email changing, fix message box
This commit is contained in:
parent
497ac86980
commit
9441bfc74c
@ -1,5 +1,5 @@
|
|||||||
# IcyNet.eu
|
# IcyNet.eu
|
||||||
Icy Network Primary Web Application - Authentication and News - Coming Soon
|
Icy Network Primary Web Application - Authentication and News
|
||||||
|
|
||||||
## About Icy Network
|
## About Icy Network
|
||||||
Icy Network is a community network aimed at anyone who likes friendly discussions and playing multiplayer games, such as Minecraft.
|
Icy Network is a community network aimed at anyone who likes friendly discussions and playing multiplayer games, such as Minecraft.
|
||||||
@ -7,7 +7,6 @@ Icy Network is a community network aimed at anyone who likes friendly discussion
|
|||||||
### Currently IcyNet-owned community platforms
|
### Currently IcyNet-owned community platforms
|
||||||
* mc.icynet.eu - Minecraft Server
|
* mc.icynet.eu - Minecraft Server
|
||||||
* [Discord server](https://discord.gg/Xe7MKSx)
|
* [Discord server](https://discord.gg/Xe7MKSx)
|
||||||
* matrix.icynet.eu - Matrix server
|
|
||||||
* icynet.ml - IRC Network
|
* icynet.ml - IRC Network
|
||||||
|
|
||||||
## The Goal of this Application
|
## The Goal of this Application
|
||||||
|
@ -184,6 +184,19 @@ router.get('/user/manage/password', wrap(async (req, res) => {
|
|||||||
res.render('password_new')
|
res.render('password_new')
|
||||||
}))
|
}))
|
||||||
|
|
||||||
|
router.get('/user/manage/email', wrap(async (req, res) => {
|
||||||
|
if (!req.session.user) return res.redirect('/login')
|
||||||
|
|
||||||
|
let obfuscated = req.session.user.email
|
||||||
|
if (obfuscated) {
|
||||||
|
let split = obfuscated.split('@')
|
||||||
|
let rep = split[0].charAt(0) + '***' + split[0].charAt(split[0].length - 1)
|
||||||
|
obfuscated = rep + '@' + split[1]
|
||||||
|
}
|
||||||
|
|
||||||
|
res.render('email_change', {email: obfuscated})
|
||||||
|
}))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
=================
|
=================
|
||||||
POST HANDLING
|
POST HANDLING
|
||||||
@ -484,6 +497,53 @@ router.post('/user/manage/password', wrap(async (req, res, next) => {
|
|||||||
return res.redirect('/user/manage')
|
return res.redirect('/user/manage')
|
||||||
}))
|
}))
|
||||||
|
|
||||||
|
router.post('/user/manage/email', wrap(async (req, res, next) => {
|
||||||
|
if (!req.session.user) return next()
|
||||||
|
|
||||||
|
if (req.body.csrf !== req.session.csrf) {
|
||||||
|
return formError(req, res, 'Invalid session! Try reloading the page.')
|
||||||
|
}
|
||||||
|
|
||||||
|
let user = req.session.user
|
||||||
|
let email = req.body.email
|
||||||
|
let newEmail = req.body.email_new
|
||||||
|
let password = req.body.password
|
||||||
|
|
||||||
|
if (!password || !newEmail || (!email && user.email != null)) {
|
||||||
|
return formError(req, res, 'Please fill in all of the fields.')
|
||||||
|
}
|
||||||
|
|
||||||
|
if (req.session.user.email != null && email !== user.email) {
|
||||||
|
return formError(req, res, 'The email you provided is incorrect.')
|
||||||
|
}
|
||||||
|
|
||||||
|
let passwordMatch = await API.User.Login.password(user, password)
|
||||||
|
if (!passwordMatch) {
|
||||||
|
return formError(req, res, 'The password you provided is incorrect.')
|
||||||
|
}
|
||||||
|
|
||||||
|
let emailValid = API.User.Register.validateEmail(newEmail)
|
||||||
|
if (!emailValid) {
|
||||||
|
return formError(req, res, 'Invalid email address.')
|
||||||
|
}
|
||||||
|
|
||||||
|
let success = await API.User.update(user, {
|
||||||
|
email: newEmail
|
||||||
|
})
|
||||||
|
|
||||||
|
if (success.error) {
|
||||||
|
return formError(req, res, success.error)
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: Send necessary emails
|
||||||
|
console.warn('[SECURITY AUDIT] User \'%s\' email has been changed from %s', user.username, req.realIP)
|
||||||
|
|
||||||
|
req.session.user.email = newEmail
|
||||||
|
|
||||||
|
req.flash('message', {error: false, text: 'Email changed successfully.'})
|
||||||
|
return res.redirect('/user/manage')
|
||||||
|
}))
|
||||||
|
|
||||||
/*
|
/*
|
||||||
=============
|
=============
|
||||||
DOCUMENTS
|
DOCUMENTS
|
||||||
|
@ -339,6 +339,16 @@ span.divider
|
|||||||
color: #FF5722
|
color: #FF5722
|
||||||
font-weight: bold
|
font-weight: bold
|
||||||
|
|
||||||
|
.message
|
||||||
|
display: block
|
||||||
|
margin: 1px
|
||||||
|
padding: 5px
|
||||||
|
background-color: #a6ffb5
|
||||||
|
border: 1px solid green
|
||||||
|
&.error
|
||||||
|
background-color: #ff8484
|
||||||
|
border: 1px solid maroon
|
||||||
|
|
||||||
.application
|
.application
|
||||||
height: 140px
|
height: 140px
|
||||||
.picture
|
.picture
|
||||||
|
28
views/email_change.pug
Normal file
28
views/email_change.pug
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
extends layout.pug
|
||||||
|
block title
|
||||||
|
|Icy Network - Change User Email
|
||||||
|
|
||||||
|
block body
|
||||||
|
.wrapper
|
||||||
|
.boxcont
|
||||||
|
.box#totpcheck
|
||||||
|
h1 Change Your Email
|
||||||
|
if message.text
|
||||||
|
if message.error
|
||||||
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
|
else
|
||||||
|
.message
|
||||||
|
span #{message.text}
|
||||||
|
form#loginForm(method="POST", action="")
|
||||||
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
|
if email
|
||||||
|
label(for="email") Current Email Address
|
||||||
|
small Email Hint: #{email}
|
||||||
|
br
|
||||||
|
input(type="email", name="email", id="email")
|
||||||
|
label(for="email_new") New Email Address
|
||||||
|
input(type="email", name="email_new", id="email_new")
|
||||||
|
label(for="password") Password
|
||||||
|
input(type="password", name="password", id="password")
|
||||||
|
input(type="submit", value="Change")
|
@ -8,12 +8,13 @@ block body
|
|||||||
.box#login
|
.box#login
|
||||||
h1 Log in
|
h1 Log in
|
||||||
.left
|
.left
|
||||||
if message
|
if message.text
|
||||||
if message.error
|
if message.error
|
||||||
.message.error
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
else
|
else
|
||||||
.message
|
.message
|
||||||
span #{message.text}
|
span #{message.text}
|
||||||
form#loginForm(method="POST", action="")
|
form#loginForm(method="POST", action="")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
label(for="username") Username or Email Address
|
label(for="username") Username or Email Address
|
||||||
|
@ -8,12 +8,13 @@ block body
|
|||||||
.box#totpcheck
|
.box#totpcheck
|
||||||
h1 Enter your password
|
h1 Enter your password
|
||||||
small.descr This action requires your password to continue
|
small.descr This action requires your password to continue
|
||||||
if message
|
if message.text
|
||||||
if message.error
|
if message.error
|
||||||
.message.error
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
else
|
else
|
||||||
.message
|
.message
|
||||||
span #{message.text}
|
span #{message.text}
|
||||||
form#loginForm(method="POST", action="")
|
form#loginForm(method="POST", action="")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
label(for="password") Password
|
label(for="password") Password
|
||||||
|
@ -7,12 +7,13 @@ block body
|
|||||||
.boxcont
|
.boxcont
|
||||||
.box#totpcheck
|
.box#totpcheck
|
||||||
h1 Change Your Password
|
h1 Change Your Password
|
||||||
if message
|
if message.text
|
||||||
if message.error
|
if message.error
|
||||||
.message.error
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
else
|
else
|
||||||
.message
|
.message
|
||||||
span #{message.text}
|
span #{message.text}
|
||||||
form#loginForm(method="POST", action="")
|
form#loginForm(method="POST", action="")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
if !token
|
if !token
|
||||||
|
@ -8,12 +8,13 @@ block body
|
|||||||
.box#login
|
.box#login
|
||||||
h1 Create a new account
|
h1 Create a new account
|
||||||
.left
|
.left
|
||||||
if message
|
if message.text
|
||||||
if message.error
|
if message.error
|
||||||
.message.error
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
else
|
else
|
||||||
.message
|
.message
|
||||||
span #{message.text}
|
span #{message.text}
|
||||||
form#loginForm(method="POST", action="")
|
form#loginForm(method="POST", action="")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
label(for="username") Username
|
label(for="username") Username
|
||||||
|
@ -8,12 +8,13 @@ block body
|
|||||||
.box#settings
|
.box#settings
|
||||||
h1 User Settings
|
h1 User Settings
|
||||||
.left
|
.left
|
||||||
if message
|
if message.text
|
||||||
if message.error
|
if message.error
|
||||||
.message.error
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
else
|
else
|
||||||
.message
|
.message
|
||||||
span #{message.text}
|
span #{message.text}
|
||||||
form#loginForm(method="POST", action="")
|
form#loginForm(method="POST", action="")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
label(for="username") Username
|
label(for="username") Username
|
||||||
|
@ -8,12 +8,13 @@ block body
|
|||||||
.box#totpcheck
|
.box#totpcheck
|
||||||
h1 Enter Code
|
h1 Enter Code
|
||||||
small.descr This user has Two Factor Authentication enabled. Enter the code to log in.
|
small.descr This user has Two Factor Authentication enabled. Enter the code to log in.
|
||||||
if message
|
if message.text
|
||||||
if message.error
|
if message.error
|
||||||
.message.error
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
else
|
else
|
||||||
.message
|
.message
|
||||||
span #{message.text}
|
span #{message.text}
|
||||||
form#loginForm(method="POST", action="")
|
form#loginForm(method="POST", action="")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
label(for="code") Code
|
label(for="code") Code
|
||||||
|
@ -8,12 +8,13 @@ block body
|
|||||||
.box#login
|
.box#login
|
||||||
h1 Two Factor Authentication
|
h1 Two Factor Authentication
|
||||||
.left
|
.left
|
||||||
if message
|
if message.text
|
||||||
if message.error
|
if message.error
|
||||||
.message.error
|
.message.error
|
||||||
|
span #{message.text}
|
||||||
else
|
else
|
||||||
.message
|
.message
|
||||||
span #{message.text}
|
span #{message.text}
|
||||||
img.qr(src="//api.qrserver.com/v1/create-qr-code/?data=" + uri)
|
img.qr(src="//api.qrserver.com/v1/create-qr-code/?data=" + uri)
|
||||||
form#totpForm(method="POST", action="")
|
form#totpForm(method="POST", action="")
|
||||||
input(type="hidden", name="csrf", value=csrf)
|
input(type="hidden", name="csrf", value=csrf)
|
||||||
|
Reference in New Issue
Block a user