Password changing now works!

2022-04-21 20:48:02 +02:00 · 2022-04-21 20:48:02 +02:00 · 26636d5f2f
parent c0adc5e96b
commit 26636d5f2f
6 changed files with 71 additions and 55 deletions
--- a/index.js
+++ b/index.js
@ -30,10 +30,10 @@ APP.use('/', ROUTES)
 njk.configure(
    'views',
    {
-        autoescape: true,
+        autoescape:   true,
        lstripBlocks: true,
-        trimBlocks: true,
-        express: APP,
+        trimBlocks:   true,
+        express:      APP,
    }
 )

--- a/package.json
+++ b/package.json
@ -12,10 +12,10 @@
  "dependencies": {
    "bcrypt": "^5.0.1",
    "cookie-parser": "^1.4.6",
-    "dotenv": "^12.0.3",
-    "express": "^4.17.2",
+    "dotenv": "^12.0.4",
+    "express": "^4.17.3",
    "jsonwebtoken": "^8.5.1",
    "nunjucks": "^3.2.3",
-    "pg": "^8.7.1"
+    "pg": "^8.7.3"
  }
 }
--- a/routes/auth.js
+++ b/routes/auth.js
@ -48,7 +48,7 @@ AUTH.post('/register', async (req, res) => {
    if ((await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rowCount)
        return(res.send("User already exists"))

-    bcrypt.hash(password, 10).then(
+    bcrypt.hash(password, 12).then(
        hash => {
            const hexHash = hash2hex(hash)
            glauth.query(
@ -106,12 +106,49 @@ AUTH.post('/login', async (req, res) => {
    )
 })

+AUTH.post('/changePass', async (req, res) => {
+    const { newPass, oldPass } = req.body
+
+    // Was input sent?
+    if (!newPass|| !oldPass )
+        return(res.send(`Not entered:${newPass ? '' : ' new password,'}${oldPass ? '' : ' old password'}`))
+
+    const token = jwt.verify(req.signedCookies["api-token"], SECRET)
+
+    if (!token)
+        return res.send("Token error! Please sign in ag    ain anusername = token.named retry...")
+
+    const username = token.name
+
+    const user = (await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rows[0]
+
+    if (!user)
+        return(res.send("User doesn't exist!"))
+
+    bcrypt.compare(oldPass, user.qam_pass).then(
+        async match => {
+            if (!match)
+                return res.send("Password's is incorrect!")
+            
+            const newPassHash = await bcrypt.hash(newPass, 12)
+            const newPassHexHash = hash2hex(newPassHash)
+
+            glauth.query("UPDATE users SET qam_pass = $1::text, passbcrypt = $2::text WHERE name = $3::text", [ newPassHash, newPassHexHash, username ])
+                .then(
+                    () => res.send("Successfully changed password!")
+                ).catch(
+                    () => res.send("Database error while changing password!")
+                )
+        }
+    )
+})
+
 AUTH.get('/captcha', async (req, res) => {
    const captcha = crypto.randomBytes(3).toString('hex')
    await execawait(`./captcha.sh ${captcha} > captcha.png`)

    // Make it valid for 10 minutes
-    valid[captcha] = new Date()
+    valid[captcha] = new Date(Date.now() + 10 * 60 * 1000)

    // Send the captcha image
    res.contentType('image/png')
--- a/static/index.html
+++ b/static/index.html
@ -1,45 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-<head>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-
-    <link rel="apple-touch-icon" sizes="180x180" href="https://qwik.space/assets/favicons/apple-touch-icon.png">
-    <link rel="icon" type="image/png" sizes="32x32" href="https://qwik.space/assets/favicons/favicon-32x32.png">
-    <link rel="icon" type="image/png" sizes="16x16" href="https://qwik.space/assets/favicons/favicon-16x16.png">
-    <link rel="manifest" href="https://qwik.space/assets/favicons/site.webmanifest">
-    <link rel="mask-icon" href="https://qwik.space/assets/favicons/safari-pinned-tab.svg" color="#3ddf89">
-    <link rel="shortcut icon" href="https://qwik.space/assets/favicons/favicon.ico">
-    <meta name="msapplication-TileColor" content="#181833">
-    <meta name="msapplication-config" content="https://qwik.space/assets/favicons/browserconfig.xml">
-    <meta name="theme-color" content="#3ddf89">
-
-    <link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/scaling.css">
-    <link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/colors.css">
-    <link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/fonts.css">
-    <link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/theme.css">
-    <link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/landing.css">
-    <title>qwik</title>
-</head>
-<body>
-    <img class="logo" src="https://qwik.space/assets/images/logo.svg" alt="">
-    <ul>
-        <li>2-20 character in length</li>
-        <li>only a-zA-Z0-9 characters only</li>
-    </ul>
-    <form method="POST" action="/auth/register">
-        <label for="username">Username:</label><br>
-        <input type="text" id="username" name="username"><br>
-        <label for="password">Password:</label><br>
-        <input type="password" id="password" name="password">
-        <br>
-        <img src="/auth/captcha"> 
-        <label for="captcha">Captcha:</label><br>
-        <input type="text" id="captcha" name="captcha">
-        <br>
-        <input type="submit" value="Register!" />
-    </form>
-</body>
-</html>
-
-
--- a/views/pages/manager.njk
+++ b/views/pages/manager.njk
@ -9,7 +9,27 @@
    <header>Welcome {{ user.name }}! :D</header>
    <h1>This is your account manager!</h1>
    <p>
-        Currently no features are implemented, but we want to implement at least password changing.
-        It would also be nice to have proper account deletion. (For now, if you want to delete your account contact an admin!)
+        Here you can manage your account...
+    </p>
+
+    <h2>Change password:</h2>
+    <form action="/auth/changePass" method="post">
+        <label for="oldPass">Current password:</label>
+        <input type="password" name="oldPass">
+
+        <label for="newPass">New password:</label>
+        <input type="password" name="newPass">
+        
+        <input type="submit" value="Change password!">
+    </form>
+
+    <h2>I want to change my username</h2>
+    <p>
+        That is sadly not doable through this manager. Try messaging BurnyLlama (XMPP: burnyllama@qwik.space) and see if there are any options. (You can also just create a new account...)
+    </p>
+
+    <h2>I want to delete my account!</h2>
+    <p>
+        Contact mew, BurnyLlama (XMPP: burnyllama@qwik.space), and I will help you delete your account.
    </p>
 {% endblock %}
--- a/views/pages/register.njk
+++ b/views/pages/register.njk
@ -20,6 +20,10 @@
        <input type="text" id="captcha" name="captcha" placeholder="xxxxxx">
        <p class="hint">Enter the text you see in the image.</p>

+        <p>
+            By registering you agree to qwik's <a href="https://qwik.space/articles/privacy_policy">Privacy Policy</a> and <a href="https://qwik.space/articles/terms_of_service">Terms of Service</a>.
+        </p>
+
        <input type="submit" value="Register!">
    </form>
 {% endblock %}