aboutsummaryrefslogtreecommitdiffstatshomepage
path: root/app/controllers/users.js
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/users.js')
-rw-r--r--app/controllers/users.js282
1 files changed, 282 insertions, 0 deletions
diff --git a/app/controllers/users.js b/app/controllers/users.js
new file mode 100644
index 0000000..725fa3e
--- /dev/null
+++ b/app/controllers/users.js
@@ -0,0 +1,282 @@
+
+/**
+ * Module dependencies
+ */
+
+var mongoose = require('mongoose')
+ , User = mongoose.model('User')
+ , Project = mongoose.model('Project')
+ , Access = mongoose.model('Access')
+ , env = process.env.NODE_ENV || 'development'
+ , config = require('../../config/config')[env]
+ , Validator = require('validator').Validator
+ , v = new Validator()
+ , sanitize = require('validator').sanitize;
+
+// validation error handling. This collects all errors before pushing them out in getErrors()
+Validator.prototype.error = function(msg) {
+ this._errors.push(msg);
+ return this;
+}
+Validator.prototype.getErrors = function() {
+ var returnThis = this._errors;
+ this._errors = ''; // need to reset errors between sessions because of object model
+ return returnThis;
+}
+
+
+/**
+ * Logout
+ */
+exports.logout = function(req, res) {
+ req.logout();
+ res.redirect('/');
+}
+
+
+/**
+ * Signin
+ * This is triggered when the user post to /login
+ */
+exports.signin = function(req, res) {
+ res.redirect('/dashboard');
+}
+
+exports.randomLogin = function(req, res) {
+ Access.findOne({ randomToken: req.params.hash }).populate('project', 'shortURL').exec(function(err, access) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ return res.redirect('/project/' + access.project.shortURL);
+
+ });
+}
+
+
+/**
+ * Signup
+ */
+exports.signup = function(req, res) {
+ res.render('users/signup', { title: 'Registrer deg', invite: false });
+}
+
+/**
+ * Create users
+ */
+exports.create = function(req, res) {
+ var user = new User(req.body);
+ user.provider = 'local';
+ user.save(function(err) {
+ if (err) return res.render('users/signup', { errors: err.errors, user: user });
+ req.logIn(user, function(err) {
+ if (err) return next(err);
+ return res.redirect('/dashboard');
+ });
+ });
+}
+
+
+/**
+ * AuthCallback
+ * This is what happends when a user has signed in using facebook/twitter
+ */
+
+exports.authCallback = function(req, res, next) {
+ // if the user hasn't registered an email, we need to do so
+ if (!req.user.email || req.user.email === undefined) return res.redirect('/registerEmail');
+
+ res.redirect('/dashboard');
+}
+
+
+/**
+ * registerEmail
+ * Will register the users email if they don't have already
+ */
+
+exports.registerEmail = function(req, res) {
+ // in case some user who has alreadu registered an email gets on this page
+ if (req.user.email !== undefined) return res.redirect('/dashboard');
+ res.render('users/registerEmail', { title: 'Registrer din e-post' });
+}
+
+
+/**
+ * postRegisterEmail
+ */
+
+exports.postRegisterEmail = function(req, res) {
+
+ v.check(req.body.email, 'You need to supply a proper email').isEmail();
+ var errors = v.getErrors();
+ if (errors.length !== 0) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil<br>' + errors, error: errors });
+
+ // first we need to check if the email is already in use
+ User.findOne({ email: req.body.email }, function(err, user) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+
+ // if mail is in use..
+ if (user) return res.render('users/registerEmail', { title: 'Den e-posten er allerede i bruk. Vennligs registrer en annen.' });
+
+ User.update({ _id: req.user._id }, { email: req.body.email, status: 3 }, function(err) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ return res.redirect('/dashboard');
+ });
+ });
+}
+
+
+/**
+ * postProjectParticipants
+ * This callback is in this file because it treats users.
+ */
+exports.postProjectParticipants = function(req, res) {
+ Project.loadShort(req.params.short, function(err, project) {
+ if (err || !project) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+
+ Access.checkAccess(req.user._id, project._id, 3, function(err, access) {
+ if (err || !access) return res.status(403).render('error', { title: '403', text: 'No sir! NO ACCESS FOR YOU', error: err });
+
+ // validate
+ var emails = sanitize(req.body.emails).xss();
+ v.check(emails, 'You need to enter some emails to invite someone').notEmpty();
+ //var emails = sanitize(req.body.emails).xss();
+ emails = emails.split('\r\n');
+ emails.forEach(function(m) { // m = each mailaddress
+ if (m) {
+ v.check(m, m + ' is not a valid email').isEmail();
+ }
+ });
+
+ // error when validation fails
+ var errors = v.getErrors();
+ if (errors.length !== 0) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil<br>' + errors, error: errors });
+
+ // EMAIL
+ // Require dependencies. We require them here so that they're not fetched until they're actually needed.
+ var email = require('emailjs')
+ , server = email.server.connect(config.email)
+ , message = {
+ subject: 'You were invited to use Divid',
+ text: 'VIL DU BRUK DIVID?',
+ from: 'Divid <divid@divid.no>',
+ }
+ emails.forEach(function(mailAddress) { // loops through all the emails and sets up each user
+ User.loadUser(mailAddress, function(err, user) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ if (!user) { //if the user doesn't exist, create one
+ console.log('fant ingen brukere med den eposten. må invitere og stasj');
+ var newUser = new User();
+ newUser.email = mailAddress;
+ newUser.username = mailAddress;
+ newUser.name = mailAddress + ' <span class="muted">(ikke registrert)</span>';
+ newUser.status = 1;
+ newUser.password = newUser.generateRandomToken(32);
+ newUser.randomToken = newUser.generateRandomToken(10, true);
+ newUser.save(function(err) {
+ if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
+ console.log('made new user ' + newUser._id);
+ var access = new Access();
+ access.user = newUser._id;
+ access.creator = req.user._id;
+ access.project = project._id;
+ access.randomToken = access.generateRandomToken(15);
+ access.save(function(err) {
+ if (err) {
+ console.log(err.errors);
+ return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
+ }
+ console.log('made new access for user ' + newUser._id);
+ message.to = newUser.email;
+ message.text = 'Hei! Du har blitt invitert til å delta i et Divid-prosjekt! https://divid.no/invite/' + newUser.randomToken + '\n Du kan også gå direkte til prosjektet her: https://divid.no/login/' + access.randomToken;
+ server.send(message, function(err, message) { console.log(err || message);});
+ });
+ });
+
+ } else { // if the user exists, add him to the project
+ Access.checkAccess(user._id, project._id, 0, function(err, acc) {
+ if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
+ if (acc) { // if the user already has access to the project.. do nothing
+ console.log('user ' + user.email + ' already has access to project ' + project.name);
+ } else {
+ console.log('fant en bruker. må lage ny access til han og si i fra.');
+ var access = new Access();
+ access.user = user._id;
+ access.creator = req.user._id;
+ access.project = project._id;
+ message.text = 'Du ble lagt til projektet "' + project.name + '"';
+ if (Number(user.status) < 3) {
+ access.randomToken = access.generateRandomToken(15);
+ message.text += '.\nDu kan få direkte tilgang til dette prosjektet her: https://divid.no/login/' + access.randomToken + ' \nDu kan bruke denne linken for å registrere deg, for å få tilgang til flere funksjoner: https://divid.no/invite/' + user.randomToken;
+ }
+ access.save(function(err) {
+ if (err) {
+ console.log(err.errors);
+ return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true });
+ }
+ console.log('made new access for user ' + user.username);
+ message.to = user.email;
+ server.send(message, function(err, message) { console.log(err || message);});
+ });
+ }
+ });
+ }
+ });
+ });
+
+ res.redirect('back');
+ });
+ });
+}
+
+
+/**
+ * claimInvite
+ * So users can use their inviteEmail
+ */
+
+exports.claimInvite = function(req, res) {
+
+ // first we need to check if the invite is valid!
+ User.findOne({ randomToken: sanitize(req.params.randomToken).escape(), status: 1 }, function(err, user) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ if (!user) return res.render('error', { title: 'This invite does not exist', text: 'Invitasjonen din er ugyldig' });
+
+ res.render('users/signup', {
+ invite: true,
+ title: 'Registrer deg!',
+ email: user.email }
+ );
+ });
+
+
+}
+
+
+exports.postClaimInvite = function(req, res) {
+
+ User.findOne({ randomToken: sanitize(req.params.randomToken).escape(), status: 1 }, function(err, user) {
+ if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack });
+ if (!user) return res.render('error', { title: 'This invite does not exist', text: 'Invitasjonen din er ugyldig' });
+
+ v.check(req.body.password).notEmpty();
+ v.check(req.body.name).notEmpty();
+ v.check(req.body.username).notEmpty();
+
+ errors = v.getErrors();
+ if (errors.length !== 0) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil<br>' + errors, error: errors });
+
+ user.name = sanitize(req.body.name).escape();
+ user.username = sanitize(req.body.username).escape();
+ user.password = req.body.password;
+ user.provider = 'local';
+ user.status = 3;
+ user.randomToken = '';
+ user.save(function(err) {
+ if (err) return res.render('signup', { errors: err.errors, user: user });
+ req.logIn(user, function(err) {
+ if (err) return next(err);
+ return res.redirect('/dashboard');
+ });
+ });
+ });
+}
+
generated by cgit, for Dennis Eriksen