freeCodeCamp/server/boot/user.js

import dedent from 'dedent';
import debugFactory from 'debug';
import { curry } from 'lodash';

import {
  ifNoUser401,
  ifNoUserRedirectTo,
  ifNotVerifiedRedirectToUpdateEmail
} from '../utils/middleware';

const debug = debugFactory('fcc:boot:user');
const sendNonUserToHome = ifNoUserRedirectTo('/');
const sendNonUserToHomeWithMessage = curry(ifNoUserRedirectTo, 2)('/');

module.exports = function(app) {
  const router = app.loopback.Router();
  const api = app.loopback.Router();
  const { Email, User } = app.models;

  api.post(
    '/account/delete',
    ifNoUser401,
    postDeleteAccount
  );
  api.get(
    '/account',
    sendNonUserToHome,
    getAccount
  );
  api.post(
    '/account/reset-progress',
    ifNoUser401,
    postResetProgress
  );
  api.get(
    '/account/unlink/:social',
    sendNonUserToHome,
    getUnlinkSocial
  );

  // Ensure these are the last routes!
  router.get(
    '/user/:username/report-user/',
    sendNonUserToHomeWithMessage('You must be signed in to report a user'),
    ifNotVerifiedRedirectToUpdateEmail,
    getReportUserProfile
  );

  api.post(
    '/user/:username/report-user/',
    ifNoUser401,
    postReportUserProfile
  );

  app.use(router);
  app.use(api);

  function getAccount(req, res) {
    const { username } = req.user;
    return res.redirect('/' + username);
  }

  function getUnlinkSocial(req, res, next) {
    const { user } = req;
    const { username } = user;

    let social = req.params.social;
    if (!social) {
      req.flash('danger', 'No social account found');
      return res.redirect('/' + username);
    }

    social = social.toLowerCase();
    const validSocialAccounts = ['twitter', 'linkedin'];
    if (validSocialAccounts.indexOf(social) === -1) {
      req.flash('danger', 'Invalid social account');
      return res.redirect('/' + username);
    }

    if (!user[social]) {
      req.flash('danger', `No ${social} account associated`);
      return res.redirect('/' + username);
    }

    const query = {
      where: {
        provider: social
      }
    };

    return user.identities(query, function(err, identities) {
      if (err) { return next(err); }

      // assumed user identity is unique by provider
      let identity = identities.shift();
      if (!identity) {
        req.flash('danger', 'No social account found');
        return res.redirect('/' + username);
      }

      return identity.destroy(function(err) {
        if (err) { return next(err); }

        const updateData = { [social]: null };

        return user.update$(updateData)
          .subscribe(() => {
            debug(`${social} has been unlinked successfully`);

            req.flash('info', `You've successfully unlinked your ${social}.`);
            return res.redirect('/' + username);
          }, next);
      });
    });
  }

  function postDeleteAccount(req, res, next) {
    User.destroyById(req.user.id, function(err) {
      if (err) { return next(err); }
      req.logout();
      req.flash('success', 'You have successfully deleted your account.');
      res.clearCookie('jwt_access_token');
      res.clearCookie('access_token');
      res.clearCookie('userId');
      res.clearCookie('_csrf');
      return res.status(200).end();
    });
  }

  function postResetProgress(req, res, next) {
    User.findById(req.user.id, function(err, user) {
      if (err) { return next(err); }
      return user.update$({
        progressTimestamps: [{
          timestamp: Date.now()
        }],
        currentChallengeId: '',
        isRespWebDesignCert: false,
        is2018DataVisCert: false,
        isFrontEndLibsCert: false,
        isJsAlgoDataStructCert: false,
        isApisMicroservicesCert: false,
        isInfosecQaCert: false,
        is2018FullStackCert: false,
        isFrontEndCert: false,
        isBackEndCert: false,
        isDataVisCert: false,
        isFullStackCert: false,
        completedChallenges: []
      })
      .subscribe(
        () => {
          req.flash('success', 'You have successfully reset your progress.');
          return res.status(200).end();
        },
        next
      );
    });
  }

  function getReportUserProfile(req, res) {
    const username = req.params.username.toLowerCase();
    return res.render('account/report-profile', {
      title: 'Report User',
      username
    });
  }

  function postReportUserProfile(req, res, next) {
    const { user } = req;
    const { username } = req.params;
    const report = req.sanitize('reportDescription').trimTags();

    if (!username || !report || report === '') {
      req.flash(
        'danger',
        'Oops, something is not right please re-check your submission.'
      );
      return next();
    }

    return Email.send$({
      type: 'email',
      to: 'team@freecodecamp.org',
      cc: user.email,
      from: 'team@freecodecamp.org',
      subject: 'Abuse Report : Reporting ' + username + '\'s profile.',
      text: dedent(`
        Hello Team,\n
        This is to report the profile of ${username}.\n
        Report Details:\n
        ${report}\n\n
        Reported by:
        Username: ${user.username}
        Name: ${user.name}
        Email: ${user.email}\n
        Thanks and regards,
        ${user.name}
      `)
    }, err => {
      if (err) {
        err.redirectTo = '/' + username;
        return next(err);
      }

      req.flash(
        'info',
        `A report was sent to the team with ${user.email} in copy.`
      );
      return res.redirect('/');
    });
  }

};
fix undefined username and remove old function fix many bugs and undefined fix linting errors 2015-10-01 20:55:55 -07:00			`import dedent from 'dedent';`
fix 401 account/delete if not auth 2015-08-20 09:40:03 -07:00			`import debugFactory from 'debug';`
feat(Profile): Reactify profile page (#16743) * feat(Profile): Reactify profile page * chore(tidyup): Remove console.log * fix(timeline): Remove legacy challenges from Timeline render * fix(style): Remove underline on a:hover 2018-02-19 20:32:14 +00:00			`import { curry } from 'lodash';`
update all instances of progressTimestamp to check for objects 2015-08-07 13:31:48 -07:00
Fix(lint): Add import eslint and fix import errors 2016-06-23 20:05:30 -07:00			`import {`
			`ifNoUser401,`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`ifNoUserRedirectTo,`
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`ifNotVerifiedRedirectToUpdateEmail`
Fix(lint): Add import eslint and fix import errors 2016-06-23 20:05:30 -07:00			`} from '../utils/middleware';`
update all instances of progressTimestamp to check for objects 2015-08-07 13:31:48 -07:00
Initial move to redux 2016-01-27 11:34:44 -08:00			`const debug = debugFactory('fcc:boot:user');`
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`const sendNonUserToHome = ifNoUserRedirectTo('/');`
			`const sendNonUserToHomeWithMessage = curry(ifNoUserRedirectTo, 2)('/');`
fix current streak, longest streak still broken 2015-08-19 13:05:53 -07:00
refactor all boot to export func and use loopback 2015-06-03 16:19:23 -07:00			`module.exports = function(app) {`
Add language routing 2016-06-17 12:35:10 -07:00			`const router = app.loopback.Router();`
			`const api = app.loopback.Router();`
refactor(server/authenticate): Move auth api into own boot script separate from user account/display methods 2017-12-26 13:20:03 -08:00			`const { Email, User } = app.models;`
Remove non-react Update email views and routes 2016-12-17 01:44:06 +05:30
Add language routing 2016-06-17 12:35:10 -07:00			`api.post(`
fix 401 account/delete if not auth 2015-08-20 09:40:03 -07:00			`'/account/delete',`
			`ifNoUser401,`
			`postDeleteAccount`
			`);`
Add language routing 2016-06-17 12:35:10 -07:00			`api.get(`
fix undefined username and remove old function fix many bugs and undefined fix linting errors 2015-10-01 20:55:55 -07:00			`'/account',`
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`sendNonUserToHome,`
fix undefined username and remove old function fix many bugs and undefined fix linting errors 2015-10-01 20:55:55 -07:00			`getAccount`
			`);`
Add reset progress option to user settings 2016-09-20 12:43:34 -05:00			`api.post(`
feat(settings): Expand Settings page functionality (#16664) * fix(layout): Fix Settings layout in firefox * chore(availableForHire): Remove available for hire setting * feat(helpers): Use helper components for Settings layout * fix(map): Fix undefined lang requested * feat(settings): Expand Settings page functionality * chore(pledge): Remove pledge from Settings * fix(about): Adjust AboutSettings layout * fix(portfolio): Improve PortfolioSettings layout * fix(email): Improve EmailSettings layout * fix(settings): Align save buttons with form fields * fix(AHP): Format AHP * fix(DangerZone): Adjust DangerZone layout * fix(projectSettings): Change Button Copy * fix(CertSettings): Fix certificate claim logic * chore(lint): Lint 2018-02-16 23:18:53 +00:00			`'/account/reset-progress',`
Add reset progress option to user settings 2016-09-20 12:43:34 -05:00			`ifNoUser401,`
			`postResetProgress`
			`);`
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`api.get(`
			`'/account/unlink/:social',`
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`sendNonUserToHome,`
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`getUnlinkSocial`
			`);`

Add certification page 2015-10-02 11:47:36 -07:00			`// Ensure these are the last routes!`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`router.get(`
feat(Profile): Reactify profile page (#16743) * feat(Profile): Reactify profile page * chore(tidyup): Remove console.log * fix(timeline): Remove legacy challenges from Timeline render * fix(style): Remove underline on a:hover 2018-02-19 20:32:14 +00:00			`'/user/:username/report-user/',`
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`sendNonUserToHomeWithMessage('You must be signed in to report a user'),`
			`ifNotVerifiedRedirectToUpdateEmail,`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`getReportUserProfile`
			`);`

			`api.post(`
feat(Profile): Reactify profile page (#16743) * feat(Profile): Reactify profile page * chore(tidyup): Remove console.log * fix(timeline): Remove legacy challenges from Timeline render * fix(style): Remove underline on a:hover 2018-02-19 20:32:14 +00:00			`'/user/:username/report-user/',`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`ifNoUser401,`
			`postReportUserProfile`
			`);`
refactor all boot to export func and use loopback 2015-06-03 16:19:23 -07:00
Feat: Welcome Page (#17150) 2018-05-15 06:12:05 +01:00			`app.use(router);`
Feature(react): Move settings to React 2016-07-15 14:32:42 -07:00			`app.use(api);`
fix use app.use(router) to add sub router 2015-06-03 16:31:42 -07:00
lint user file 2015-07-22 23:27:18 -07:00			`function getAccount(req, res) {`
fix undefined username and remove old function fix many bugs and undefined fix linting errors 2015-10-01 20:55:55 -07:00			`const { username } = req.user;`
			`return res.redirect('/' + username);`
refactor all boot to export func and use loopback 2015-06-03 16:19:23 -07:00			`}`
Adding in existing username checking, NOT WORKING AT THE MOMENT 2015-01-24 04:14:41 -05:00
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`function getUnlinkSocial(req, res, next) {`
			`const { user } = req;`
			`const { username } = user;`

			`let social = req.params.social;`
			`if (!social) {`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`req.flash('danger', 'No social account found');`
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`return res.redirect('/' + username);`
			`}`

			`social = social.toLowerCase();`
			`const validSocialAccounts = ['twitter', 'linkedin'];`
			`if (validSocialAccounts.indexOf(social) === -1) {`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`req.flash('danger', 'Invalid social account');`
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`return res.redirect('/' + username);`
			`}`

			`if (!user[social]) {`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			req.flash('danger', `No ${social} account associated`);
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`return res.redirect('/' + username);`
			`}`

			`const query = {`
			`where: {`
			`provider: social`
			`}`
			`};`

			`return user.identities(query, function(err, identities) {`
			`if (err) { return next(err); }`

			`// assumed user identity is unique by provider`
			`let identity = identities.shift();`
			`if (!identity) {`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`req.flash('danger', 'No social account found');`
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`return res.redirect('/' + username);`
			`}`

			`return identity.destroy(function(err) {`
			`if (err) { return next(err); }`

			`const updateData = { [social]: null };`

			`return user.update$(updateData)`
			`.subscribe(() => {`
			debug(`${social} has been unlinked successfully`);

fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			req.flash('info', `You've successfully unlinked your ${social}.`);
add ability to unlink social accounts (twitter, linkedin) 2016-09-28 21:26:17 +07:00			`return res.redirect('/' + username);`
			`}, next);`
			`});`
			`});`
			`}`

lint user file 2015-07-22 23:27:18 -07:00			`function postDeleteAccount(req, res, next) {`
refactor all boot to export func and use loopback 2015-06-03 16:19:23 -07:00			`User.destroyById(req.user.id, function(err) {`
Working on unifying coursewares view and logic 2015-03-21 13:42:02 +09:00			`if (err) { return next(err); }`
refactor all boot to export func and use loopback 2015-06-03 16:19:23 -07:00			`req.logout();`
feat(settings): Expand Settings page functionality (#16664) * fix(layout): Fix Settings layout in firefox * chore(availableForHire): Remove available for hire setting * feat(helpers): Use helper components for Settings layout * fix(map): Fix undefined lang requested * feat(settings): Expand Settings page functionality * chore(pledge): Remove pledge from Settings * fix(about): Adjust AboutSettings layout * fix(portfolio): Improve PortfolioSettings layout * fix(email): Improve EmailSettings layout * fix(settings): Align save buttons with form fields * fix(AHP): Format AHP * fix(DangerZone): Adjust DangerZone layout * fix(projectSettings): Change Button Copy * fix(CertSettings): Fix certificate claim logic * chore(lint): Lint 2018-02-16 23:18:53 +00:00			`req.flash('success', 'You have successfully deleted your account.');`
fix(auth): Add verification route for email 2018-05-25 23:14:09 +05:30			`res.clearCookie('jwt_access_token');`
			`res.clearCookie('access_token');`
			`res.clearCookie('userId');`
			`res.clearCookie('_csrf');`
feat(settings): Expand Settings page functionality (#16664) * fix(layout): Fix Settings layout in firefox * chore(availableForHire): Remove available for hire setting * feat(helpers): Use helper components for Settings layout * fix(map): Fix undefined lang requested * feat(settings): Expand Settings page functionality * chore(pledge): Remove pledge from Settings * fix(about): Adjust AboutSettings layout * fix(portfolio): Improve PortfolioSettings layout * fix(email): Improve EmailSettings layout * fix(settings): Align save buttons with form fields * fix(AHP): Format AHP * fix(DangerZone): Adjust DangerZone layout * fix(projectSettings): Change Button Copy * fix(CertSettings): Fix certificate claim logic * chore(lint): Lint 2018-02-16 23:18:53 +00:00			`return res.status(200).end();`
Add reset progress option to user settings 2016-09-20 12:43:34 -05:00			`});`
			`}`

			`function postResetProgress(req, res, next) {`
			`User.findById(req.user.id, function(err, user) {`
			`if (err) { return next(err); }`
feat(settings): Expand Settings page functionality (#16664) * fix(layout): Fix Settings layout in firefox * chore(availableForHire): Remove available for hire setting * feat(helpers): Use helper components for Settings layout * fix(map): Fix undefined lang requested * feat(settings): Expand Settings page functionality * chore(pledge): Remove pledge from Settings * fix(about): Adjust AboutSettings layout * fix(portfolio): Improve PortfolioSettings layout * fix(email): Improve EmailSettings layout * fix(settings): Align save buttons with form fields * fix(AHP): Format AHP * fix(DangerZone): Adjust DangerZone layout * fix(projectSettings): Change Button Copy * fix(CertSettings): Fix certificate claim logic * chore(lint): Lint 2018-02-16 23:18:53 +00:00			`return user.update$({`
Add reset progress option to user settings 2016-09-20 12:43:34 -05:00			`progressTimestamps: [{`
			`timestamp: Date.now()`
			`}],`
			`currentChallengeId: '',`
feat(settings): Expand Settings page functionality (#16664) * fix(layout): Fix Settings layout in firefox * chore(availableForHire): Remove available for hire setting * feat(helpers): Use helper components for Settings layout * fix(map): Fix undefined lang requested * feat(settings): Expand Settings page functionality * chore(pledge): Remove pledge from Settings * fix(about): Adjust AboutSettings layout * fix(portfolio): Improve PortfolioSettings layout * fix(email): Improve EmailSettings layout * fix(settings): Align save buttons with form fields * fix(AHP): Format AHP * fix(DangerZone): Adjust DangerZone layout * fix(projectSettings): Change Button Copy * fix(CertSettings): Fix certificate claim logic * chore(lint): Lint 2018-02-16 23:18:53 +00:00			`isRespWebDesignCert: false,`
			`is2018DataVisCert: false,`
			`isFrontEndLibsCert: false,`
			`isJsAlgoDataStructCert: false,`
			`isApisMicroservicesCert: false,`
			`isInfosecQaCert: false,`
			`is2018FullStackCert: false,`
			`isFrontEndCert: false,`
Add reset progress option to user settings 2016-09-20 12:43:34 -05:00			`isBackEndCert: false,`
			`isDataVisCert: false,`
feat(settings): Expand Settings page functionality (#16664) * fix(layout): Fix Settings layout in firefox * chore(availableForHire): Remove available for hire setting * feat(helpers): Use helper components for Settings layout * fix(map): Fix undefined lang requested * feat(settings): Expand Settings page functionality * chore(pledge): Remove pledge from Settings * fix(about): Adjust AboutSettings layout * fix(portfolio): Improve PortfolioSettings layout * fix(email): Improve EmailSettings layout * fix(settings): Align save buttons with form fields * fix(AHP): Format AHP * fix(DangerZone): Adjust DangerZone layout * fix(projectSettings): Change Button Copy * fix(CertSettings): Fix certificate claim logic * chore(lint): Lint 2018-02-16 23:18:53 +00:00			`isFullStackCert: false,`
Chore: Update User model (#17171) * fix(logs): Remove console.log's * chore(challengeMap): challengeMap -> completedChallenges * chore(userModel): Update user model * feat(userIDs): Add user ident fields * chore(github): Remove more refs to github data 2018-05-15 14:56:26 +01:00			`completedChallenges: []`
feat(settings): Expand Settings page functionality (#16664) * fix(layout): Fix Settings layout in firefox * chore(availableForHire): Remove available for hire setting * feat(helpers): Use helper components for Settings layout * fix(map): Fix undefined lang requested * feat(settings): Expand Settings page functionality * chore(pledge): Remove pledge from Settings * fix(about): Adjust AboutSettings layout * fix(portfolio): Improve PortfolioSettings layout * fix(email): Improve EmailSettings layout * fix(settings): Align save buttons with form fields * fix(AHP): Format AHP * fix(DangerZone): Adjust DangerZone layout * fix(projectSettings): Change Button Copy * fix(CertSettings): Fix certificate claim logic * chore(lint): Lint 2018-02-16 23:18:53 +00:00			`})`
			`.subscribe(`
			`() => {`
			`req.flash('success', 'You have successfully reset your progress.');`
			`return res.status(200).end();`
			`},`
			`next`
			`);`
Add reset progress option to user settings 2016-09-20 12:43:34 -05:00			`});`
			`}`

feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`function getReportUserProfile(req, res) {`
			`const username = req.params.username.toLowerCase();`
			`return res.render('account/report-profile', {`
			`title: 'Report User',`
			`username`
			`});`
			`}`

			`function postReportUserProfile(req, res, next) {`
			`const { user } = req;`
			`const { username } = req.params;`
			`const report = req.sanitize('reportDescription').trimTags();`

			`if (!username \|\| !report \|\| report === '') {`
fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`req.flash(`
			`'danger',`
			`'Oops, something is not right please re-check your submission.'`
			`);`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`return next();`
			`}`

			`return Email.send$({`
			`type: 'email',`
refactor: Replace .com with .org 2017-08-26 00:07:44 +02:00			`to: 'team@freecodecamp.org',`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`cc: user.email,`
refactor: Replace .com with .org 2017-08-26 00:07:44 +02:00			`from: 'team@freecodecamp.org',`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`subject: 'Abuse Report : Reporting ' + username + '\'s profile.',`
			text: dedent(`
			`Hello Team,\n`
			`This is to report the profile of ${username}.\n`
			`Report Details:\n`
			`${report}\n\n`
			`Reported by:`
			`Username: ${user.username}`
			`Name: ${user.name}`
			`Email: ${user.email}\n`
			`Thanks and regards,`
			`${user.name}`
			`)
			`}, err => {`
			`if (err) {`
			`err.redirectTo = '/' + username;`
			`return next(err);`
			`}`

fix(server/flash): Api to match documentation This fixes duplication issues and normalize our use with everyone else 2018-01-12 14:16:33 -08:00			`req.flash(`
			`'info',`
			`A report was sent to the team with ${user.email} in copy.`
			`);`
feat(user): Report profiles This adds a simple email-based mechanism to report profiles for abuse. An email with text from the report is sent to Free Code Camp's support account with the reporter's account in copy. This also adds the reporter's details to the report for follow ups. 2016-12-15 02:54:59 +05:30			`return res.redirect('/');`
			`});`
			`}`
Remove reset-password logic 2016-12-16 10:35:38 +05:30
refactor all boot to export func and use loopback 2015-06-03 16:19:23 -07:00			`};`