diff options
| author | Bobby <[email protected]> | 2022-06-03 16:54:52 +0530 |
|---|---|---|
| committer | Bobby <[email protected]> | 2022-06-03 16:54:52 +0530 |
| commit | 692eecf32e4d569a55de2c4b5abb6a6897c88abe (patch) | |
| tree | 9575c0f7dbe31a8e4e064a6bc02e0ed7510ebc8d | |
| parent | 34407aa326383b641609e1effa39418341b740c0 (diff) | |
| download | thatcomputerscientist-692eecf32e4d569a55de2c4b5abb6a6897c88abe.tar.xz thatcomputerscientist-692eecf32e4d569a55de2c4b5abb6a6897c88abe.zip | |
password change function
| -rw-r--r-- | public/css/main.css | 4 | ||||
| -rw-r--r-- | routes/auth.routes.js | 149 | ||||
| -rw-r--r-- | views/account.ejs | 18 | ||||
| -rw-r--r-- | views/error.ejs | 14 |
4 files changed, 135 insertions, 50 deletions
diff --git a/public/css/main.css b/public/css/main.css index bcb8c5cd..c6f001c3 100644 --- a/public/css/main.css +++ b/public/css/main.css @@ -82,6 +82,10 @@ nav > ul > li { color: red; } +.success { + color: green; +} + .account { display: flex; flex-direction: row; diff --git a/routes/auth.routes.js b/routes/auth.routes.js index da1f339f..e8de4ed9 100644 --- a/routes/auth.routes.js +++ b/routes/auth.routes.js @@ -1,61 +1,124 @@ const router = require("express").Router(); const jwt = require("jsonwebtoken"); -const mysql = require('mysql2'); -const bcrypt = require('bcryptjs'); +const mysql = require("mysql2"); +const bcrypt = require("bcryptjs"); +const { renderRoute } = require("../functions/render"); require("dotenv").config(); const validationString = process.env.AUTHORIZATION_STRING; const connectionURL = process.env.DATABASE_URL; -router.get('/logout', (req, res) => { - res.clearCookie("token"); - res.redirect(req.get('referer')); -}) +router.get("/logout", (req, res) => { + res.clearCookie("token"); + res.redirect(req.get("referer")); +}); -router.post('/login', (req, res) => { - // Log in as user - const username = req.body.username; - const password = req.body.password; - const connection = mysql.createConnection(connectionURL); - connection.connect(); - const sql = "SELECT * FROM Users WHERE username = ?"; - connection.query(sql, [username], (err, results, fields) => { +router.post("/login", (req, res) => { + // Log in as user + const username = req.body.username; + const password = req.body.password; + const connection = mysql.createConnection(connectionURL); + connection.connect(); + const sql = "SELECT * FROM Users WHERE username = ?"; + connection.query(sql, [username], (err, results, fields) => { + if (err) { + res.status(500).render("error", { + error: err, + }); + } else { + if (results.length > 0) { + const user = results[0]; + if (bcrypt.compareSync(password, user.password)) { + // expires in 30 days + const token = jwt.sign( + { + username: user.username, + admin: user.admin, + }, + validationString, + { + expiresIn: "30d", + } + ); + // set cookie + res.cookie("token", token, { + maxAge: 30 * 24 * 60 * 60 * 1000, + httpOnly: true, + }); + res.redirect(req.get("referer")); + } else { + // incorrect password, redirect to referer with error + req.flash("error", "Incorrect password"); + res.redirect(req.get("referer")); + } + } else { + // user not found, redirect to referer with error + req.flash("error", "User not found"); + res.redirect(req.get("referer")); + } + } + }); + connection.end(); +}); + +router.post("/changePassword", (req, res) => { + jwt.verify(req.cookies.token, validationString, (err, decoded) => { + if (err) { + renderRoute(req, res, "index", "Home", false); + } else { + const username = decoded.username; + const password = req.body.password; + const newPassword = req.body.new_password; + const connection = mysql.createPool(connectionURL); + connection.getConnection((err, connection) => { if (err) { - res.status(500).json({ - message: "Error logging in", - error: err - }); + renderRoute(req, res, "error", "Error", false, { + error: err.message, + }); } else { - if (results.length > 0) { + const sql = "SELECT * FROM Users WHERE username = ?"; + connection.query(sql, [username], (err, results, fields) => { + if (err) { + renderRoute(req, res, "error", "Error", false, { + error: err.message, + }); + } else { + if (results.length > 0) { const user = results[0]; if (bcrypt.compareSync(password, user.password)) { - // expires in 30 days - const token = jwt.sign({ - username: user.username, - admin: user.admin - }, validationString, { - expiresIn: '30d' - }); - // set cookie - res.cookie('token', token, { - maxAge: 30 * 24 * 60 * 60 * 1000, - httpOnly: true - }); - res.redirect(req.get('referer')); + const hashedPassword = bcrypt.hashSync(newPassword, 10); + const sql = + "UPDATE Users SET password = ? WHERE username = ?"; + connection.query( + sql, + [hashedPassword, username], + (err, results, fields) => { + if (err) { + req.flash("passchangeerror", "Error updating password"); + res.redirect(req.get("referer")); + } else { + req.flash( + "passchangesuccess", + "Password updated successfully" + ); + res.redirect(req.get("referer")); + } + } + ); } else { - // incorrect password, redirect to referer with error - req.flash('error', 'Incorrect password'); - res.redirect(req.get('referer')); + req.flash("passchangeerror", "Incorrect password"); + res.redirect(req.get("referer")); } - } else { - // user not found, redirect to referer with error - req.flash('error', 'User not found'); - res.redirect(req.get('referer')); + } else { + req.flash("passchangeerror", "User not found"); + res.redirect(req.get("referer")); + } } + }); } - }); - connection.end(); + }); + } + }); }); - -module.exports = router;
\ No newline at end of file +module.exports = router; diff --git a/views/account.ejs b/views/account.ejs index cc100875..f3bc3359 100644 --- a/views/account.ejs +++ b/views/account.ejs @@ -17,14 +17,20 @@ <legend>Avatar</legend> <img src="https://www.gravatar.com/avatar/<%= user.avatar %>?s=200" alt="<%= user.username %>'s avatar" /> </fieldset> - <form method="post" onsubmit="event.preventDefault();"> + <form method="post" action="/auth/changePassword"> <fieldset> <legend>Change Password</legend> - <label for="password">New Password</label> - <input type="password" name="password" id="password" placeholder="New Password" /> - <label for="password_confirm">Confirm Password</label> - <input type="password" name="password_confirm" id="password_confirm" placeholder="Confirm Password" /> + <label for="password">Current Password</label> + <input type="password" name="password" id="password" placeholder="Current Password" /> + <label for="new_password">New Password</label> + <input type="password" name="new_password" id="new_password" placeholder="New Password" /> <input type="submit" value="Change Password" /> + <% if (locals.messages.passchangesuccess) { %> + <p class="success"><%= messages.passchangesuccess %></p> + <% } %> + <% if (locals.messages.passchangeerror) { %> + <p class="error"><%= messages.passchangeerror %></p> + <% } %> </fieldset> </form> <form method="post" onsubmit="event.preventDefault();"> @@ -61,8 +67,6 @@ </div> </div> <script> - var user = '<%- JSON.stringify(user) %>'; - console.log(JSON.parse(user)); document.getElementById('accountURL').innerHTML = window.location.origin + '/profile/<%= user.username %>'; </script> diff --git a/views/error.ejs b/views/error.ejs new file mode 100644 index 00000000..d11cc4be --- /dev/null +++ b/views/error.ejs @@ -0,0 +1,14 @@ +<%- include('partials/header.ejs') %> <%- include('partials/sidebar.ejs') %> +<div class="main"> + <div class="alert"> + <h1 class="error">error</h1> + <p> + <%= error %> + </p> + </div> + <section> + <h2>Recent Posts</h2> + </section> +</div> + +<%- include('partials/footer.ejs') %> |