+  }
+
+  // TODO: Send necessary emails
+  console.warn('[SECURITY AUDIT] User \'%s\' email has been changed from %s', user.username, req.realIP)
+
+  req.session.user.email = newEmail
+
+  req.flash('message', {error: false, text: 'Email changed successfully.'})
+  return res.redirect('/user/manage')
+}))
+
 /*
   =============
     DOCUMENTS

src/style/main.styl

@@ -339,6 +339,16 @@ span.divider
     color: #FF5722
     font-weight: bold
 
+.message
+    display: block
+    margin: 1px
+    padding: 5px
+    background-color: #a6ffb5
+    border: 1px solid green
+    &.error
+        background-color: #ff8484
+        border: 1px solid maroon
+
 .application
     height: 140px
     .picture

views/email_change.pug

@@ -0,0 +1,28 @@
+extends layout.pug
+block title
+	|Icy Network - Change User Email
+
+block body
+	.wrapper
+		.boxcont
+			.box#totpcheck
+				h1 Change Your Email
+				if message.text
+					if message.error
+						.message.error
+							span #{message.text}
+					else
+						.message
+							span #{message.text}
+				form#loginForm(method="POST", action="")
+					input(type="hidden", name="csrf", value=csrf)
+					if email
+						label(for="email") Current Email Address
+						small Email Hint: #{email}
+						br
+						input(type="email", name="email", id="email")
+					label(for="email_new") New Email Address
+					input(type="email", name="email_new", id="email_new")
+					label(for="password") Password
+					input(type="password", name="password", id="password")
+					input(type="submit", value="Change")

views/login.pug

@@ -8,12 +8,13 @@ block body
 			.box#login
 				h1 Log in
 				.left
-					if message
+					if message.text
 						if message.error
 							.message.error
+								span #{message.text}
 						else
 							.message
-						span #{message.text}
+								span #{message.text}
 					form#loginForm(method="POST", action="")
 						input(type="hidden", name="csrf", value=csrf)
 						label(for="username") Username or Email Address

views/password.pug

@@ -8,12 +8,13 @@ block body
 			.box#totpcheck
 				h1 Enter your password
 				small.descr This action requires your password to continue
-				if message
+				if message.text
 					if message.error
 						.message.error
+							span #{message.text}
 					else
 						.message
-					span #{message.text}
+							span #{message.text}
 				form#loginForm(method="POST", action="")
 					input(type="hidden", name="csrf", value=csrf)
 					label(for="password") Password

views/password_new.pug

@@ -7,12 +7,13 @@ block body
 		.boxcont
 			.box#totpcheck
 				h1 Change Your Password
-				if message
+				if message.text
 					if message.error
 						.message.error
+							span #{message.text}
 					else
 						.message
-					span #{message.text}
+							span #{message.text}
 				form#loginForm(method="POST", action="")
 					input(type="hidden", name="csrf", value=csrf)
 					if !token

views/register.pug

@@ -8,12 +8,13 @@ block body
 			.box#login
 				h1 Create a new account
 				.left
-					if message
+					if message.text
 						if message.error
 							.message.error
+								span #{message.text}
 						else
 							.message
-						span #{message.text}
+								span #{message.text}
 					form#loginForm(method="POST", action="")
 						input(type="hidden", name="csrf", value=csrf)
 						label(for="username") Username

views/settings.pug

@@ -8,12 +8,13 @@ block body
 			.box#settings
 				h1 User Settings
 				.left
-					if message
+					if message.text
 						if message.error
 							.message.error
+								span #{message.text}
 						else
 							.message
-						span #{message.text}
+								span #{message.text}
 					form#loginForm(method="POST", action="")
 						input(type="hidden", name="csrf", value=csrf)
 						label(for="username") Username

views/totp-check.pug

@@ -8,12 +8,13 @@ block body
 			.box#totpcheck
 				h1 Enter Code
 				small.descr This user has Two Factor Authentication enabled. Enter the code to log in.
-				if message
+				if message.text
 					if message.error
 						.message.error
+							span #{message.text}
 					else
 						.message
-					span #{message.text}
+							span #{message.text}
 				form#loginForm(method="POST", action="")
 					input(type="hidden", name="csrf", value=csrf)
 					label(for="code") Code

views/totp.pug

@@ -8,12 +8,13 @@ block body
 			.box#login
 				h1 Two Factor Authentication
 				.left
-					if message
+					if message.text
 						if message.error
 							.message.error
+								span #{message.text}
 						else
 							.message
-						span #{message.text}
+								span #{message.text}
 					img.qr(src="//api.qrserver.com/v1/create-qr-code/?data=" + uri)
 					form#totpForm(method="POST", action="")
 						input(type="hidden", name="csrf", value=csrf)