Password changing now works!
This commit is contained in:
parent
c0adc5e96b
commit
26636d5f2f
|
|
@ -12,10 +12,10 @@
|
||||||
"dependencies": {
|
"dependencies": {
|
||||||
"bcrypt": "^5.0.1",
|
"bcrypt": "^5.0.1",
|
||||||
"cookie-parser": "^1.4.6",
|
"cookie-parser": "^1.4.6",
|
||||||
"dotenv": "^12.0.3",
|
"dotenv": "^12.0.4",
|
||||||
"express": "^4.17.2",
|
"express": "^4.17.3",
|
||||||
"jsonwebtoken": "^8.5.1",
|
"jsonwebtoken": "^8.5.1",
|
||||||
"nunjucks": "^3.2.3",
|
"nunjucks": "^3.2.3",
|
||||||
"pg": "^8.7.1"
|
"pg": "^8.7.3"
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,7 @@ AUTH.post('/register', async (req, res) => {
|
||||||
if ((await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rowCount)
|
if ((await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rowCount)
|
||||||
return(res.send("User already exists"))
|
return(res.send("User already exists"))
|
||||||
|
|
||||||
bcrypt.hash(password, 10).then(
|
bcrypt.hash(password, 12).then(
|
||||||
hash => {
|
hash => {
|
||||||
const hexHash = hash2hex(hash)
|
const hexHash = hash2hex(hash)
|
||||||
glauth.query(
|
glauth.query(
|
||||||
|
|
@ -106,12 +106,49 @@ AUTH.post('/login', async (req, res) => {
|
||||||
)
|
)
|
||||||
})
|
})
|
||||||
|
|
||||||
|
AUTH.post('/changePass', async (req, res) => {
|
||||||
|
const { newPass, oldPass } = req.body
|
||||||
|
|
||||||
|
// Was input sent?
|
||||||
|
if (!newPass|| !oldPass )
|
||||||
|
return(res.send(`Not entered:${newPass ? '' : ' new password,'}${oldPass ? '' : ' old password'}`))
|
||||||
|
|
||||||
|
const token = jwt.verify(req.signedCookies["api-token"], SECRET)
|
||||||
|
|
||||||
|
if (!token)
|
||||||
|
return res.send("Token error! Please sign in ag ain anusername = token.named retry...")
|
||||||
|
|
||||||
|
const username = token.name
|
||||||
|
|
||||||
|
const user = (await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rows[0]
|
||||||
|
|
||||||
|
if (!user)
|
||||||
|
return(res.send("User doesn't exist!"))
|
||||||
|
|
||||||
|
bcrypt.compare(oldPass, user.qam_pass).then(
|
||||||
|
async match => {
|
||||||
|
if (!match)
|
||||||
|
return res.send("Password's is incorrect!")
|
||||||
|
|
||||||
|
const newPassHash = await bcrypt.hash(newPass, 12)
|
||||||
|
const newPassHexHash = hash2hex(newPassHash)
|
||||||
|
|
||||||
|
glauth.query("UPDATE users SET qam_pass = $1::text, passbcrypt = $2::text WHERE name = $3::text", [ newPassHash, newPassHexHash, username ])
|
||||||
|
.then(
|
||||||
|
() => res.send("Successfully changed password!")
|
||||||
|
).catch(
|
||||||
|
() => res.send("Database error while changing password!")
|
||||||
|
)
|
||||||
|
}
|
||||||
|
)
|
||||||
|
})
|
||||||
|
|
||||||
AUTH.get('/captcha', async (req, res) => {
|
AUTH.get('/captcha', async (req, res) => {
|
||||||
const captcha = crypto.randomBytes(3).toString('hex')
|
const captcha = crypto.randomBytes(3).toString('hex')
|
||||||
await execawait(`./captcha.sh ${captcha} > captcha.png`)
|
await execawait(`./captcha.sh ${captcha} > captcha.png`)
|
||||||
|
|
||||||
// Make it valid for 10 minutes
|
// Make it valid for 10 minutes
|
||||||
valid[captcha] = new Date()
|
valid[captcha] = new Date(Date.now() + 10 * 60 * 1000)
|
||||||
|
|
||||||
// Send the captcha image
|
// Send the captcha image
|
||||||
res.contentType('image/png')
|
res.contentType('image/png')
|
||||||
|
|
|
||||||
|
|
@ -1,45 +0,0 @@
|
||||||
<!DOCTYPE html>
|
|
||||||
<html lang="en">
|
|
||||||
<head>
|
|
||||||
<meta charset="UTF-8">
|
|
||||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
|
||||||
|
|
||||||
<link rel="apple-touch-icon" sizes="180x180" href="https://qwik.space/assets/favicons/apple-touch-icon.png">
|
|
||||||
<link rel="icon" type="image/png" sizes="32x32" href="https://qwik.space/assets/favicons/favicon-32x32.png">
|
|
||||||
<link rel="icon" type="image/png" sizes="16x16" href="https://qwik.space/assets/favicons/favicon-16x16.png">
|
|
||||||
<link rel="manifest" href="https://qwik.space/assets/favicons/site.webmanifest">
|
|
||||||
<link rel="mask-icon" href="https://qwik.space/assets/favicons/safari-pinned-tab.svg" color="#3ddf89">
|
|
||||||
<link rel="shortcut icon" href="https://qwik.space/assets/favicons/favicon.ico">
|
|
||||||
<meta name="msapplication-TileColor" content="#181833">
|
|
||||||
<meta name="msapplication-config" content="https://qwik.space/assets/favicons/browserconfig.xml">
|
|
||||||
<meta name="theme-color" content="#3ddf89">
|
|
||||||
|
|
||||||
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/scaling.css">
|
|
||||||
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/colors.css">
|
|
||||||
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/fonts.css">
|
|
||||||
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/theme.css">
|
|
||||||
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/landing.css">
|
|
||||||
<title>qwik</title>
|
|
||||||
</head>
|
|
||||||
<body>
|
|
||||||
<img class="logo" src="https://qwik.space/assets/images/logo.svg" alt="">
|
|
||||||
<ul>
|
|
||||||
<li>2-20 character in length</li>
|
|
||||||
<li>only a-zA-Z0-9 characters only</li>
|
|
||||||
</ul>
|
|
||||||
<form method="POST" action="/auth/register">
|
|
||||||
<label for="username">Username:</label><br>
|
|
||||||
<input type="text" id="username" name="username"><br>
|
|
||||||
<label for="password">Password:</label><br>
|
|
||||||
<input type="password" id="password" name="password">
|
|
||||||
<br>
|
|
||||||
<img src="/auth/captcha">
|
|
||||||
<label for="captcha">Captcha:</label><br>
|
|
||||||
<input type="text" id="captcha" name="captcha">
|
|
||||||
<br>
|
|
||||||
<input type="submit" value="Register!" />
|
|
||||||
</form>
|
|
||||||
</body>
|
|
||||||
</html>
|
|
||||||
|
|
||||||
|
|
||||||
|
|
@ -9,7 +9,27 @@
|
||||||
<header>Welcome {{ user.name }}! :D</header>
|
<header>Welcome {{ user.name }}! :D</header>
|
||||||
<h1>This is your account manager!</h1>
|
<h1>This is your account manager!</h1>
|
||||||
<p>
|
<p>
|
||||||
Currently no features are implemented, but we want to implement at least password changing.
|
Here you can manage your account...
|
||||||
It would also be nice to have proper account deletion. (For now, if you want to delete your account contact an admin!)
|
</p>
|
||||||
|
|
||||||
|
<h2>Change password:</h2>
|
||||||
|
<form action="/auth/changePass" method="post">
|
||||||
|
<label for="oldPass">Current password:</label>
|
||||||
|
<input type="password" name="oldPass">
|
||||||
|
|
||||||
|
<label for="newPass">New password:</label>
|
||||||
|
<input type="password" name="newPass">
|
||||||
|
|
||||||
|
<input type="submit" value="Change password!">
|
||||||
|
</form>
|
||||||
|
|
||||||
|
<h2>I want to change my username</h2>
|
||||||
|
<p>
|
||||||
|
That is sadly not doable through this manager. Try messaging BurnyLlama (XMPP: burnyllama@qwik.space) and see if there are any options. (You can also just create a new account...)
|
||||||
|
</p>
|
||||||
|
|
||||||
|
<h2>I want to delete my account!</h2>
|
||||||
|
<p>
|
||||||
|
Contact mew, BurnyLlama (XMPP: burnyllama@qwik.space), and I will help you delete your account.
|
||||||
</p>
|
</p>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
@ -20,6 +20,10 @@
|
||||||
<input type="text" id="captcha" name="captcha" placeholder="xxxxxx">
|
<input type="text" id="captcha" name="captcha" placeholder="xxxxxx">
|
||||||
<p class="hint">Enter the text you see in the image.</p>
|
<p class="hint">Enter the text you see in the image.</p>
|
||||||
|
|
||||||
|
<p>
|
||||||
|
By registering you agree to qwik's <a href="https://qwik.space/articles/privacy_policy">Privacy Policy</a> and <a href="https://qwik.space/articles/terms_of_service">Terms of Service</a>.
|
||||||
|
</p>
|
||||||
|
|
||||||
<input type="submit" value="Register!">
|
<input type="submit" value="Register!">
|
||||||
</form>
|
</form>
|
||||||
{% endblock %}
|
{% endblock %}
|
||||||
Loading…
Reference in New Issue
Block a user