2016-04-14 17:07:40 -07:00
|
|
|
import { Observable } from 'rx';
|
2016-12-30 13:05:29 -06:00
|
|
|
import uuid from 'uuid';
|
2015-07-29 15:00:24 -07:00
|
|
|
import moment from 'moment';
|
2015-12-28 12:41:37 -08:00
|
|
|
import dedent from 'dedent';
|
2016-04-14 17:07:40 -07:00
|
|
|
import debugFactory from 'debug';
|
2016-05-12 15:48:34 -07:00
|
|
|
import { isEmail } from 'validator';
|
2016-05-07 17:46:39 +05:30
|
|
|
import path from 'path';
|
2016-06-26 21:34:01 +05:30
|
|
|
import loopback from 'loopback';
|
2016-04-14 17:07:40 -07:00
|
|
|
|
2017-12-07 16:13:19 -08:00
|
|
|
import { themes } from '../utils/themes';
|
2017-07-13 11:39:07 -07:00
|
|
|
import { saveUser, observeMethod } from '../../server/utils/rx.js';
|
|
|
|
|
import { blacklistedUsernames } from '../../server/utils/constants.js';
|
|
|
|
|
import { wrapHandledError } from '../../server/utils/create-handled-error.js';
|
2017-04-27 01:54:56 +05:30
|
|
|
import {
|
|
|
|
|
getServerFullURL,
|
|
|
|
|
getEmailSender,
|
|
|
|
|
getProtocol,
|
|
|
|
|
getHost,
|
|
|
|
|
getPort
|
|
|
|
|
} from '../../server/utils/url-utils.js';
|
2015-07-29 15:00:24 -07:00
|
|
|
|
2016-04-14 17:07:40 -07:00
|
|
|
const debug = debugFactory('fcc:user:remote');
|
2015-08-15 12:19:36 -07:00
|
|
|
const BROWNIEPOINTS_TIMEOUT = [1, 'hour'];
|
2015-07-29 15:00:24 -07:00
|
|
|
|
2017-12-27 10:52:13 -08:00
|
|
|
const createEmailError = redirectTo => wrapHandledError(
|
|
|
|
|
new Error('email format is invalid'),
|
|
|
|
|
{
|
|
|
|
|
type: 'info',
|
|
|
|
|
message: 'Please check to make sure the email is a valid email address.',
|
|
|
|
|
redirectTo
|
|
|
|
|
}
|
2017-07-13 11:39:07 -07:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
function destroyAll(id, Model) {
|
|
|
|
|
return Observable.fromNodeCallback(
|
|
|
|
|
Model.destroyAll,
|
|
|
|
|
Model
|
|
|
|
|
)({ userId: id });
|
|
|
|
|
}
|
|
|
|
|
|
2016-11-23 19:54:08 +05:30
|
|
|
const renderSignUpEmail = loopback.template(path.join(
|
|
|
|
|
__dirname,
|
|
|
|
|
'..',
|
|
|
|
|
'..',
|
|
|
|
|
'server',
|
|
|
|
|
'views',
|
|
|
|
|
'emails',
|
|
|
|
|
'user-request-sign-up.ejs'
|
|
|
|
|
));
|
|
|
|
|
|
|
|
|
|
const renderSignInEmail = loopback.template(path.join(
|
|
|
|
|
__dirname,
|
|
|
|
|
'..',
|
|
|
|
|
'..',
|
|
|
|
|
'server',
|
|
|
|
|
'views',
|
|
|
|
|
'emails',
|
|
|
|
|
'user-request-sign-in.ejs'
|
|
|
|
|
));
|
|
|
|
|
|
2015-07-29 15:00:24 -07:00
|
|
|
function getAboutProfile({
|
|
|
|
|
username,
|
2016-04-14 17:07:40 -07:00
|
|
|
githubProfile: github,
|
|
|
|
|
progressTimestamps = [],
|
|
|
|
|
bio
|
2015-07-29 15:00:24 -07:00
|
|
|
}) {
|
|
|
|
|
return {
|
|
|
|
|
username,
|
2016-04-14 17:07:40 -07:00
|
|
|
github,
|
|
|
|
|
browniePoints: progressTimestamps.length,
|
|
|
|
|
bio
|
2015-07-29 15:00:24 -07:00
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
function nextTick(fn) {
|
|
|
|
|
return process.nextTick(fn);
|
|
|
|
|
}
|
2015-06-11 19:11:07 -04:00
|
|
|
|
2016-10-26 13:22:33 +00:00
|
|
|
function getWaitPeriod(ttl) {
|
|
|
|
|
const fiveMinutesAgo = moment().subtract(5, 'minutes');
|
|
|
|
|
const lastEmailSentAt = moment(new Date(ttl || null));
|
|
|
|
|
const isWaitPeriodOver = ttl ?
|
|
|
|
|
lastEmailSentAt.isBefore(fiveMinutesAgo) : true;
|
2017-12-27 11:16:53 -08:00
|
|
|
|
2016-10-26 13:22:33 +00:00
|
|
|
if (!isWaitPeriodOver) {
|
|
|
|
|
const minutesLeft = 5 -
|
|
|
|
|
(moment().minutes() - lastEmailSentAt.minutes());
|
|
|
|
|
return minutesLeft;
|
|
|
|
|
}
|
2017-12-27 11:16:53 -08:00
|
|
|
|
2016-10-26 13:22:33 +00:00
|
|
|
return 0;
|
|
|
|
|
}
|
2017-12-27 11:16:53 -08:00
|
|
|
|
|
|
|
|
function getWaitMessage(ttl) {
|
|
|
|
|
const minutesLeft = getWaitPeriod(ttl);
|
|
|
|
|
if (minutesLeft <= 0) {
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
const timeToWait = minutesLeft ?
|
|
|
|
|
`${minutesLeft} minute${minutesLeft > 1 ? 's' : ''}` :
|
|
|
|
|
'a few seconds';
|
|
|
|
|
|
|
|
|
|
return dedent`
|
|
|
|
|
Please wait ${timeToWait} to resend an authentication link.
|
|
|
|
|
`;
|
|
|
|
|
}
|
|
|
|
|
|
2015-06-11 19:11:07 -04:00
|
|
|
module.exports = function(User) {
|
2015-06-12 11:38:00 -07:00
|
|
|
// set salt factor for passwords
|
|
|
|
|
User.settings.saltWorkFactor = 5;
|
2015-08-15 12:19:36 -07:00
|
|
|
// set user.rand to random number
|
2015-08-15 12:28:19 -07:00
|
|
|
User.definition.rawProperties.rand.default =
|
|
|
|
|
User.definition.properties.rand.default = function() {
|
2015-08-15 12:19:36 -07:00
|
|
|
return Math.random();
|
|
|
|
|
};
|
2016-04-21 20:35:19 -07:00
|
|
|
// increase user accessToken ttl to 900 days
|
|
|
|
|
User.settings.ttl = 900 * 24 * 60 * 60 * 1000;
|
2015-06-12 13:54:38 -07:00
|
|
|
|
2015-06-12 16:23:20 -07:00
|
|
|
// username should not be in blacklist
|
|
|
|
|
User.validatesExclusionOf('username', {
|
2016-04-15 23:48:02 +08:00
|
|
|
in: blacklistedUsernames,
|
2015-06-12 16:23:20 -07:00
|
|
|
message: 'is taken'
|
|
|
|
|
});
|
|
|
|
|
|
|
|
|
|
// username should be unique
|
|
|
|
|
User.validatesUniquenessOf('username');
|
2015-08-17 23:57:38 -07:00
|
|
|
User.settings.emailVerificationRequired = false;
|
2015-06-12 13:54:38 -07:00
|
|
|
|
2016-02-09 14:33:25 -08:00
|
|
|
User.on('dataSourceAttached', () => {
|
|
|
|
|
User.findOne$ = Observable.fromNodeCallback(User.findOne, User);
|
|
|
|
|
User.update$ = Observable.fromNodeCallback(User.updateAll, User);
|
|
|
|
|
User.count$ = Observable.fromNodeCallback(User.count, User);
|
2017-12-26 20:12:15 -08:00
|
|
|
User.create$ = Observable.fromNodeCallback(
|
|
|
|
|
User.create.bind(User)
|
|
|
|
|
);
|
2017-04-24 00:37:10 +05:30
|
|
|
User.prototype.createAccessToken$ = Observable.fromNodeCallback(
|
|
|
|
|
User.prototype.createAccessToken
|
|
|
|
|
);
|
2016-02-09 14:33:25 -08:00
|
|
|
});
|
|
|
|
|
|
2017-12-28 20:37:10 -08:00
|
|
|
User.observe('before save', function(ctx) {
|
|
|
|
|
const beforeCreate = Observable.of(ctx)
|
|
|
|
|
.filter(({ isNewInstance }) => isNewInstance)
|
|
|
|
|
// User.create
|
|
|
|
|
.map(({ instance }) => instance)
|
|
|
|
|
.flatMap(user => {
|
|
|
|
|
// note(berks): we now require all new users to supply an email
|
|
|
|
|
// this was not always the case
|
|
|
|
|
if (
|
|
|
|
|
typeof user.email !== 'string' ||
|
|
|
|
|
!isEmail(user.email)
|
|
|
|
|
) {
|
|
|
|
|
throw createEmailError();
|
|
|
|
|
}
|
|
|
|
|
// assign random username to new users
|
|
|
|
|
// actual usernames will come from github
|
|
|
|
|
// use full uuid to ensure uniqueness
|
|
|
|
|
user.username = 'fcc' + uuid.v4();
|
|
|
|
|
|
|
|
|
|
if (!user.progressTimestamps) {
|
|
|
|
|
user.progressTimestamps = [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user.progressTimestamps.length === 0) {
|
|
|
|
|
user.progressTimestamps.push({ timestamp: Date.now() });
|
|
|
|
|
}
|
|
|
|
|
return Observable.fromPromise(User.doesExist(null, user.email))
|
|
|
|
|
.do(exists => {
|
|
|
|
|
if (exists) {
|
|
|
|
|
throw wrapHandledError(
|
|
|
|
|
new Error('user already exists'),
|
|
|
|
|
{
|
|
|
|
|
redirectTo: '/email-signin',
|
|
|
|
|
message: dedent`
|
|
|
|
|
The ${user.email} email address is already associated with an account.
|
|
|
|
|
Try signing in with it here instead.
|
|
|
|
|
`
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
});
|
2017-07-13 11:39:07 -07:00
|
|
|
})
|
2017-12-28 20:37:10 -08:00
|
|
|
.ignoreElements();
|
|
|
|
|
|
|
|
|
|
const updateOrSave = Observable.of(ctx)
|
|
|
|
|
// not new
|
|
|
|
|
.filter(({ isNewInstance }) => !isNewInstance)
|
|
|
|
|
.map(({ instance }) => instance)
|
|
|
|
|
// is update or save user
|
|
|
|
|
.filter(Boolean)
|
|
|
|
|
.do(user => {
|
|
|
|
|
// Some old accounts will not have emails associated with theme
|
|
|
|
|
// we verify only if the email field is populated
|
|
|
|
|
if (user.email && !isEmail(user.email)) {
|
|
|
|
|
throw createEmailError();
|
2017-07-13 11:39:07 -07:00
|
|
|
}
|
|
|
|
|
|
2017-12-28 20:37:10 -08:00
|
|
|
user.username = user.username.trim().toLowerCase();
|
|
|
|
|
user.email = typeof user.email === 'string' ?
|
|
|
|
|
user.email.trim().toLowerCase() :
|
|
|
|
|
user.email;
|
|
|
|
|
|
|
|
|
|
if (!user.progressTimestamps) {
|
|
|
|
|
user.progressTimestamps = [];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user.progressTimestamps.length === 0) {
|
|
|
|
|
user.progressTimestamps.push({ timestamp: Date.now() });
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
.ignoreElements();
|
|
|
|
|
return Observable.merge(beforeCreate, updateOrSave)
|
|
|
|
|
.toPromise();
|
2015-08-05 18:51:15 -07:00
|
|
|
});
|
|
|
|
|
|
2017-07-13 11:39:07 -07:00
|
|
|
// remove lingering user identities before deleting user
|
|
|
|
|
User.observe('before delete', function(ctx, next) {
|
|
|
|
|
const UserIdentity = User.app.models.UserIdentity;
|
|
|
|
|
const UserCredential = User.app.models.UserCredential;
|
|
|
|
|
debug('removing user', ctx.where);
|
|
|
|
|
var id = ctx.where && ctx.where.id ? ctx.where.id : null;
|
|
|
|
|
if (!id) {
|
|
|
|
|
return next();
|
|
|
|
|
}
|
|
|
|
|
return Observable.combineLatest(
|
|
|
|
|
destroyAll(id, UserIdentity),
|
|
|
|
|
destroyAll(id, UserCredential),
|
|
|
|
|
function(identData, credData) {
|
|
|
|
|
return {
|
|
|
|
|
identData: identData,
|
|
|
|
|
credData: credData
|
|
|
|
|
};
|
|
|
|
|
}
|
|
|
|
|
)
|
|
|
|
|
.subscribe(
|
|
|
|
|
function(data) {
|
|
|
|
|
debug('deleted', data);
|
|
|
|
|
},
|
|
|
|
|
function(err) {
|
|
|
|
|
debug('error deleting user %s stuff', id, err);
|
|
|
|
|
next(err);
|
|
|
|
|
},
|
|
|
|
|
function() {
|
|
|
|
|
debug('user stuff deleted for user %s', id);
|
|
|
|
|
next();
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
});
|
|
|
|
|
|
2016-04-14 17:07:40 -07:00
|
|
|
debug('setting up user hooks');
|
2016-06-23 11:11:56 +05:30
|
|
|
|
|
|
|
|
User.beforeRemote('confirm', function(ctx, _, next) {
|
|
|
|
|
|
|
|
|
|
if (!ctx.req.query) {
|
|
|
|
|
return ctx.res.redirect('/');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
const uid = ctx.req.query.uid;
|
|
|
|
|
const token = ctx.req.query.token;
|
|
|
|
|
const redirect = ctx.req.query.redirect;
|
|
|
|
|
|
|
|
|
|
return User.findById(uid, (err, user) => {
|
|
|
|
|
|
2017-10-28 00:24:00 +05:30
|
|
|
if (err || !user || !user.newEmail) {
|
2016-06-23 11:11:56 +05:30
|
|
|
ctx.req.flash('error', {
|
|
|
|
|
msg: dedent`Oops, something went wrong, please try again later`
|
|
|
|
|
});
|
2017-12-27 10:11:17 -08:00
|
|
|
|
|
|
|
|
const err = wrapHandledError(
|
|
|
|
|
new Error('Theme is not valid.'),
|
|
|
|
|
{
|
|
|
|
|
Type: 'info',
|
|
|
|
|
message: err.message
|
|
|
|
|
}
|
|
|
|
|
);
|
2016-06-23 11:11:56 +05:30
|
|
|
return ctx.res.redirect('/');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!user.verificationToken && !user.emailVerified) {
|
|
|
|
|
ctx.req.flash('info', {
|
|
|
|
|
msg: dedent`Looks like we have your email. But you haven't
|
2016-06-26 21:34:01 +05:30
|
|
|
verified it yet, please sign in and request a fresh verification
|
2016-06-23 11:11:56 +05:30
|
|
|
link.`
|
|
|
|
|
});
|
|
|
|
|
return ctx.res.redirect(redirect);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!user.verificationToken && user.emailVerified) {
|
|
|
|
|
ctx.req.flash('info', {
|
|
|
|
|
msg: dedent`Looks like you have already verified your email.
|
2016-06-26 21:34:01 +05:30
|
|
|
Please sign in to continue.`
|
2016-06-23 11:11:56 +05:30
|
|
|
});
|
|
|
|
|
return ctx.res.redirect(redirect);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (user.verificationToken && user.verificationToken !== token) {
|
|
|
|
|
ctx.req.flash('info', {
|
|
|
|
|
msg: dedent`Looks like you have clicked an invalid link.
|
2016-06-26 21:34:01 +05:30
|
|
|
Please sign in and request a fresh one.`
|
2016-06-23 11:11:56 +05:30
|
|
|
});
|
|
|
|
|
return ctx.res.redirect(redirect);
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-28 00:24:00 +05:30
|
|
|
return user.update$({
|
|
|
|
|
email: user.newEmail,
|
|
|
|
|
newEmail: null,
|
|
|
|
|
emailVerifyTTL: null
|
|
|
|
|
})
|
|
|
|
|
.do(() => {
|
|
|
|
|
return next();
|
|
|
|
|
})
|
|
|
|
|
.toPromise();
|
|
|
|
|
|
2016-06-23 11:11:56 +05:30
|
|
|
});
|
|
|
|
|
});
|
|
|
|
|
|
2015-06-11 21:08:40 -04:00
|
|
|
User.afterRemote('confirm', function(ctx) {
|
2016-06-23 11:11:56 +05:30
|
|
|
if (!ctx.req.query) {
|
|
|
|
|
return ctx.res.redirect('/');
|
|
|
|
|
}
|
|
|
|
|
const redirect = ctx.req.query.redirect;
|
2015-06-11 21:03:01 -04:00
|
|
|
ctx.req.flash('success', {
|
|
|
|
|
msg: [
|
2016-06-08 01:13:11 -07:00
|
|
|
'Your email has been confirmed!'
|
2015-06-11 21:03:01 -04:00
|
|
|
]
|
|
|
|
|
});
|
2016-06-23 11:11:56 +05:30
|
|
|
return ctx.res.redirect(redirect);
|
2015-06-11 21:03:01 -04:00
|
|
|
});
|
|
|
|
|
|
2016-12-16 00:32:07 +05:30
|
|
|
|
2015-08-25 22:27:01 -07:00
|
|
|
User.beforeRemote('login', function(ctx, notUsed, next) {
|
|
|
|
|
const { body } = ctx.req;
|
|
|
|
|
if (body && typeof body.email === 'string') {
|
2016-05-12 15:48:34 -07:00
|
|
|
if (!isEmail(body.email)) {
|
2017-07-13 11:39:07 -07:00
|
|
|
return next(createEmailError());
|
2016-05-12 15:48:34 -07:00
|
|
|
}
|
2015-08-25 22:27:01 -07:00
|
|
|
body.email = body.email.toLowerCase();
|
|
|
|
|
}
|
2016-05-12 15:48:34 -07:00
|
|
|
return next();
|
2015-08-25 22:27:01 -07:00
|
|
|
});
|
|
|
|
|
|
2015-08-17 23:57:38 -07:00
|
|
|
User.afterRemote('login', function(ctx, accessToken, next) {
|
2015-06-11 19:11:07 -04:00
|
|
|
var res = ctx.res;
|
|
|
|
|
var req = ctx.req;
|
2015-06-15 15:43:12 -07:00
|
|
|
// var args = ctx.args;
|
2015-06-11 19:11:07 -04:00
|
|
|
|
2015-06-15 15:43:12 -07:00
|
|
|
var config = {
|
|
|
|
|
signed: !!req.signedCookies,
|
|
|
|
|
maxAge: accessToken.ttl
|
|
|
|
|
};
|
2015-08-17 23:57:38 -07:00
|
|
|
|
2015-06-15 15:43:12 -07:00
|
|
|
if (accessToken && accessToken.id) {
|
2016-04-14 17:07:40 -07:00
|
|
|
debug('setting cookies');
|
2015-06-15 15:43:12 -07:00
|
|
|
res.cookie('access_token', accessToken.id, config);
|
|
|
|
|
res.cookie('userId', accessToken.userId, config);
|
|
|
|
|
}
|
2015-08-17 23:57:38 -07:00
|
|
|
|
|
|
|
|
return req.logIn({ id: accessToken.userId.toString() }, function(err) {
|
2015-12-28 12:41:37 -08:00
|
|
|
if (err) { return next(err); }
|
|
|
|
|
|
2016-04-14 17:07:40 -07:00
|
|
|
debug('user logged in');
|
2015-12-28 12:41:37 -08:00
|
|
|
|
|
|
|
|
if (req.session && req.session.returnTo) {
|
2016-01-17 11:15:05 +04:00
|
|
|
var redirectTo = req.session.returnTo;
|
|
|
|
|
if (redirectTo === '/map-aside') {
|
|
|
|
|
redirectTo = '/map';
|
|
|
|
|
}
|
|
|
|
|
return res.redirect(redirectTo);
|
2015-12-28 12:41:37 -08:00
|
|
|
}
|
|
|
|
|
|
2016-06-08 01:13:11 -07:00
|
|
|
req.flash('success', { msg: 'Success! You are now logged in.' });
|
2015-06-15 15:43:12 -07:00
|
|
|
return res.redirect('/');
|
|
|
|
|
});
|
2015-06-11 19:11:07 -04:00
|
|
|
});
|
|
|
|
|
|
2015-06-16 00:29:32 -04:00
|
|
|
User.afterRemoteError('login', function(ctx) {
|
2015-06-16 00:27:32 -04:00
|
|
|
var res = ctx.res;
|
|
|
|
|
var req = ctx.req;
|
|
|
|
|
|
|
|
|
|
req.flash('errors', {
|
|
|
|
|
msg: 'Invalid username or password.'
|
|
|
|
|
});
|
2015-08-19 15:55:40 -07:00
|
|
|
return res.redirect('/email-signin');
|
2015-06-16 00:27:32 -04:00
|
|
|
});
|
|
|
|
|
|
2015-06-11 19:11:07 -04:00
|
|
|
User.afterRemote('logout', function(ctx, result, next) {
|
2015-08-17 23:57:38 -07:00
|
|
|
var res = ctx.res;
|
2015-06-11 19:11:07 -04:00
|
|
|
res.clearCookie('access_token');
|
|
|
|
|
res.clearCookie('userId');
|
|
|
|
|
next();
|
|
|
|
|
});
|
|
|
|
|
|
2015-12-28 13:52:28 -08:00
|
|
|
User.doesExist = function doesExist(username, email) {
|
2016-05-12 15:48:34 -07:00
|
|
|
if (!username && (!email || !isEmail(email))) {
|
2015-12-28 13:52:28 -08:00
|
|
|
return Promise.resolve(false);
|
2015-06-11 19:11:07 -04:00
|
|
|
}
|
2016-04-14 17:07:40 -07:00
|
|
|
debug('checking existence');
|
2015-06-11 16:46:31 -07:00
|
|
|
|
|
|
|
|
// check to see if username is on blacklist
|
|
|
|
|
if (username && blacklistedUsernames.indexOf(username) !== -1) {
|
2015-12-28 13:52:28 -08:00
|
|
|
return Promise.resolve(true);
|
2015-06-11 16:46:31 -07:00
|
|
|
}
|
|
|
|
|
|
2015-06-11 19:11:07 -04:00
|
|
|
var where = {};
|
|
|
|
|
if (username) {
|
|
|
|
|
where.username = username.toLowerCase();
|
|
|
|
|
} else {
|
|
|
|
|
where.email = email ? email.toLowerCase() : email;
|
|
|
|
|
}
|
2016-04-14 17:07:40 -07:00
|
|
|
debug('where', where);
|
2015-12-28 13:52:28 -08:00
|
|
|
return User.count(where)
|
|
|
|
|
.then(count => count > 0);
|
2015-06-11 19:11:07 -04:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
User.remoteMethod(
|
|
|
|
|
'doesExist',
|
|
|
|
|
{
|
|
|
|
|
description: 'checks whether a user exists using email or username',
|
|
|
|
|
accepts: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'username',
|
|
|
|
|
type: 'string'
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
arg: 'email',
|
|
|
|
|
type: 'string'
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
returns: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'exists',
|
|
|
|
|
type: 'boolean'
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
http: {
|
|
|
|
|
path: '/exists',
|
|
|
|
|
verb: 'get'
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
2015-07-29 11:32:16 -07:00
|
|
|
|
|
|
|
|
User.about = function about(username, cb) {
|
|
|
|
|
if (!username) {
|
|
|
|
|
// Zalgo!!
|
2015-07-29 15:00:24 -07:00
|
|
|
return nextTick(() => {
|
2015-08-04 10:52:41 -07:00
|
|
|
cb(new TypeError(
|
|
|
|
|
`username should be a string but got ${ username }`
|
|
|
|
|
));
|
2015-07-29 11:32:16 -07:00
|
|
|
});
|
|
|
|
|
}
|
2016-04-14 17:07:40 -07:00
|
|
|
return User.findOne({ where: { username } }, (err, user) => {
|
|
|
|
|
if (err) {
|
|
|
|
|
return cb(err);
|
|
|
|
|
}
|
|
|
|
|
if (!user || user.username !== username) {
|
|
|
|
|
return cb(new Error(`no user found for ${ username }`));
|
|
|
|
|
}
|
|
|
|
|
const aboutUser = getAboutProfile(user);
|
|
|
|
|
return cb(null, aboutUser);
|
|
|
|
|
});
|
2015-07-29 11:32:16 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
User.remoteMethod(
|
|
|
|
|
'about',
|
|
|
|
|
{
|
|
|
|
|
description: 'get public info about user',
|
|
|
|
|
accepts: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'username',
|
|
|
|
|
type: 'string'
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
returns: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'about',
|
|
|
|
|
type: 'object'
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
http: {
|
|
|
|
|
path: '/about',
|
|
|
|
|
verb: 'get'
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
2015-07-29 15:00:24 -07:00
|
|
|
|
2017-12-26 20:12:15 -08:00
|
|
|
User.prototype.getEncodedEmail = function getEncodedEmail() {
|
|
|
|
|
if (!this.email) {
|
|
|
|
|
return null;
|
2016-06-26 21:34:01 +05:30
|
|
|
}
|
2017-12-26 20:12:15 -08:00
|
|
|
return Buffer(this.email).toString('base64');
|
|
|
|
|
};
|
2016-06-26 21:34:01 +05:30
|
|
|
|
2017-12-26 20:12:15 -08:00
|
|
|
User.decodeEmail = email => Buffer(email, 'base64').toString();
|
2016-10-26 13:22:33 +00:00
|
|
|
|
2017-12-26 20:12:15 -08:00
|
|
|
User.prototype.requestAuthEmail = function requestAuthEmail() {
|
|
|
|
|
return Observable.defer(() => {
|
2017-12-27 11:16:53 -08:00
|
|
|
const messageOrNull = getWaitMessage(this.emailAuthLinkTTL);
|
|
|
|
|
if (messageOrNull) {
|
|
|
|
|
throw wrapHandledError(
|
|
|
|
|
new Error('request is throttled'),
|
|
|
|
|
{
|
|
|
|
|
type: 'info',
|
|
|
|
|
message: messageOrNull
|
|
|
|
|
}
|
|
|
|
|
);
|
2017-12-26 20:12:15 -08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// create a temporary access token with ttl for 15 minutes
|
2017-12-27 10:11:17 -08:00
|
|
|
return this.createAccessToken$({ ttl: 15 * 60 * 1000 });
|
2017-12-26 20:12:15 -08:00
|
|
|
})
|
2017-12-27 10:11:17 -08:00
|
|
|
.flatMap(token => {
|
|
|
|
|
// email verified will be false if the user instance
|
|
|
|
|
// has just been created
|
|
|
|
|
const renderAuthEmail = this.emailVerified === false ?
|
|
|
|
|
renderSignInEmail :
|
|
|
|
|
renderSignUpEmail;
|
|
|
|
|
const { id: loginToken, created: emailAuthLinkTTL } = token;
|
|
|
|
|
const loginEmail = this.getEncodedEmail();
|
|
|
|
|
const host = getServerFullURL();
|
|
|
|
|
const mailOptions = {
|
|
|
|
|
type: 'email',
|
|
|
|
|
to: this.email,
|
|
|
|
|
from: getEmailSender(),
|
|
|
|
|
subject: 'Login Requested - freeCodeCamp',
|
|
|
|
|
text: renderAuthEmail({
|
|
|
|
|
host,
|
|
|
|
|
loginEmail,
|
|
|
|
|
loginToken
|
|
|
|
|
})
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
return Observable.combineLatest(
|
2017-12-27 12:16:17 -08:00
|
|
|
User.email.send$(mailOptions),
|
2017-12-27 10:11:17 -08:00
|
|
|
this.update$({ emailAuthLinkTTL })
|
|
|
|
|
);
|
|
|
|
|
})
|
|
|
|
|
.map(() => dedent`
|
|
|
|
|
If you entered a valid email, a magic link is on its way.
|
|
|
|
|
Please follow that link to sign in.
|
|
|
|
|
`);
|
2016-06-26 21:34:01 +05:30
|
|
|
};
|
|
|
|
|
|
2017-12-27 10:52:13 -08:00
|
|
|
User.prototype.requestUpdateEmail = function requestUpdateEmail(newEmail) {
|
|
|
|
|
return Observable.defer(() => {
|
|
|
|
|
const ownEmail = newEmail === this.email;
|
|
|
|
|
if (!isEmail('' + newEmail)) {
|
|
|
|
|
throw createEmailError();
|
|
|
|
|
}
|
|
|
|
|
// email is already associated and verified with this account
|
2017-12-27 11:18:48 -08:00
|
|
|
if (ownEmail) {
|
|
|
|
|
if (this.emailVerified) {
|
2017-12-27 10:52:13 -08:00
|
|
|
throw wrapHandledError(
|
2017-12-27 11:18:48 -08:00
|
|
|
new Error('email is already verified'),
|
2017-12-27 10:52:13 -08:00
|
|
|
{
|
|
|
|
|
type: 'info',
|
2017-12-27 11:18:48 -08:00
|
|
|
message: `${newEmail} is already associated with this account.`
|
2017-12-27 10:52:13 -08:00
|
|
|
}
|
2016-05-02 17:20:41 -07:00
|
|
|
);
|
2017-12-27 11:18:48 -08:00
|
|
|
} else {
|
2017-12-27 11:16:53 -08:00
|
|
|
const messageOrNull = getWaitMessage(this.emailVerifyTTL);
|
|
|
|
|
// email is already associated but unverified
|
|
|
|
|
if (messageOrNull) {
|
|
|
|
|
// email is within time limit
|
|
|
|
|
throw wrapHandledError(
|
|
|
|
|
new Error(),
|
|
|
|
|
{
|
|
|
|
|
type: 'info',
|
|
|
|
|
message: messageOrNull
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
2016-04-22 02:17:59 +05:30
|
|
|
}
|
2017-12-27 11:18:48 -08:00
|
|
|
}
|
2016-05-07 17:46:39 +05:30
|
|
|
|
2017-12-27 11:18:48 -08:00
|
|
|
// at this point email is not associated with the account
|
|
|
|
|
// or has not been verified but user is requesting another token
|
|
|
|
|
// outside of the time limit
|
|
|
|
|
return Observable.if(
|
|
|
|
|
() => ownEmail,
|
|
|
|
|
Observable.empty(),
|
|
|
|
|
// defer prevents the promise from firing prematurely (before subscribe)
|
|
|
|
|
Observable.defer(() => User.doesExist(null, newEmail))
|
|
|
|
|
)
|
|
|
|
|
.do(exists => {
|
|
|
|
|
// not associated with this account, but is associated with another
|
|
|
|
|
if (exists) {
|
|
|
|
|
throw wrapHandledError(
|
|
|
|
|
new Error('email already in use'),
|
|
|
|
|
{
|
|
|
|
|
type: 'info',
|
|
|
|
|
message:
|
|
|
|
|
`${newEmail} is already associated with another account.`
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
.defaultIfEmpty();
|
|
|
|
|
})
|
|
|
|
|
.flatMap(() => {
|
2016-05-07 17:46:39 +05:30
|
|
|
const emailVerified = false;
|
2017-12-27 10:52:13 -08:00
|
|
|
const data = {
|
2017-10-28 00:24:00 +05:30
|
|
|
newEmail,
|
2016-06-02 15:23:49 -07:00
|
|
|
emailVerified,
|
|
|
|
|
emailVerifyTTL: new Date()
|
2017-12-27 10:52:13 -08:00
|
|
|
};
|
|
|
|
|
return this.update$(data).do(() => Object.assign(this, data));
|
2016-07-19 16:36:34 -07:00
|
|
|
})
|
|
|
|
|
.flatMap(() => {
|
|
|
|
|
const mailOptions = {
|
|
|
|
|
type: 'email',
|
2017-10-28 00:24:00 +05:30
|
|
|
to: newEmail,
|
2017-04-27 01:54:56 +05:30
|
|
|
from: getEmailSender(),
|
2017-04-24 13:06:17 +05:30
|
|
|
subject: 'freeCodeCamp - Email Update Requested',
|
2017-04-27 01:54:56 +05:30
|
|
|
protocol: getProtocol(),
|
|
|
|
|
host: getHost(),
|
|
|
|
|
port: getPort(),
|
2016-07-19 16:36:34 -07:00
|
|
|
template: path.join(
|
|
|
|
|
__dirname,
|
|
|
|
|
'..',
|
|
|
|
|
'..',
|
|
|
|
|
'server',
|
|
|
|
|
'views',
|
|
|
|
|
'emails',
|
2017-10-09 23:57:47 +05:30
|
|
|
'user-request-update-email.ejs'
|
2016-07-19 16:36:34 -07:00
|
|
|
)
|
|
|
|
|
};
|
|
|
|
|
return this.verify(mailOptions);
|
|
|
|
|
})
|
|
|
|
|
.map(() => dedent`
|
|
|
|
|
Please check your email.
|
|
|
|
|
We sent you a link that you can click to verify your email address.
|
|
|
|
|
`);
|
2016-04-22 02:17:59 +05:30
|
|
|
};
|
|
|
|
|
|
2015-07-29 15:00:24 -07:00
|
|
|
User.giveBrowniePoints =
|
2015-08-01 20:08:32 -07:00
|
|
|
function giveBrowniePoints(receiver, giver, data = {}, dev = false, cb) {
|
2016-04-14 17:07:40 -07:00
|
|
|
const findUser = observeMethod(User, 'findOne');
|
2015-07-29 15:00:24 -07:00
|
|
|
if (!receiver) {
|
|
|
|
|
return nextTick(() => {
|
2015-07-31 13:45:21 -07:00
|
|
|
cb(
|
|
|
|
|
new TypeError(`receiver should be a string but got ${ receiver }`)
|
|
|
|
|
);
|
2015-07-29 15:00:24 -07:00
|
|
|
});
|
|
|
|
|
}
|
|
|
|
|
if (!giver) {
|
|
|
|
|
return nextTick(() => {
|
2015-07-31 13:45:21 -07:00
|
|
|
cb(new TypeError(`giver should be a string but got ${ giver }`));
|
2015-07-29 15:00:24 -07:00
|
|
|
});
|
|
|
|
|
}
|
2015-07-31 12:45:34 -07:00
|
|
|
let temp = moment();
|
|
|
|
|
const browniePoints = temp
|
|
|
|
|
.subtract.apply(temp, BROWNIEPOINTS_TIMEOUT)
|
|
|
|
|
.valueOf();
|
2016-04-14 17:07:40 -07:00
|
|
|
const user$ = findUser({ where: { username: receiver }});
|
|
|
|
|
|
|
|
|
|
return user$
|
|
|
|
|
.tapOnNext((user) => {
|
2015-07-29 15:00:24 -07:00
|
|
|
if (!user) {
|
2015-07-31 13:45:21 -07:00
|
|
|
throw new Error(`could not find receiver for ${ receiver }`);
|
2015-07-29 15:00:24 -07:00
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
.flatMap(({ progressTimestamps = [] }) => {
|
2016-04-14 17:07:40 -07:00
|
|
|
return Observable.from(progressTimestamps);
|
2015-07-29 15:00:24 -07:00
|
|
|
})
|
|
|
|
|
// filter out non objects
|
|
|
|
|
.filter((timestamp) => !!timestamp || typeof timestamp === 'object')
|
|
|
|
|
// filterout timestamps older then an hour
|
2016-04-14 17:07:40 -07:00
|
|
|
.filter(({ timestamp = 0 }) => {
|
|
|
|
|
return timestamp >= browniePoints;
|
|
|
|
|
})
|
2015-07-29 15:00:24 -07:00
|
|
|
// filter out brownie points given by giver
|
2016-04-14 17:07:40 -07:00
|
|
|
.filter((browniePoint) => {
|
|
|
|
|
return browniePoint.giver === giver;
|
|
|
|
|
})
|
2015-07-29 15:00:24 -07:00
|
|
|
// no results means this is the first brownie point given by giver
|
|
|
|
|
// so return -1 to indicate receiver should receive point
|
2015-10-15 00:33:45 -07:00
|
|
|
.first({ defaultValue: -1 })
|
2016-04-14 17:07:40 -07:00
|
|
|
.flatMap((browniePointsFromGiver) => {
|
2015-07-29 15:00:24 -07:00
|
|
|
if (browniePointsFromGiver === -1) {
|
2016-04-14 17:07:40 -07:00
|
|
|
|
|
|
|
|
return user$.flatMap((user) => {
|
|
|
|
|
user.progressTimestamps.push({
|
|
|
|
|
giver,
|
|
|
|
|
timestamp: Date.now(),
|
|
|
|
|
...data
|
2015-07-29 15:00:24 -07:00
|
|
|
});
|
2016-04-14 17:07:40 -07:00
|
|
|
return saveUser(user);
|
|
|
|
|
});
|
2015-07-29 15:00:24 -07:00
|
|
|
}
|
|
|
|
|
return Observable.throw(
|
2015-07-31 13:45:21 -07:00
|
|
|
new Error(`${ giver } already gave ${ receiver } points`)
|
2015-07-29 15:00:24 -07:00
|
|
|
);
|
|
|
|
|
})
|
|
|
|
|
.subscribe(
|
2016-04-14 17:07:40 -07:00
|
|
|
(user) => {
|
|
|
|
|
return cb(
|
|
|
|
|
null,
|
|
|
|
|
getAboutProfile(user),
|
|
|
|
|
dev ?
|
|
|
|
|
{ giver, receiver, data } :
|
|
|
|
|
null
|
|
|
|
|
);
|
|
|
|
|
},
|
|
|
|
|
(e) => cb(e, null, dev ? { giver, receiver, data } : null),
|
2015-07-29 15:00:24 -07:00
|
|
|
() => {
|
2016-04-14 17:07:40 -07:00
|
|
|
debug('brownie points assigned completed');
|
2015-07-29 15:00:24 -07:00
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
};
|
|
|
|
|
|
|
|
|
|
User.remoteMethod(
|
|
|
|
|
'giveBrowniePoints',
|
|
|
|
|
{
|
|
|
|
|
description: 'Give this user brownie points',
|
|
|
|
|
accepts: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'receiver',
|
|
|
|
|
type: 'string',
|
|
|
|
|
required: true
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
arg: 'giver',
|
|
|
|
|
type: 'string',
|
|
|
|
|
required: true
|
|
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
arg: 'data',
|
|
|
|
|
type: 'object'
|
2015-08-01 20:08:32 -07:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
arg: 'debug',
|
|
|
|
|
type: 'boolean'
|
2015-07-29 15:00:24 -07:00
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
returns: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'about',
|
|
|
|
|
type: 'object'
|
2015-08-01 20:08:32 -07:00
|
|
|
},
|
|
|
|
|
{
|
|
|
|
|
arg: 'debug',
|
|
|
|
|
type: 'object'
|
2015-07-29 15:00:24 -07:00
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
http: {
|
|
|
|
|
path: '/give-brownie-points',
|
2015-08-01 20:08:32 -07:00
|
|
|
verb: 'POST'
|
2015-07-29 15:00:24 -07:00
|
|
|
}
|
|
|
|
|
}
|
2015-07-31 12:15:23 -07:00
|
|
|
);
|
2016-02-09 14:33:25 -08:00
|
|
|
|
2017-12-07 16:13:19 -08:00
|
|
|
User.themes = themes;
|
2016-05-07 17:46:39 +05:30
|
|
|
|
2016-05-12 18:52:03 -07:00
|
|
|
User.prototype.updateTheme = function updateTheme(theme) {
|
|
|
|
|
if (!this.constructor.themes[theme]) {
|
2017-07-13 11:39:07 -07:00
|
|
|
const err = wrapHandledError(
|
|
|
|
|
new Error('Theme is not valid.'),
|
|
|
|
|
{
|
|
|
|
|
Type: 'info',
|
|
|
|
|
message: err.message
|
|
|
|
|
}
|
2016-05-12 18:52:03 -07:00
|
|
|
);
|
|
|
|
|
return Promise.reject(err);
|
|
|
|
|
}
|
|
|
|
|
return this.update$({ theme })
|
|
|
|
|
.map({ updatedTo: theme })
|
|
|
|
|
.toPromise();
|
|
|
|
|
};
|
|
|
|
|
|
2016-08-05 14:05:57 -07:00
|
|
|
// deprecated. remove once live
|
2016-05-12 18:52:03 -07:00
|
|
|
User.remoteMethod(
|
|
|
|
|
'updateTheme',
|
|
|
|
|
{
|
|
|
|
|
description: 'updates the users chosen theme',
|
|
|
|
|
accepts: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'theme',
|
|
|
|
|
type: 'string',
|
|
|
|
|
required: true
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
returns: [
|
|
|
|
|
{
|
|
|
|
|
arg: 'status',
|
|
|
|
|
type: 'object'
|
|
|
|
|
}
|
|
|
|
|
],
|
|
|
|
|
http: {
|
|
|
|
|
path: '/update-theme',
|
|
|
|
|
verb: 'POST'
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
);
|
|
|
|
|
|
2016-04-14 17:07:40 -07:00
|
|
|
// user.updateTo$(updateData: Object) => Observable[Number]
|
2016-02-09 14:33:25 -08:00
|
|
|
User.prototype.update$ = function update$(updateData) {
|
|
|
|
|
const id = this.getId();
|
|
|
|
|
const updateOptions = { allowExtendedOperators: true };
|
|
|
|
|
if (
|
|
|
|
|
!updateData ||
|
|
|
|
|
typeof updateData !== 'object' ||
|
2016-02-10 10:05:51 -08:00
|
|
|
!Object.keys(updateData).length
|
2016-02-09 14:33:25 -08:00
|
|
|
) {
|
|
|
|
|
return Observable.throw(new Error(
|
2016-02-10 10:05:51 -08:00
|
|
|
dedent`
|
|
|
|
|
updateData must be an object with at least one key,
|
|
|
|
|
but got ${updateData} with ${Object.keys(updateData).length}
|
|
|
|
|
`.split('\n').join(' ')
|
2016-02-09 14:33:25 -08:00
|
|
|
));
|
|
|
|
|
}
|
|
|
|
|
return this.constructor.update$({ id }, updateData, updateOptions);
|
|
|
|
|
};
|
2016-04-14 17:07:40 -07:00
|
|
|
User.prototype.getPoints$ = function getPoints$() {
|
2016-04-06 21:08:19 -07:00
|
|
|
const id = this.getId();
|
|
|
|
|
const filter = {
|
|
|
|
|
where: { id },
|
|
|
|
|
fields: { progressTimestamps: true }
|
|
|
|
|
};
|
|
|
|
|
return this.constructor.findOne$(filter)
|
|
|
|
|
.map(user => {
|
|
|
|
|
this.progressTimestamps = user.progressTimestamps;
|
|
|
|
|
return user.progressTimestamps;
|
|
|
|
|
});
|
|
|
|
|
};
|
|
|
|
|
User.prototype.getChallengeMap$ = function getChallengeMap$() {
|
|
|
|
|
const id = this.getId();
|
|
|
|
|
const filter = {
|
|
|
|
|
where: { id },
|
|
|
|
|
fields: { challengeMap: true }
|
|
|
|
|
};
|
|
|
|
|
return this.constructor.findOne$(filter)
|
|
|
|
|
.map(user => {
|
|
|
|
|
this.challengeMap = user.challengeMap;
|
|
|
|
|
return user.challengeMap;
|
|
|
|
|
});
|
|
|
|
|
};
|
2015-06-11 19:11:07 -04:00
|
|
|
};
|
