Commit graph

55 commits

Author SHA1 Message Date
Cassie Tarakajian
6259f58233 [#1314][#1489] Add static methods to user model
- Add new static methods to user model
  - `findByEmailAndUsername`
  - renames `findByMailOrName` to `findByEmailOrUsername`
  - `findByUsername`
  - `findByEmail`
- Reverts case insensitive behavior for username
2020-07-15 17:33:11 -04:00
Cassie Tarakajian
15ad07d5ce [#1314][#1489] Use collation instead of RegEx
- Add case insensitive indexes for User.email and User.username
- Update user queries by username or email so that they are case
  insensitive
2020-07-14 18:16:17 -04:00
Cassie Tarakajian
9671cd0687 Fix linting errors 2020-04-06 19:02:55 -04:00
Cassie Tarakajian
ef4a8d7ea1 Use MongoDB Regexes to query case insensitive username/password 2020-04-06 19:01:37 -04:00
Cassie Tarakajian
86e299c936 Handle both lowercase and mixedcase username/password 2020-04-06 15:55:00 -04:00
Cassie Tarakajian
ba00f7fd89 Merge master 2020-04-06 15:40:52 -04:00
shakti97
ba92e01762 Fix username/email case issue in login/signup 2020-03-09 01:39:01 +05:30
Cassie Tarakajian
0cde29e56d re #168, get asset deletion route to work, update options dropdown on asset list 2020-03-03 14:43:23 -05:00
Cassie Tarakajian
36d20281db add script to add total size to all user accounts, add totalSize to user model, return totalSize from user api request 2020-03-03 14:00:53 -05:00
Cassie Tarakajian
5900e62904 unify navigation for authentication pages, add authorization to front end, fixes #650 2019-09-19 13:38:27 -04:00
Andrew Nicolaou
7c4f180540 Consistent user data returned from API
There's duplication in the user and session endpoints that
all return the same shaped user model data. The new helper should keep
them consistent when new properties need to be exposed.
2019-05-29 12:51:50 -04:00
Andrew Nicolaou
403234ae81 Moves API key creation to server 2019-05-29 12:51:50 -04:00
Vertmo
3b55ff81d2 Hashing keys before storing them 2019-05-29 12:51:50 -04:00
Vertmo
db71a2b7c0 Added DB schema and backend logic for API keys creation and deletion 2019-05-29 12:51:50 -04:00
Oliver Wright
00391a4ef9 Prevent User Information leak Fixes #822 (#823)
Prevents leaking the encrypted password and verification tokens to
the user when they update their account.
2019-02-20 11:08:10 -05:00
anaplian
319e68ddb6 Fix async validation in signup form (fixes #742) (#746) 2018-10-29 19:33:37 -04:00
Cassie Tarakajian
c90dac55b7 update eslint and fix linting errors 2018-05-08 19:16:04 -07:00
Cassie Tarakajian
4684feaff6 fix #394 2017-07-14 15:35:02 -04:00
Cassie Tarakajian
e140702784 Create Asset List View and refactor overlay code (#356)
* start to create asset list

* begin refactoring overlay component to remove duplicate code

* refactoring of overlays, asset list styles

* changes to add size to asset list

* fixes to asset list

* handle case in which a user hasn't uploaded any assets

* fix bug in which asset list only grabbed first asset

* remove console.log

* update overlay exit styling to use icon mixin
2017-07-11 17:37:43 +02:00
Cassie Tarakajian
4476405021 change all email links to update protocol based on node env 2017-06-26 13:48:24 -04:00
Andrew Nicolaou
1dc0c22cb7 Email verification (#369)
* Re-introduce Email Verification code

Revert "Revert "Email verification""
This reverts commit d154d8bff259350523a0f139e844db96c43d2ee1.

* Uses MJML to generate Reset Password email

* Sends Password Reset and Email Confirmation emails using MJML template

* Sends verified status along with user data

* API endpoint for resending email verification confirmation

* Displays verification status on Account page and allows resending

* Send back error string

* Passes email address through to sign/verify helper

* Uses enum-style object to set verified state

* Sends minimal info when user verifies since it can be done without login

* Provides /verify UI and sends confirmation token to API

* Better name for JWT secret token env var

* Adds mail config variables to Readme

* Encrypts email address in JWT

The JWT sent as the token in the Confirm Password URL
can be unencoded by anyone, although it's signature can only
be verified by us. To ensure that no passwords are leaked,
we encrypt the email address before creating the token.

* Removes unused mail templates

* Resets verified flag when email is changed and sends another email

* Moves email confirmation functions next to each other

* Extracts random token generator to helper

* Moves email confirmation actions into Redux

- updates the AccountForm label with a message to check inbox
- show status when verifying email token

* Uses generated token stored in DB for email confirmation

* Sets email confirmation status to verified if logging in from Github

* Sends email using new method on account creation

* Fixes linting errors

* Removes replyTo config
2017-06-26 12:48:28 -04:00
Cassie Tarakajian
aaa5e868e2 make inital changes for #169--need to migrate the locations of a user's s3 files to be namespaced under their userid 2017-04-06 14:34:14 -04:00
Yining Shi
fe6acc90e4 Adding User Settings View (#325)
* added account page showing username and email

* change username and email

* validate current password and add new  password

* reject promise with error for reduxForm submit-validation for current password

* updated user reducer to handle setting sucess and server side async

* warning if there is current password but no new password

* fixes logout button

* import validate function, fixes logout style
2017-03-16 18:25:12 -04:00
Cassie Tarakajian
e87390adb9 update eslint to latest version, fix lots of linting errors (#308)
* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* update eslint and dependencies, fix linting errors that can be fixed with --fix

* fix lots of linting errors

* update eslintrc, fix some linting errors

* fix all server side linting errors, untested

* fix errors that fixing linting errors had caused

* fix client side eslint errors

* fix client side linting errors

* fix refs lint errors

* fix more linting errors

* fix some accessibility linting errors

* fix a lot of linting errors

* fix a billion more linting errors

* hopefully fix all linting errors, still need to test

* fix bugs that fixing linting had caused
2017-02-22 14:29:35 -05:00
Cassie Tarakajian
311e8442a1 Revert "Email verification" (#265) 2017-01-13 10:35:39 -05:00
Akarshit Wal
2d781e22fb Email verification (#230)
* Making the email separate for future enhancements

* email-verification added

* Github users are verified

* update package

* Bug fixes and improvements

* jade to pug

* Bug fix

* changed route
2017-01-13 10:24:09 -05:00
Cassie Tarakajian
fc8318c297 fix some linting errors 2017-01-11 15:50:36 -05:00
Enrique Piqueras
5e4b076b93 Fixed #158 and #100 (#198)
* Changed unsaved changes asterisk to an svg circle. #158

* Fixed #100
Unmatched routes are handled by react-router on the client side
and a single wildcard route on server.routes.js renders the index
html.
When the /:username/sketches route is matched and the username is not
valid, the user will be redirected to the index route and a toast
will explain what happened. When the username is 'p5' (default when
logged out) it will show all sketches. Maybe this should be changed
to just public or 'local' sketches?

* Moved unsaved changes SVG to a separate file.

* User not found is now a 404 error.

* Added server rendered 404 page.

* Removed console.log

* 404 Page now renders a random p5 sketch. TODO: make 404 sketches.

* Added 404 header
404 page now fetches a random example sketch

* Moved circle closer to file name

* Render 404 page in SketchList route if !user
2017-01-06 13:08:03 -05:00
Cassie Tarakajian
9e61382e87 #182 possible fix to password reset 2016-12-13 13:28:01 -05:00
Cassie Tarakajian
af3cb60ce1 fix linting errors that are fixable with --fix in server side code 2016-11-17 11:15:35 -05:00
Cassie Tarakajian
b06fb4cb80 change p5.js password reset email 2016-11-02 18:08:28 -04:00
Cassie Tarakajian
e66b916349 change password reset email address 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
70f1c1c8f1 update email copy 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
e5ff11f65a add basic password reset functionality, no error checking or styling 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
d055aa5af8 more password reset things 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
5aa5032961 create password reset token from FE, start to add flash text 2016-10-19 12:36:58 -04:00
Cassie Tarakajian
ea6d30c430 more password reset stuff 2016-10-19 12:36:57 -04:00
catarak
3b6bfbc552 check for duplicate email and username 2016-09-02 14:51:30 -04:00
catarak
afc86740b3 fix preferences font size text size bug 2016-08-09 18:45:59 -04:00
catarak
9f9425c5e9 update preferences server side 2016-08-09 14:20:54 -04:00
catarak
c76b1353c3 put preferences to server, need to look at mongoose docs tho because is wrong 2016-08-04 21:43:13 -04:00
catarak
3d42da18a8 fix a ton of eslint errors 2016-06-23 18:29:55 -04:00
catarak
c25d669fe9 move ajax requests to /api 2016-06-20 18:00:40 -04:00
catarak
0c54f372c1 store signup in redux 2016-06-20 17:50:45 -04:00
catarak
4908dc1e0b change authentication to cookies 2016-06-20 17:47:47 -04:00
catarak
25951cd45b add sign up server side, still working on client side 2016-06-20 17:47:47 -04:00
catarak
b2a4eacc52 add dotenv, start to add signup 2016-06-20 17:47:47 -04:00
catarak
22964f7a1c add sign up server side, still working on client side 2016-06-20 17:47:46 -04:00
catarak
341158579f add dotenv, start to add signup 2016-06-20 17:47:46 -04:00
catarak
09654ca66b add sign up server side, still working on client side 2016-06-20 17:47:17 -04:00