diff --git a/common/models/User-Identity.js b/common/models/User-Identity.js index 1525d23c47..588a3be3de 100644 --- a/common/models/User-Identity.js +++ b/common/models/User-Identity.js @@ -4,7 +4,6 @@ var defaultProfileImage = require('../utils/constantStrings.json').defaultProfileImage; module.exports = function(UserIdent) { - UserIdent.observe('before save', function(ctx, next) { var userIdent = ctx.currentInstance || ctx.instance; if (!userIdent) { @@ -17,7 +16,6 @@ module.exports = function(UserIdent) { debug('no user attached to identity!'); return next(); } - debug('got user', user.username); var picture = userIdent.profile && userIdent.profile[0] ? userIdent.profile[0].value : diff --git a/common/models/user.js b/common/models/user.js index afa4ac3c6f..6de4c73093 100644 --- a/common/models/user.js +++ b/common/models/user.js @@ -1,4 +1,6 @@ var debug = require('debug')('freecc:user:remote'); +var blacklistedUsernames = + require('../../server/utils/constants').blacklistedUsernames; module.exports = function(User) { // NOTE(berks): user email validation currently not needed but build in. This @@ -42,13 +44,6 @@ module.exports = function(User) { }); }); - User.beforeRemote('login', function(ctx, instance, next) { - debug('before called'); - - //debug(ctx, instance, next); - next(); - }); - User.afterRemote('confirm', function(ctx, instance, next) { ctx.req.flash('success', { msg: [ @@ -59,7 +54,6 @@ module.exports = function(User) { }); User.afterRemote('login', function(ctx, instance, next) { - debug('after called'); var res = ctx.res; var req = ctx.req; @@ -101,6 +95,18 @@ module.exports = function(User) { }); }); }); + return res.redirect('/'); + } + + var config = { + signed: !!req.signedCookies, + maxAge: 1000 * accessToken.ttl + }; + if (accessToken && accessToken.id) { + res.cookie('access_token', accessToken.id, config); + res.cookie('userId', accessToken.userId, config); + } + res.redirect('/'); }); @@ -119,6 +125,12 @@ module.exports = function(User) { }); } debug('checking existence'); + + // check to see if username is on blacklist + if (username && blacklistedUsernames.indexOf(username) !== -1) { + return cb(null, true); + } + var where = {}; if (username) { where.username = username.toLowerCase(); diff --git a/server/boot/a-extendUser.js b/server/boot/a-extendUser.js index 879112ab0a..951705c650 100644 --- a/server/boot/a-extendUser.js +++ b/server/boot/a-extendUser.js @@ -1,140 +1,40 @@ -//var debug = require('debug')('freecc:extendUser'); -// -//module.exports = function(app) { -// var User = app.models.User; -// // NOTE(berks): user email validation currently not needed but build in. This -// // work around should let us sneak by -// // see: -// // https://github.com/strongloop/loopback/issues/1137#issuecomment-109200135 -// delete User.validations.email; -// debug('setting up user hooks'); -// // send verification email to new camper -// User.afterRemote('create', function(ctx, user, next) { -// debug('user created, sending email'); -// if (!user.email) { return next(); } -// -// var mailOptions = { -// type: 'email', -// to: user.email, -// from: 'Team@freecodecamp.com', -// subject: 'Welcome to Free Code Camp!', -// redirect: '/', -// text: [ -// 'Greetings from San Francisco!\n\n', -// 'Thank you for joining our community.\n', -// 'Feel free to email us at this address if you have ', -// 'any questions about Free Code Camp.\n', -// 'And if you have a moment, check out our blog: ', -// 'blog.freecodecamp.com.\n', -// 'Good luck with the challenges!\n\n', -// '- the Free Code Camp Volunteer Team' -// ].join('') -// }; -// user.verify(mailOptions, function(err) { -// if (err) { return next(err); } -// debug('verification email sent'); -// ctx.req.flash('success', { -// msg: [ -// 'Please check your email and click on the verification link ' -// + 'before logging in.' -// ] -// }); -// ctx.res.redirect('/'); -// }); -// }); -// -// User.beforeRemote('login', function(ctx, results, next) { -// debug('before called'); -// next(); -// }); -// -// User.afterRemote('login', function(ctx, instance, next) { -// debug('after called'); -// var res = ctx.res; -// var req = ctx.req; -// -// if (!instance || !instance.emailVerified) { -// req.flash('errors', { -// msg: [ -// 'Please verify your email address.' -// ] -// }); -// return res.redirect('/'); -// } -// -// var config = { -// signed: !!req.signedCookies, -// maxAge: 1000 * accessToken.ttl -// }; -// if (accessToken && accessToken.id) { -// res.cookie('access_token', accessToken.id, config); -// res.cookie('userId', accessToken.userId, config); -// } -// res.redirect('/'); -// }); -// -// -// -// User.afterRemote('logout', function(ctx, result, next) { -// var res = ctx.result; -// res.clearCookie('access_token'); -// res.clearCookie('userId'); -// next(); -// }); -// -// User.doesExist = function doesExist(username, email, cb) { -// if (!username && !email) { -// return process.nextTick(function() { -// cb(null, false); -// }); -// } -// debug('checking existence'); -// var where = {}; -// if (username) { -// where.username = username.toLowerCase(); -// } else { -// where.email = email ? email.toLowerCase() : email; -// } -// debug('where', where); -// User.count( -// where, -// function (err, count) { -// if (err) { -// debug('err checking existance: ', err); -// return cb(err); -// } -// if (count > 0) { -// return cb(null, true); -// } -// return cb(null, false); -// } -// ); -// }; -// -// User.remoteMethod( -// 'doesExist', -// { -// description: 'checks whether a user exists using email or username', -// accepts: [ -// { -// arg: 'username', -// type: 'string' -// }, -// { -// arg: 'email', -// type: 'string' -// } -// ], -// returns: [ -// { -// arg: 'exists', -// type: 'boolean' -// } -// ], -// http: { -// path: '/exists', -// verb: 'get' -// } -// } -// ); -//}; +var Rx = require('rx'); +var debug = require('debug')('freecc:user:remote'); + +function destroyById(id, Model) { + return Rx.Observable.create(function(observer) { + Model.destroyById(id, function(err) { + if (err) { return observer.onError(err); } + observer.onCompleted(); + }); + return Rx.Disposable(Rx.helpers.noop); + }); +} + +module.exports = function(app) { + var User = app.models.User; + var UserIdentity = app.models.UserIdentity; + var UserCredential = app.models.UserCredential; + User.observe('after delete', function(ctx, next) { + debug('removing user', ctx.where); + var id = ctx.where && ctx.where.id ? ctx.where.id : null; + if (!id) { + return next(); + } + Rx.Observable.combineLatest( + destroyById(id, UserIdentity), + destroyById(id, UserCredential), + Rx.helpers.noop + ).subscribe( + Rx.helpers.noop, + function(err) { + debug('error deleting user %s stuff', id, err); + next(err); + }, + function() { + debug('user stuff deleted for user %s', id); + next(); + } + ); + }); +}; diff --git a/server/utils/constants.js b/server/utils/constants.js new file mode 100644 index 0000000000..49055b3477 --- /dev/null +++ b/server/utils/constants.js @@ -0,0 +1,39 @@ +exports.blacklistedUsernames = [ + 'bonfire', + 'account', + 'user', + 'challenge', + 'challenges', + 'completed-challenge', + 'completed-zipline-or-basejump', + 'completed-bonfire', + 'map', + 'learn-to-code', + 'about', + 'api', + 'explorer', + 'field-guide', + 'completed-field-guide', + 'jobs', + 'nonprofits', + 'api', + 'sitemap.xml', + 'get-help', + 'chat', + 'twitch', + 'get-pai', + 'get-help', + 'nonprofits', + 'nonproifts-form', + 'jobs-form', + 'unsubscribe', + 'unsubscribed', + 'cats.json', + 'agile', + 'privacy', + 'stories', + 'signin', + 'signout', + 'forgot', + 'reset' +];