p5.js-web-editor/server/models/user.js

227 lines
6.6 KiB
JavaScript
Raw Normal View History

import mongoose from 'mongoose';
const bcrypt = require('bcrypt-nodejs');
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config
2017-06-26 18:48:28 +02:00
const EmailConfirmationStates = {
Verified: 'verified',
Sent: 'sent',
Resent: 'resent',
};
2018-05-05 02:59:43 +02:00
const { Schema } = mongoose;
const apiKeySchema = new Schema({
label: { type: String, default: 'API Key' },
lastUsedAt: { type: Date },
hashedKey: { type: String, required: true },
}, { timestamps: true, _id: true });
apiKeySchema.virtual('id').get(function getApiKeyId() {
return this._id.toHexString();
});
/**
* When serialising an APIKey instance, the `hashedKey` field
* should never be exposed to the client. So we only return
* a safe list of fields when toObject and toJSON are called.
*/
function apiKeyMetadata(doc, ret, options) {
return {
id: doc.id, label: doc.label, lastUsedAt: doc.lastUsedAt, createdAt: doc.createdAt
};
}
2019-05-14 12:26:25 +02:00
apiKeySchema.set('toObject', {
transform: apiKeyMetadata
});
apiKeySchema.set('toJSON', {
virtuals: true,
transform: apiKeyMetadata
});
const userSchema = new Schema({
2016-06-24 00:29:55 +02:00
name: { type: String, default: '' },
2016-06-27 19:09:18 +02:00
username: { type: String, required: true, unique: true },
2016-06-24 00:29:55 +02:00
password: { type: String },
2016-10-12 18:02:46 +02:00
resetPasswordToken: String,
resetPasswordExpires: Date,
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config
2017-06-26 18:48:28 +02:00
verified: { type: String },
verifiedToken: String,
verifiedTokenExpires: Date,
2016-06-24 00:29:55 +02:00
github: { type: String },
email: { type: String, unique: true },
tokens: Array,
apiKeys: { type: [apiKeySchema] },
preferences: {
fontSize: { type: Number, default: 18 },
lineNumbers: { type: Boolean, default: true },
indentationAmount: { type: Number, default: 2 },
isTabIndent: { type: Boolean, default: false },
2016-08-12 21:50:33 +02:00
autosave: { type: Boolean, default: true },
linewrap: { type: Boolean, default: true },
2016-08-12 21:50:33 +02:00
lintWarning: { type: Boolean, default: false },
textOutput: { type: Boolean, default: false },
gridOutput: { type: Boolean, default: false },
soundOutput: { type: Boolean, default: false },
theme: { type: String, default: 'light' },
autorefresh: { type: Boolean, default: false }
},
totalSize: { type: Number, default: 0 }
2019-05-03 01:10:14 +02:00
}, { timestamps: true, usePushEach: true });
/**
* Password hash middleware.
*/
2016-06-27 19:09:18 +02:00
userSchema.pre('save', function checkPassword(next) { // eslint-disable-line consistent-return
const user = this;
if (!user.isModified('password')) { return next(); }
2016-06-27 19:09:18 +02:00
bcrypt.genSalt(10, (err, salt) => { // eslint-disable-line consistent-return
if (err) { return next(err); }
2016-06-27 19:09:18 +02:00
bcrypt.hash(user.password, salt, null, (innerErr, hash) => {
if (innerErr) { return next(innerErr); }
user.password = hash;
2016-06-27 19:09:18 +02:00
return next();
});
});
});
2018-11-06 13:36:19 +01:00
/**
* API keys hash middleware
*/
2018-11-06 17:28:17 +01:00
userSchema.pre('save', function checkApiKey(next) { // eslint-disable-line consistent-return
2018-11-06 13:36:19 +01:00
const user = this;
if (!user.isModified('apiKeys')) { return next(); }
let hasNew = false;
user.apiKeys.forEach((k) => {
if (k.isNew) {
hasNew = true;
2018-11-06 17:28:17 +01:00
bcrypt.genSalt(10, (err, salt) => { // eslint-disable-line consistent-return
2018-11-06 13:36:19 +01:00
if (err) { return next(err); }
bcrypt.hash(k.hashedKey, salt, null, (innerErr, hash) => {
if (innerErr) { return next(innerErr); }
k.hashedKey = hash;
return next();
});
});
}
});
if (!hasNew) return next();
});
userSchema.virtual('id').get(function idToString() {
return this._id.toHexString();
});
userSchema.set('toJSON', {
virtuals: true
});
/**
* Helper method for validating user's password.
*/
2016-06-27 19:09:18 +02:00
userSchema.methods.comparePassword = function comparePassword(candidatePassword, cb) {
2016-06-25 00:18:22 +02:00
// userSchema.methods.comparePassword = (candidatePassword, cb) => {
bcrypt.compare(candidatePassword, this.password, (err, isMatch) => {
cb(err, isMatch);
});
};
2018-11-06 17:28:17 +01:00
/**
* Helper method for validating a user's api key
*/
userSchema.methods.findMatchingKey = function findMatchingKey(candidateKey, cb) {
let foundOne = false;
this.apiKeys.forEach((k) => {
if (bcrypt.compareSync(candidateKey, k.hashedKey)) {
foundOne = true;
cb(null, true, k);
2018-11-06 17:28:17 +01:00
}
});
if (!foundOne) cb('Matching API key not found !', false, null);
};
/**
*
* Queries User collection by email and returns one User document.
*
* @param {string|string[]} email - Email string or array of email strings
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByEmail = function findByEmail(email, cb) {
let query;
if (Array.isArray(email)) {
query = {
email: { $in: email }
};
} else {
query = {
email
};
}
// Email addresses should be case-insensitive unique
// In MongoDB, you must use collation in order to do a case-insensitive query
return this.findOne(query).collation({ locale: 'en', strength: 2 }).exec(cb);
};
/**
*
* Queries User collection by username and returns one User document.
*
* @param {string} username - Username string
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByUsername = function findByUsername(username, cb) {
const query = {
username
};
return this.findOne(query, cb);
};
/**
*
* Queries User collection using email or username with optional callback.
* This function will determine automatically whether the data passed is
* a username or email.
*
* @param {string} value - Email or username
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByEmailOrUsername = function findByEmailOrUsername(value, cb) {
const isEmail = value.indexOf('@') > -1;
if (isEmail) {
return this.findByEmail(value, cb);
}
return this.findByUsername(value, cb);
};
/**
*
* Queries User collection, performing a MongoDB logical or with the email
* and username (i.e. if either one matches, will return the first document).
*
* @param {string} email
* @param {string} username
* @callback [cb] - Optional error-first callback that passes User document
* @return {Promise<Object>} - Returns Promise fulfilled by User document
*/
userSchema.statics.findByEmailAndUsername = function findByEmailAndUsername(email, username, cb) {
const query = {
$or: [
{ email },
{ username }
]
};
return this.findOne(query).collation({ locale: 'en', strength: 2 }).exec(cb);
};
Email verification (#369) * Re-introduce Email Verification code Revert "Revert "Email verification"" This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1. * Uses MJML to generate Reset Password email * Sends Password Reset and Email Confirmation emails using MJML template * Sends verified status along with user data * API endpoint for resending email verification confirmation * Displays verification status on Account page and allows resending * Send back error string * Passes email address through to sign/verify helper * Uses enum-style object to set verified state * Sends minimal info when user verifies since it can be done without login * Provides /verify UI and sends confirmation token to API * Better name for JWT secret token env var * Adds mail config variables to Readme * Encrypts email address in JWT The JWT sent as the token in the Confirm Password URL can be unencoded by anyone, although it's signature can only be verified by us. To ensure that no passwords are leaked, we encrypt the email address before creating the token. * Removes unused mail templates * Resets verified flag when email is changed and sends another email * Moves email confirmation functions next to each other * Extracts random token generator to helper * Moves email confirmation actions into Redux - updates the AccountForm label with a message to check inbox - show status when verifying email token * Uses generated token stored in DB for email confirmation * Sets email confirmation status to verified if logging in from Github * Sends email using new method on account creation * Fixes linting errors * Removes replyTo config
2017-06-26 18:48:28 +02:00
userSchema.statics.EmailConfirmation = EmailConfirmationStates;
userSchema.index({ username: 1 }, { collation: { locale: 'en', strength: 2 } });
userSchema.index({ email: 1 }, { collation: { locale: 'en', strength: 2 } });
2016-06-25 00:18:22 +02:00
export default mongoose.model('User', userSchema);