/** * Module dependencies */ var mongoose = require('mongoose') , User = mongoose.model('User') , Project = mongoose.model('Project') , Access = mongoose.model('Access') , env = process.env.NODE_ENV || 'development' , config = require('../../config/config')[env] , Validator = require('validator').Validator , v = new Validator() , sanitize = require('validator').sanitize; // validation error handling. This collects all errors before pushing them out in getErrors() Validator.prototype.error = function(msg) { this._errors.push(msg); return this; } Validator.prototype.getErrors = function() { var returnThis = this._errors; this._errors = ''; // need to reset errors between sessions because of object model return returnThis; } /** * Logout */ exports.logout = function(req, res) { req.logout(); res.redirect('/'); } /** * Signin * This is triggered when the user post to /login */ exports.signin = function(req, res) { res.redirect('/dashboard'); } exports.randomLogin = function(req, res) { Access.findOne({ randomToken: req.params.hash }).populate('project', 'shortURL').exec(function(err, access) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); return res.redirect('/project/' + access.project.shortURL); }); } /** * Signup */ exports.signup = function(req, res) { res.render('users/signup', { title: 'Registrer deg', invite: false }); } /** * Create users */ exports.create = function(req, res) { var user = new User(req.body); user.provider = 'local'; user.save(function(err) { if (err) return res.render('users/signup', { errors: err.errors, user: user }); req.logIn(user, function(err) { if (err) return next(err); return res.redirect('/dashboard'); }); }); } /** * AuthCallback * This is what happends when a user has signed in using facebook/twitter */ exports.authCallback = function(req, res, next) { // if the user hasn't registered an email, we need to do so if (!req.user.email || req.user.email === undefined) return res.redirect('/registerEmail'); res.redirect('/dashboard'); } /** * registerEmail * Will register the users email if they don't have already */ exports.registerEmail = function(req, res) { // in case some user who has alreadu registered an email gets on this page if (req.user.email !== undefined) return res.redirect('/dashboard'); res.render('users/registerEmail', { title: 'Registrer din e-post' }); } /** * postRegisterEmail */ exports.postRegisterEmail = function(req, res) { v.check(req.body.email, 'You need to supply a proper email').isEmail(); var errors = v.getErrors(); if (errors.length !== 0) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil
' + errors, error: errors }); // first we need to check if the email is already in use User.findOne({ email: req.body.email }, function(err, user) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); // if mail is in use.. if (user) return res.render('users/registerEmail', { title: 'Den e-posten er allerede i bruk. Vennligs registrer en annen.' }); User.update({ _id: req.user._id }, { email: req.body.email, status: 3 }, function(err) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); return res.redirect('/dashboard'); }); }); } /** * postProjectParticipants * This callback is in this file because it treats users. */ exports.postProjectParticipants = function(req, res) { Project.loadShort(req.params.short, function(err, project) { if (err || !project) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); Access.checkAccess(req.user._id, project._id, 3, function(err, access) { if (err || !access) return res.status(403).render('error', { title: '403', text: 'No sir! NO ACCESS FOR YOU', error: err }); // validate var emails = sanitize(req.body.emails).xss(); v.check(emails, 'You need to enter some emails to invite someone').notEmpty(); //var emails = sanitize(req.body.emails).xss(); emails = emails.split('\r\n'); emails.forEach(function(m) { // m = each mailaddress if (m) { v.check(m, m + ' is not a valid email').isEmail(); } }); // error when validation fails var errors = v.getErrors(); if (errors.length !== 0) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil
' + errors, error: errors }); // EMAIL // Require dependencies. We require them here so that they're not fetched until they're actually needed. var email = require('emailjs') , server = email.server.connect(config.email) , message = { subject: 'You were invited to use Divid', text: 'VIL DU BRUK DIVID?', from: 'Divid ', } emails.forEach(function(mailAddress) { // loops through all the emails and sets up each user User.loadUser(mailAddress, function(err, user) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); if (!user) { //if the user doesn't exist, create one console.log('fant ingen brukere med den eposten. må invitere og stasj'); var newUser = new User(); newUser.email = mailAddress; newUser.username = mailAddress; newUser.name = mailAddress + ' (ikke registrert)'; newUser.status = 1; newUser.password = newUser.generateRandomToken(32); newUser.randomToken = newUser.generateRandomToken(10, true); newUser.save(function(err) { if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); console.log('made new user ' + newUser._id); var access = new Access(); access.user = newUser._id; access.creator = req.user._id; access.project = project._id; access.randomToken = access.generateRandomToken(15); access.save(function(err) { if (err) { console.log(err.errors); return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); } console.log('made new access for user ' + newUser._id); message.to = newUser.email; message.text = 'Hei! Du har blitt invitert til å delta i et Divid-prosjekt! https://divid.no/invite/' + newUser.randomToken + '\n Du kan også gå direkte til prosjektet her: https://divid.no/login/' + access.randomToken; server.send(message, function(err, message) { console.log(err || message);}); }); }); } else { // if the user exists, add him to the project Access.checkAccess(user._id, project._id, 0, function(err, acc) { if (err) return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); if (acc) { // if the user already has access to the project.. do nothing console.log('user ' + user.email + ' already has access to project ' + project.name); } else { console.log('fant en bruker. må lage ny access til han og si i fra.'); var access = new Access(); access.user = user._id; access.creator = req.user._id; access.project = project._id; message.text = 'Du ble lagt til projektet "' + project.name + '"'; if (Number(user.status) < 3) { access.randomToken = access.generateRandomToken(15); message.text += '.\nDu kan få direkte tilgang til dette prosjektet her: https://divid.no/login/' + access.randomToken + ' \nDu kan bruke denne linken for å registrere deg, for å få tilgang til flere funksjoner: https://divid.no/invite/' + user.randomToken; } access.save(function(err) { if (err) { console.log(err.errors); return res.render('project/participants', { title: 'Nytt prosjekt - en feil oppstod', loggedin: true }); } console.log('made new access for user ' + user.username); message.to = user.email; server.send(message, function(err, message) { console.log(err || message);}); }); } }); } }); }); res.redirect('back'); }); }); } /** * claimInvite * So users can use their inviteEmail */ exports.claimInvite = function(req, res) { // first we need to check if the invite is valid! User.findOne({ randomToken: sanitize(req.params.randomToken).escape(), status: 1 }, function(err, user) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); if (!user) return res.render('error', { title: 'This invite does not exist', text: 'Invitasjonen din er ugyldig' }); res.render('users/signup', { invite: true, title: 'Registrer deg!', email: user.email } ); }); } exports.postClaimInvite = function(req, res) { User.findOne({ randomToken: sanitize(req.params.randomToken).escape(), status: 1 }, function(err, user) { if (err) return res.status(500).render('error', { title: '500', text: 'En serverfeil oppstod', error: err.stack }); if (!user) return res.render('error', { title: 'This invite does not exist', text: 'Invitasjonen din er ugyldig' }); v.check(req.body.password).notEmpty(); v.check(req.body.name).notEmpty(); v.check(req.body.username).notEmpty(); errors = v.getErrors(); if (errors.length !== 0) return res.status(500).render('error', { title: '500', text: 'Det oppstod en valideringsfeil
' + errors, error: errors }); user.name = sanitize(req.body.name).escape(); user.username = sanitize(req.body.username).escape(); user.password = req.body.password; user.provider = 'local'; user.status = 3; user.randomToken = ''; user.save(function(err) { if (err) return res.render('signup', { errors: err.errors, user: user }); req.logIn(user, function(err) { if (err) return next(err); return res.redirect('/dashboard'); }); }); }); }