Password changing now works!

This commit is contained in:
BurnyLlama 2022-04-21 20:48:02 +02:00
parent c0adc5e96b
commit 26636d5f2f
6 changed files with 71 additions and 55 deletions

View File

@ -30,10 +30,10 @@ APP.use('/', ROUTES)
njk.configure( njk.configure(
'views', 'views',
{ {
autoescape: true, autoescape: true,
lstripBlocks: true, lstripBlocks: true,
trimBlocks: true, trimBlocks: true,
express: APP, express: APP,
} }
) )

View File

@ -12,10 +12,10 @@
"dependencies": { "dependencies": {
"bcrypt": "^5.0.1", "bcrypt": "^5.0.1",
"cookie-parser": "^1.4.6", "cookie-parser": "^1.4.6",
"dotenv": "^12.0.3", "dotenv": "^12.0.4",
"express": "^4.17.2", "express": "^4.17.3",
"jsonwebtoken": "^8.5.1", "jsonwebtoken": "^8.5.1",
"nunjucks": "^3.2.3", "nunjucks": "^3.2.3",
"pg": "^8.7.1" "pg": "^8.7.3"
} }
} }

View File

@ -48,7 +48,7 @@ AUTH.post('/register', async (req, res) => {
if ((await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rowCount) if ((await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rowCount)
return(res.send("User already exists")) return(res.send("User already exists"))
bcrypt.hash(password, 10).then( bcrypt.hash(password, 12).then(
hash => { hash => {
const hexHash = hash2hex(hash) const hexHash = hash2hex(hash)
glauth.query( glauth.query(
@ -106,12 +106,49 @@ AUTH.post('/login', async (req, res) => {
) )
}) })
AUTH.post('/changePass', async (req, res) => {
const { newPass, oldPass } = req.body
// Was input sent?
if (!newPass|| !oldPass )
return(res.send(`Not entered:${newPass ? '' : ' new password,'}${oldPass ? '' : ' old password'}`))
const token = jwt.verify(req.signedCookies["api-token"], SECRET)
if (!token)
return res.send("Token error! Please sign in ag ain anusername = token.named retry...")
const username = token.name
const user = (await glauth.query("SELECT * FROM users WHERE name = $1::text", [ username ])).rows[0]
if (!user)
return(res.send("User doesn't exist!"))
bcrypt.compare(oldPass, user.qam_pass).then(
async match => {
if (!match)
return res.send("Password's is incorrect!")
const newPassHash = await bcrypt.hash(newPass, 12)
const newPassHexHash = hash2hex(newPassHash)
glauth.query("UPDATE users SET qam_pass = $1::text, passbcrypt = $2::text WHERE name = $3::text", [ newPassHash, newPassHexHash, username ])
.then(
() => res.send("Successfully changed password!")
).catch(
() => res.send("Database error while changing password!")
)
}
)
})
AUTH.get('/captcha', async (req, res) => { AUTH.get('/captcha', async (req, res) => {
const captcha = crypto.randomBytes(3).toString('hex') const captcha = crypto.randomBytes(3).toString('hex')
await execawait(`./captcha.sh ${captcha} > captcha.png`) await execawait(`./captcha.sh ${captcha} > captcha.png`)
// Make it valid for 10 minutes // Make it valid for 10 minutes
valid[captcha] = new Date() valid[captcha] = new Date(Date.now() + 10 * 60 * 1000)
// Send the captcha image // Send the captcha image
res.contentType('image/png') res.contentType('image/png')

View File

@ -1,45 +0,0 @@
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<link rel="apple-touch-icon" sizes="180x180" href="https://qwik.space/assets/favicons/apple-touch-icon.png">
<link rel="icon" type="image/png" sizes="32x32" href="https://qwik.space/assets/favicons/favicon-32x32.png">
<link rel="icon" type="image/png" sizes="16x16" href="https://qwik.space/assets/favicons/favicon-16x16.png">
<link rel="manifest" href="https://qwik.space/assets/favicons/site.webmanifest">
<link rel="mask-icon" href="https://qwik.space/assets/favicons/safari-pinned-tab.svg" color="#3ddf89">
<link rel="shortcut icon" href="https://qwik.space/assets/favicons/favicon.ico">
<meta name="msapplication-TileColor" content="#181833">
<meta name="msapplication-config" content="https://qwik.space/assets/favicons/browserconfig.xml">
<meta name="theme-color" content="#3ddf89">
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/scaling.css">
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/colors.css">
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/fonts.css">
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/theme.css">
<link rel="stylesheet" type="text/css" href="https://qwik.space/assets/css/landing.css">
<title>qwik</title>
</head>
<body>
<img class="logo" src="https://qwik.space/assets/images/logo.svg" alt="">
<ul>
<li>2-20 character in length</li>
<li>only a-zA-Z0-9 characters only</li>
</ul>
<form method="POST" action="/auth/register">
<label for="username">Username:</label><br>
<input type="text" id="username" name="username"><br>
<label for="password">Password:</label><br>
<input type="password" id="password" name="password">
<br>
<img src="/auth/captcha">
<label for="captcha">Captcha:</label><br>
<input type="text" id="captcha" name="captcha">
<br>
<input type="submit" value="Register!" />
</form>
</body>
</html>

View File

@ -9,7 +9,27 @@
<header>Welcome {{ user.name }}! :D</header> <header>Welcome {{ user.name }}! :D</header>
<h1>This is your account manager!</h1> <h1>This is your account manager!</h1>
<p> <p>
Currently no features are implemented, but we want to implement at least password changing. Here you can manage your account...
It would also be nice to have proper account deletion. (For now, if you want to delete your account contact an admin!) </p>
<h2>Change password:</h2>
<form action="/auth/changePass" method="post">
<label for="oldPass">Current password:</label>
<input type="password" name="oldPass">
<label for="newPass">New password:</label>
<input type="password" name="newPass">
<input type="submit" value="Change password!">
</form>
<h2>I want to change my username</h2>
<p>
That is sadly not doable through this manager. Try messaging BurnyLlama (XMPP: burnyllama@qwik.space) and see if there are any options. (You can also just create a new account...)
</p>
<h2>I want to delete my account!</h2>
<p>
Contact mew, BurnyLlama (XMPP: burnyllama@qwik.space), and I will help you delete your account.
</p> </p>
{% endblock %} {% endblock %}

View File

@ -20,6 +20,10 @@
<input type="text" id="captcha" name="captcha" placeholder="xxxxxx"> <input type="text" id="captcha" name="captcha" placeholder="xxxxxx">
<p class="hint">Enter the text you see in the image.</p> <p class="hint">Enter the text you see in the image.</p>
<p>
By registering you agree to qwik's <a href="https://qwik.space/articles/privacy_policy">Privacy Policy</a> and <a href="https://qwik.space/articles/terms_of_service">Terms of Service</a>.
</p>
<input type="submit" value="Register!"> <input type="submit" value="Register!">
</form> </form>
{% endblock %} {% endblock %}