diff options
Diffstat (limited to 'app/controllers/users.js')
| -rw-r--r-- | app/controllers/users.js | 96 |
1 files changed, 61 insertions, 35 deletions
diff --git a/app/controllers/users.js b/app/controllers/users.js index 237d359..d2569fa 100644 --- a/app/controllers/users.js +++ b/app/controllers/users.js @@ -26,8 +26,9 @@ Validator.prototype.getErrors = function() { /** - * Logout + * GET '/logout' */ + exports.logout = function(req, res) { req.logout(); res.redirect('/'); @@ -35,13 +36,20 @@ exports.logout = function(req, res) { /** - * Signin + * GET '/signin' * This is triggered when the user post to /login */ + exports.signin = function(req, res) { res.redirect('/dashboard'); } + +/** + * GET '/login/:hash' + * This is triggered when a user tries to log in using a unique link he got in the mail + */ + exports.randomLogin = function(req, res) { Access.findOne({ randomToken: req.params.hash }).populate('project', 'shortURL').exec(function(err, access) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); @@ -52,15 +60,22 @@ exports.randomLogin = function(req, res) { /** - * Signup + * GET '/signup' */ + exports.signup = function(req, res) { - res.render('users/signup', { title: 'Registrer deg', invite: false }); + res.render('users/signup', { + title: 'Registrer deg' + , invite: false + }); } + /** - * Create users + * POST '/signup' + * This is when a user has posted his registration form */ + exports.create = function(req, res) { var user = new User(req.body); user.provider = 'local'; @@ -75,7 +90,7 @@ exports.create = function(req, res) { /** - * AuthCallback + * GET '/auth/facebook/callback' OR '/auth/twitter/callback' * This is what happends when a user has signed in using facebook/twitter */ @@ -88,7 +103,7 @@ exports.authCallback = function(req, res, next) { /** - * registerEmail + * GET '/registerEmail' * Will register the users email if they don't have already */ @@ -100,7 +115,7 @@ exports.registerEmail = function(req, res) { /** - * postRegisterEmail + * POST '/registerEmail' */ exports.postRegisterEmail = function(req, res) { @@ -118,6 +133,7 @@ exports.postRegisterEmail = function(req, res) { User.update({ _id: req.user._id }, { email: req.body.email, status: 3 }, function(err) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + return res.redirect('/dashboard'); }); }); @@ -125,25 +141,25 @@ exports.postRegisterEmail = function(req, res) { /** - * postProjectParticipants + * POST '/project/:short/participants' * This callback is in this file because it treats users. */ + exports.postProjectParticipants = function(req, res) { Project.loadShort(req.params.short, function(err, project) { if (err || !project) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); + // check if users has access Access.checkAccess(req.user._id, project._id, 3, function(err, access) { if (err || !access) return res.status(403).render('error', { title: '403', text: 'No sir! NO ACCESS FOR YOU', error: err || 'no access' }); // validate var emails = sanitize(req.body.emails).xss(); v.check(emails, 'You need to enter some emails to invite someone').notEmpty(); - //var emails = sanitize(req.body.emails).xss(); + emails = emails.split('\r\n'); emails.forEach(function(m) { // m = each mailaddress - if (m) { - v.check(m, m + ' is not a valid email').isEmail(); - } + if (m) v.check(m, m + ' is not a valid email').isEmail(); }); // error when validation fails @@ -156,34 +172,39 @@ exports.postProjectParticipants = function(req, res) { , server = email.server.connect(config.email) , message = { subject: 'You were invited to use Divid', - text: 'VIL DU BRUK DIVID?', + text: 'Ønsker du å bruke Divid?', // this text will be substituted later on from: 'Divid <divid@divid.no>', } + emails.forEach(function(mailAddress) { // loops through all the emails and sets up each user User.loadUser(mailAddress, function(err, user) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); - if (!user) { //if the user doesn't exist, create one + + //if the user doesn't exist, create one + if (!user) { console.log('fant ingen brukere med den eposten. må invitere og stasj'); + var newUser = new User(); newUser.email = mailAddress; newUser.username = mailAddress; - newUser.name = mailAddress + ' <span class="muted">(ikke registrert)</span>'; + newUser.name = mailAddress + ' <span class="muted">(ikke registrert)</span>'; // this is what we call the user when he's not registered newUser.status = 1; newUser.password = newUser.generateRandomToken(32); newUser.randomToken = newUser.generateRandomToken(10, true); + newUser.save(function(err) { if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); console.log('made new user ' + newUser._id); + var access = new Access(); access.user = newUser._id; access.creator = req.user._id; access.project = project._id; access.randomToken = access.generateRandomToken(15); + access.save(function(err) { - if (err) { - console.log(err.errors); - return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); - } + if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); + console.log('made new access for user ' + newUser._id); message.to = newUser.email; message.text = 'Hei! Du har blitt invitert til å delta i et Divid-prosjekt! https://divid.no/invite/' + newUser.randomToken + '\n Du kan også gå direkte til prosjektet her: https://divid.no/login/' + access.randomToken; @@ -191,27 +212,29 @@ exports.postProjectParticipants = function(req, res) { }); }); - } else { // if the user exists, add him to the project + // if the user exists, add him to the project + } else { Access.checkAccess(user._id, project._id, 0, function(err, acc) { if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); - if (acc) { // if the user already has access to the project.. do nothing + + // if the user already has access to the project.. do nothing + if (acc) { console.log('user ' + user.email + ' already has access to project ' + project.name); } else { - console.log('fant en bruker. må lage ny access til han og si i fra.'); var access = new Access(); access.user = user._id; access.creator = req.user._id; access.project = project._id; message.text = 'Du ble lagt til projektet "' + project.name + '"'; + if (Number(user.status) < 3) { access.randomToken = access.generateRandomToken(15); message.text += '.\nDu kan få direkte tilgang til dette prosjektet her: https://divid.no/login/' + access.randomToken + ' \nDu kan bruke denne linken for å registrere deg, for å få tilgang til flere funksjoner: https://divid.no/invite/' + user.randomToken; } + access.save(function(err) { - if (err) { - console.log(err.errors); - return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); - } + if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); + console.log('made new access for user ' + user.username); message.to = user.email; server.send(message, function(err, message) { console.log(err || message);}); @@ -220,7 +243,7 @@ exports.postProjectParticipants = function(req, res) { }); } }); - }); + }); res.redirect('back'); }); @@ -229,7 +252,7 @@ exports.postProjectParticipants = function(req, res) { /** - * claimInvite + * GET '/invite/:randomToken' * So users can use their inviteEmail */ @@ -241,16 +264,18 @@ exports.claimInvite = function(req, res) { if (!user) return res.render('error', { title: 'This invite does not exist', text: 'Invitasjonen din er ugyldig' }); res.render('users/signup', { - invite: true, - title: 'Registrer deg!', - email: user.email } - ); + invite: true + , title: 'Registrer deg!' + , email: user.email + }); }); - - } +/** + * POST '/invite/:randomToken' + */ + exports.postClaimInvite = function(req, res) { User.findOne({ randomToken: sanitize(req.params.randomToken).escape(), status: 1 }, function(err, user) { @@ -270,6 +295,7 @@ exports.postClaimInvite = function(req, res) { user.provider = 'local'; user.status = 3; user.randomToken = ''; + user.save(function(err) { if (err) return res.render('signup', { errors: err.errors, user: user }); req.logIn(user, function(err) { |