From 094a56f34c81594c7b27693a5ffa6bdad88a6720 Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 11:16:11 -0800 Subject: [PATCH 1/9] Added basic styles to password change --- .../src/components/password/index.js | 44 +++++++++++++++---- .../src/components/password/styles.css | 0 2 files changed, 36 insertions(+), 8 deletions(-) create mode 100644 gamersnet_frontend/src/components/password/styles.css diff --git a/gamersnet_frontend/src/components/password/index.js b/gamersnet_frontend/src/components/password/index.js index 34f0a11..05ceee4 100644 --- a/gamersnet_frontend/src/components/password/index.js +++ b/gamersnet_frontend/src/components/password/index.js @@ -1,24 +1,52 @@ import React from 'react'; import APIFetch from '../../api'; +import './styles.css'; + export default class Password extends React.Component { constructor(props) { super(props); - this.state = {data: ''} + this.state = {newPassword: '', message: ''}; + + this.inputPassword = this.inputPassword.bind(this); + this.handle = this.handle.bind(this); + } + + inputPassword(event) { + this.setState({newPassword: event.target.value}); } - componentDidMount() { - let fetchData = APIFetch('page2'); - fetchData.then((data) => { - this.setState({data: JSON.stringify(data)}); - }); + handle(event) { + this.setState({message: 'sending, pls wait'}); + + if (this.state.newPassword !== '') { + let body = {password: this.state.newPassword}; + + let fetchData = APIFetch('/users/changePassword', JSON.stringify(body), 'POST'); + + fetchData.then(async (data) => { + if (await data.ok) { + this.props.history.push('/'); + this.props.updateHeader(); + } else { + this.setState({message: 'something went wrong'}); + } + }); + } + + event.preventDefault(); } render() { return ( -
-

this is page 2 and the server says: {this.state.data}

+
+

Change Password

+
+ + +
+

{this.state.message}

); } diff --git a/gamersnet_frontend/src/components/password/styles.css b/gamersnet_frontend/src/components/password/styles.css new file mode 100644 index 0000000..e69de29 From 0417f0b10a7fac5014f53f51b6c685d03a7a3f29 Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 13:20:20 -0800 Subject: [PATCH 2/9] Setup backend password change --- .../routes/users/authenticate.js | 2 +- .../routes/users/changePassword.js | 22 +++++++++++++++++++ .../routes/users/createAccount.js | 4 ++-- gamersnet_backend/routes/users/index.js | 2 ++ gamersnet_backend/utilites/makeHash.js | 13 +++++++++++ .../randomString.js} | 11 ++++------ 6 files changed, 44 insertions(+), 10 deletions(-) create mode 100644 gamersnet_backend/routes/users/changePassword.js create mode 100644 gamersnet_backend/utilites/makeHash.js rename gamersnet_backend/{routes/users/generateToken.js => utilites/randomString.js} (50%) diff --git a/gamersnet_backend/routes/users/authenticate.js b/gamersnet_backend/routes/users/authenticate.js index 6b2fdd3..81192cd 100644 --- a/gamersnet_backend/routes/users/authenticate.js +++ b/gamersnet_backend/routes/users/authenticate.js @@ -4,7 +4,7 @@ let bcrypt = require('bcrypt'); let {TOKEN_LIFE_SPAN, updateUserToken} = require('../../persistence/tokens'); let {getUserByUsername} = require('../../persistence/users'); -let generateToken = require('./generateToken'); +let generateToken = require('../../utilites/randomString'); function verifyUsernameRequirements(username) { if (username == false) return false; diff --git a/gamersnet_backend/routes/users/changePassword.js b/gamersnet_backend/routes/users/changePassword.js new file mode 100644 index 0000000..7a5d4df --- /dev/null +++ b/gamersnet_backend/routes/users/changePassword.js @@ -0,0 +1,22 @@ +'use strict'; + +let bcrypt = require('bcrypt'); + +let {addUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); +let generateToken = require('../../utilites/randomString'); + +async function changePassword(request, response) { + let body = request.body; + let cookies = request.get('Cookie'); + + if (!cookies) { + response.status(400).end(); + } else { + + } + // response.cookie('token', token, {maxAge: TOKEN_LIFE_SPAN, httpOnly: true}); + response.status(204).end(); + +} + +module.exports = changePassword; \ No newline at end of file diff --git a/gamersnet_backend/routes/users/createAccount.js b/gamersnet_backend/routes/users/createAccount.js index 767fa06..364ecf6 100644 --- a/gamersnet_backend/routes/users/createAccount.js +++ b/gamersnet_backend/routes/users/createAccount.js @@ -4,7 +4,7 @@ let bcrypt = require('bcrypt'); let {addUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); let {addUser, getUserByUsername} = require('../../persistence/users'); -let generateToken = require('./generateToken'); +let randomString = require('../../utilites/randomString'); function verifyUsernameRequirements(username) { if (username == false) return false; @@ -40,7 +40,7 @@ async function createAccount(request, response) { let id = result.insertedId; // create new token and add it to database - let token = await generateToken(id); + let token = await randomString(id); await addUserToken(id, token); // send the client said token diff --git a/gamersnet_backend/routes/users/index.js b/gamersnet_backend/routes/users/index.js index d636f77..f7a858a 100644 --- a/gamersnet_backend/routes/users/index.js +++ b/gamersnet_backend/routes/users/index.js @@ -3,8 +3,10 @@ let app = require('express').Router(); // include each route handler let createAccount = require('./createAccount'); let authenticate = require('./authenticate'); +let changePassword = require('./changePassword'); app.post('/createAccount', createAccount) +app.post('/changePassword', changePassword) app.post('/authenticate', authenticate) // return the above routes diff --git a/gamersnet_backend/utilites/makeHash.js b/gamersnet_backend/utilites/makeHash.js new file mode 100644 index 0000000..0542469 --- /dev/null +++ b/gamersnet_backend/utilites/makeHash.js @@ -0,0 +1,13 @@ +'use strict'; + +let bcrypt = require('bcrypt'); + +async function makeHash(input) { + let returnHash; + + await bcrypt.hash(input.toString(), 10).then((hash) => returnHash = hash); + + return returnHash; +} + +module.exports = makeHash; \ No newline at end of file diff --git a/gamersnet_backend/routes/users/generateToken.js b/gamersnet_backend/utilites/randomString.js similarity index 50% rename from gamersnet_backend/routes/users/generateToken.js rename to gamersnet_backend/utilites/randomString.js index a63279c..c83a556 100644 --- a/gamersnet_backend/routes/users/generateToken.js +++ b/gamersnet_backend/utilites/randomString.js @@ -2,13 +2,10 @@ let bcrypt = require('bcrypt'); let crypto = require('crypto'); +const makeHash = require('./makeHash'); -async function generateToken(input) { - let token; - - // create a new unique hash from input - // input doesnt matter - await bcrypt.hash(input.toString(), 10).then((hash) => token = hash); +async function randomString(input) { + let token = await makeHash(input); // turn it into an alpha numeric string by computing MD5 token = crypto.createHash('md5').update(token).digest('hex'); @@ -16,4 +13,4 @@ async function generateToken(input) { return token; } -module.exports = generateToken; \ No newline at end of file +module.exports = randomString; \ No newline at end of file From 81c3c875899e47c797cba37f8759f6ebccb7af88 Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 18:49:14 -0800 Subject: [PATCH 3/9] Rearrange backend and more password change skeleton --- gamersnet_backend/routes/users/authenticate.js | 7 ++++--- gamersnet_backend/routes/users/changePassword.js | 3 --- gamersnet_backend/routes/users/createAccount.js | 6 +++--- .../randomString.js => routes/utilites/alphaNumericize.js} | 5 ++--- gamersnet_backend/{ => routes}/utilites/makeHash.js | 0 5 files changed, 9 insertions(+), 12 deletions(-) rename gamersnet_backend/{utilites/randomString.js => routes/utilites/alphaNumericize.js} (73%) rename gamersnet_backend/{ => routes}/utilites/makeHash.js (100%) diff --git a/gamersnet_backend/routes/users/authenticate.js b/gamersnet_backend/routes/users/authenticate.js index 81192cd..4248489 100644 --- a/gamersnet_backend/routes/users/authenticate.js +++ b/gamersnet_backend/routes/users/authenticate.js @@ -4,7 +4,8 @@ let bcrypt = require('bcrypt'); let {TOKEN_LIFE_SPAN, updateUserToken} = require('../../persistence/tokens'); let {getUserByUsername} = require('../../persistence/users'); -let generateToken = require('../../utilites/randomString'); +let alphaNumericize = require('../utilites/alphaNumericize'); +let makeHash = require('../utilites/makeHash'); function verifyUsernameRequirements(username) { if (username == false) return false; @@ -35,11 +36,11 @@ async function authenticate(request, response) { if (correctPassword) { // make a new token and update it - let tokenNew = await generateToken(result._id); + let tokenNew = await makeHash(result._id); await updateUserToken(result._id, tokenNew); // give client token - response.cookie('token', tokenNew, {maxAge: TOKEN_LIFE_SPAN, httpOnly: false, domain: 'localhost'}); + response.cookie('token', alphaNumericize(tokenNew), {maxAge: TOKEN_LIFE_SPAN, httpOnly: false, domain: 'localhost'}); response.status(204).end(); } else { response.status(401).end(); diff --git a/gamersnet_backend/routes/users/changePassword.js b/gamersnet_backend/routes/users/changePassword.js index 7a5d4df..28306dc 100644 --- a/gamersnet_backend/routes/users/changePassword.js +++ b/gamersnet_backend/routes/users/changePassword.js @@ -1,9 +1,6 @@ 'use strict'; -let bcrypt = require('bcrypt'); - let {addUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); -let generateToken = require('../../utilites/randomString'); async function changePassword(request, response) { let body = request.body; diff --git a/gamersnet_backend/routes/users/createAccount.js b/gamersnet_backend/routes/users/createAccount.js index 364ecf6..ec534f3 100644 --- a/gamersnet_backend/routes/users/createAccount.js +++ b/gamersnet_backend/routes/users/createAccount.js @@ -4,7 +4,7 @@ let bcrypt = require('bcrypt'); let {addUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); let {addUser, getUserByUsername} = require('../../persistence/users'); -let randomString = require('../../utilites/randomString'); +let alphaNumericize = require('../../utilites/alphaNumericize'); function verifyUsernameRequirements(username) { if (username == false) return false; @@ -40,11 +40,11 @@ async function createAccount(request, response) { let id = result.insertedId; // create new token and add it to database - let token = await randomString(id); + let token = await makeHash(id); await addUserToken(id, token); // send the client said token - response.cookie('token', token, {maxAge: TOKEN_LIFE_SPAN, httpOnly: true}); + response.cookie('token', alphaNumericize(token), {maxAge: TOKEN_LIFE_SPAN, httpOnly: true}); response.status(204).end(); }); } else { diff --git a/gamersnet_backend/utilites/randomString.js b/gamersnet_backend/routes/utilites/alphaNumericize.js similarity index 73% rename from gamersnet_backend/utilites/randomString.js rename to gamersnet_backend/routes/utilites/alphaNumericize.js index c83a556..da21e81 100644 --- a/gamersnet_backend/utilites/randomString.js +++ b/gamersnet_backend/routes/utilites/alphaNumericize.js @@ -1,10 +1,9 @@ 'use strict'; -let bcrypt = require('bcrypt'); let crypto = require('crypto'); const makeHash = require('./makeHash'); -async function randomString(input) { +async function alphaNumericize(input) { let token = await makeHash(input); // turn it into an alpha numeric string by computing MD5 @@ -13,4 +12,4 @@ async function randomString(input) { return token; } -module.exports = randomString; \ No newline at end of file +module.exports = alphaNumericize; \ No newline at end of file diff --git a/gamersnet_backend/utilites/makeHash.js b/gamersnet_backend/routes/utilites/makeHash.js similarity index 100% rename from gamersnet_backend/utilites/makeHash.js rename to gamersnet_backend/routes/utilites/makeHash.js From 27ac0ece79ab734391096bc6f7c8d8fa2f28a73c Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 18:56:39 -0800 Subject: [PATCH 4/9] Updated imports --- gamersnet_backend/routes/users/authenticate.js | 4 ++-- gamersnet_backend/routes/users/createAccount.js | 2 +- .../routes/{utilites => utilities}/alphaNumericize.js | 0 gamersnet_backend/routes/{utilites => utilities}/makeHash.js | 0 4 files changed, 3 insertions(+), 3 deletions(-) rename gamersnet_backend/routes/{utilites => utilities}/alphaNumericize.js (100%) rename gamersnet_backend/routes/{utilites => utilities}/makeHash.js (100%) diff --git a/gamersnet_backend/routes/users/authenticate.js b/gamersnet_backend/routes/users/authenticate.js index ae4da64..dd512ee 100644 --- a/gamersnet_backend/routes/users/authenticate.js +++ b/gamersnet_backend/routes/users/authenticate.js @@ -4,8 +4,8 @@ let bcrypt = require('bcrypt'); let {TOKEN_LIFE_SPAN, updateUserToken} = require('../../persistence/tokens'); let {getUserByUsername} = require('../../persistence/users'); -let alphaNumericize = require('../utilites/alphaNumericize'); -let makeHash = require('../utilites/makeHash'); +let alphaNumericize = require('../utilities/alphaNumericize'); +let makeHash = require('../utilities/makeHash'); function verifyUsernameRequirements(username) { if (username == false) return false; diff --git a/gamersnet_backend/routes/users/createAccount.js b/gamersnet_backend/routes/users/createAccount.js index cf782d2..6db3d70 100644 --- a/gamersnet_backend/routes/users/createAccount.js +++ b/gamersnet_backend/routes/users/createAccount.js @@ -4,7 +4,7 @@ let bcrypt = require('bcrypt'); let {addUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); let {addUser, getUserByUsername} = require('../../persistence/users'); -let alphaNumericize = require('../../utilites/alphaNumericize'); +let alphaNumericize = require('../../utilities/alphaNumericize'); function verifyUsernameRequirements(username) { if (username == false) return false; diff --git a/gamersnet_backend/routes/utilites/alphaNumericize.js b/gamersnet_backend/routes/utilities/alphaNumericize.js similarity index 100% rename from gamersnet_backend/routes/utilites/alphaNumericize.js rename to gamersnet_backend/routes/utilities/alphaNumericize.js diff --git a/gamersnet_backend/routes/utilites/makeHash.js b/gamersnet_backend/routes/utilities/makeHash.js similarity index 100% rename from gamersnet_backend/routes/utilites/makeHash.js rename to gamersnet_backend/routes/utilities/makeHash.js From 80a658279012f0ee6af4f1bc13fe449a9f047994 Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 19:11:11 -0800 Subject: [PATCH 5/9] Fixed previous routes breaking from backend shuffle --- .../routes/users/authenticate.js | 7 ++-- .../routes/users/createAccount.js | 33 ++++++++++--------- .../routes/utilities/alphaNumericize.js | 9 ++--- 3 files changed, 25 insertions(+), 24 deletions(-) diff --git a/gamersnet_backend/routes/users/authenticate.js b/gamersnet_backend/routes/users/authenticate.js index dd512ee..bf54a1d 100644 --- a/gamersnet_backend/routes/users/authenticate.js +++ b/gamersnet_backend/routes/users/authenticate.js @@ -37,10 +37,13 @@ async function authenticate(request, response) { if (correctPassword) { // make a new token and update it let tokenNew = await makeHash(result._id); - await updateUserToken(result._id, tokenNew); + let alphaNumericToken = alphaNumericize(tokenNew); + + await updateUserToken(result._id, alphaNumericToken); + // give client token - response.cookie('token', alphaNumericize(tokenNew), {maxAge: TOKEN_LIFE_SPAN, httpOnly: false}); + response.cookie('token', alphaNumericToken, {maxAge: TOKEN_LIFE_SPAN, httpOnly: false}); response.status(204).end(); } else { response.status(401).end(); diff --git a/gamersnet_backend/routes/users/createAccount.js b/gamersnet_backend/routes/users/createAccount.js index 6db3d70..bbc0fb9 100644 --- a/gamersnet_backend/routes/users/createAccount.js +++ b/gamersnet_backend/routes/users/createAccount.js @@ -1,10 +1,9 @@ 'use strict'; -let bcrypt = require('bcrypt'); - let {addUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); let {addUser, getUserByUsername} = require('../../persistence/users'); -let alphaNumericize = require('../../utilities/alphaNumericize'); +let alphaNumericize = require('../utilities/alphaNumericize'); +let makeHash = require('../utilities/makeHash'); function verifyUsernameRequirements(username) { if (username == false) return false; @@ -34,19 +33,21 @@ async function createAccount(request, response) { if (validUsername && usernameNotUsed && validPassword) { // hash password - await bcrypt.hash(body.password, 10, async (error, passwordHash) => { - // add new account to database and get the unique id of inserted account - let result = await addUser(body.username, passwordHash); - let id = result.insertedId; - - // create new token and add it to database - let token = await makeHash(id); - await addUserToken(id, token); - - // send the client said token - response.cookie('token', alphaNumericize(token), {maxAge: TOKEN_LIFE_SPAN, httpOnly: false}); - response.status(204).end(); - }); + let hashedPassword = await makeHash(body.password); + + // add new account to database and get the unique id of inserted account + let result = await addUser(body.username, hashedPassword); + let id = result.insertedId; + + let token = await makeHash(id); + let alphaNumericToken = alphaNumericize(token); + + await addUserToken(id, alphaNumericToken); + + + // send the client said token + response.cookie('token', alphaNumericToken, {maxAge: TOKEN_LIFE_SPAN, httpOnly: false}); + response.status(204).end(); } else { response.status(400).end(); } diff --git a/gamersnet_backend/routes/utilities/alphaNumericize.js b/gamersnet_backend/routes/utilities/alphaNumericize.js index da21e81..925af3e 100644 --- a/gamersnet_backend/routes/utilities/alphaNumericize.js +++ b/gamersnet_backend/routes/utilities/alphaNumericize.js @@ -1,15 +1,12 @@ 'use strict'; let crypto = require('crypto'); -const makeHash = require('./makeHash'); - -async function alphaNumericize(input) { - let token = await makeHash(input); +function alphaNumericize(input) { // turn it into an alpha numeric string by computing MD5 - token = crypto.createHash('md5').update(token).digest('hex'); + let output = crypto.createHash('md5').update(input).digest('hex'); - return token; + return output; } module.exports = alphaNumericize; \ No newline at end of file From 78eb177a95f0057fd3075a08034accef14057f71 Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 19:26:59 -0800 Subject: [PATCH 6/9] Removed temp testing --- gamersnet_backend/persistence/tokens.js | 4 +--- gamersnet_backend/routes/posts/createPost.js | 20 ++------------------ gamersnet_backend/routes/posts/index.js | 11 +---------- 3 files changed, 4 insertions(+), 31 deletions(-) diff --git a/gamersnet_backend/persistence/tokens.js b/gamersnet_backend/persistence/tokens.js index b46932c..094bc12 100644 --- a/gamersnet_backend/persistence/tokens.js +++ b/gamersnet_backend/persistence/tokens.js @@ -42,9 +42,7 @@ async function updateUserToken(id, token) { } async function tokenValid(cookie) { - let db = await MongoDB.open(); - - let tokens = db.collection('tokens'); + await connect(); let result = await tokens.find({ token: cookie, expires: {$gte: new Date().getTime()}}); diff --git a/gamersnet_backend/routes/posts/createPost.js b/gamersnet_backend/routes/posts/createPost.js index ff86a32..9c549f4 100644 --- a/gamersnet_backend/routes/posts/createPost.js +++ b/gamersnet_backend/routes/posts/createPost.js @@ -6,13 +6,12 @@ let ObjectId = require('mongodb').ObjectID; let {addPost} = require('../../persistence/posts'); let {verifyUserLoggedIn} = require('../utilities/tokenUtility') - // this function handles the /post/createPost/ endpoint async function createPost(request, response) { let body = request.body; let cookie = request.headers.cookie; - let loggedIn = await verifyUserLoggedIn(cookie, body.userID); + let loggedIn = await verifyUserLoggedIn(cookie); if(body.userID && loggedIn && body.description && body.gameTimeUTC && body.gameName) { @@ -26,21 +25,6 @@ async function createPost(request, response) { } else { response.status(400).end(); } - -} - -async function testCookie(request, response) { - let body = request.body; - let cookie = request.headers.cookie; - - let loggedIn = await verifyUserLoggedIn('e3db2b14396953cb10607c2c36fbdfee'); - - if(loggedIn) { - response.status(200).end(); - } else { - response.status(404).end(); - } - } -module.exports = {createPost, testCookie}; +module.exports = {createPost}; \ No newline at end of file diff --git a/gamersnet_backend/routes/posts/index.js b/gamersnet_backend/routes/posts/index.js index 929b8d4..cf1d46f 100644 --- a/gamersnet_backend/routes/posts/index.js +++ b/gamersnet_backend/routes/posts/index.js @@ -1,19 +1,10 @@ const router = require('express').Router(); // include each route handler -let {createPost, testCookie} = require('./createPost'); +let {createPost} = require('./createPost'); let {listAllPosts, listValidPosts} = require('./getPosts'); -// specify the routes under /posts/ and pass them off to each function -// check http://localhost:3000/posts to see it working -router.get('/', (req, res) => { - res.json({ - '/posts': 'Working!' - }); -}); - router.post('/createPost', createPost); -router.get('/testCookie', testCookie); router.get('/listAllPosts', listAllPosts); router.get('/listValidPosts', listValidPosts); From 5743fbf2724b257be3942d3421ed155d66ccf37f Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 19:42:34 -0800 Subject: [PATCH 7/9] Finished change password endpoitn --- gamersnet_backend/persistence/tokens.js | 11 ++++- gamersnet_backend/persistence/users.js | 15 ++++++- .../routes/users/changePassword.js | 42 ++++++++++++++++--- 3 files changed, 60 insertions(+), 8 deletions(-) diff --git a/gamersnet_backend/persistence/tokens.js b/gamersnet_backend/persistence/tokens.js index 094bc12..404ed8b 100644 --- a/gamersnet_backend/persistence/tokens.js +++ b/gamersnet_backend/persistence/tokens.js @@ -46,8 +46,15 @@ async function tokenValid(cookie) { let result = await tokens.find({ token: cookie, expires: {$gte: new Date().getTime()}}); - return result.toArray(); } -module.exports = {addUserToken, TOKEN_LIFE_SPAN, updateUserToken, tokenValid}; \ No newline at end of file +async function getUserIDFromToken(token) { + await connect(); + + let result = await tokens.findOne({token: token}); + + return result; +} + +module.exports = {addUserToken, TOKEN_LIFE_SPAN, updateUserToken, tokenValid, getUserIDFromToken}; \ No newline at end of file diff --git a/gamersnet_backend/persistence/users.js b/gamersnet_backend/persistence/users.js index 2fabe9e..87073ea 100644 --- a/gamersnet_backend/persistence/users.js +++ b/gamersnet_backend/persistence/users.js @@ -24,4 +24,17 @@ async function addUser(username, hashedPassword) { return await users.insertOne({username: username, password: hashedPassword}); } -module.exports = {addUser, getUserByUsername}; \ No newline at end of file +async function updateUserPassword(id, hashedPassword) { + await connect(); + + return await users.findOneAndUpdate( + {_id: id}, + { + $set: { + password: hashedPassword + } + } + ); +} + +module.exports = {addUser, getUserByUsername, updateUserPassword}; \ No newline at end of file diff --git a/gamersnet_backend/routes/users/changePassword.js b/gamersnet_backend/routes/users/changePassword.js index 28306dc..62a936f 100644 --- a/gamersnet_backend/routes/users/changePassword.js +++ b/gamersnet_backend/routes/users/changePassword.js @@ -1,18 +1,50 @@ 'use strict'; -let {addUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); +let {getUserIDFromToken, updateUserToken, TOKEN_LIFE_SPAN} = require('../../persistence/tokens'); +let {updateUserPassword} = require('../../persistence/users'); +const alphaNumericize = require('../utilities/alphaNumericize'); +let makeHash = require('../utilities/makeHash'); +let {verifyUserLoggedIn} = require('../utilities/tokenUtility'); + +function verifyPasswordRequirements(password) { + if (password == false) return false; + + return true; +} async function changePassword(request, response) { let body = request.body; let cookies = request.get('Cookie'); - - if (!cookies) { + + if (!cookies || !verifyPasswordRequirements(body.password)) { response.status(400).end(); - } else { + return; } - // response.cookie('token', token, {maxAge: TOKEN_LIFE_SPAN, httpOnly: true}); + + let token = cookies.split('=')[1]; + let isValid = await verifyUserLoggedIn(token); + + if (isValid) { + let hashPassword = await makeHash(body.password); + + let tokenDocument = await getUserIDFromToken(token); + let userID = tokenDocument.userID; + + await updateUserPassword(userID, hashPassword); + + let newToken = await makeHash(userID); + let alphaNumericToken = alphaNumericize(newToken); + + await updateUserToken(userID, alphaNumericToken); + + + response.cookie('token', alphaNumericToken, {maxAge: TOKEN_LIFE_SPAN, httpOnly: false}); response.status(204).end(); + } else { + response.status(401).end(); + } + } From 3b11a57867a33a4f4d10f0b00c558c315b858dd3 Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 19:50:43 -0800 Subject: [PATCH 8/9] Changed status message on password change --- gamersnet_frontend/src/components/password/index.js | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/gamersnet_frontend/src/components/password/index.js b/gamersnet_frontend/src/components/password/index.js index 05ceee4..2cd7ef1 100644 --- a/gamersnet_frontend/src/components/password/index.js +++ b/gamersnet_frontend/src/components/password/index.js @@ -27,8 +27,7 @@ export default class Password extends React.Component { fetchData.then(async (data) => { if (await data.ok) { - this.props.history.push('/'); - this.props.updateHeader(); + this.setState({message: 'password changed successfully'}); } else { this.setState({message: 'something went wrong'}); } From 952b92c6d0b04b1c17c22e9db6fa805def2a5956 Mon Sep 17 00:00:00 2001 From: Lucas Date: Wed, 24 Feb 2021 19:54:22 -0800 Subject: [PATCH 9/9] Removed extra empty line --- gamersnet_backend/routes/users/changePassword.js | 1 - 1 file changed, 1 deletion(-) diff --git a/gamersnet_backend/routes/users/changePassword.js b/gamersnet_backend/routes/users/changePassword.js index 62a936f..8115d98 100644 --- a/gamersnet_backend/routes/users/changePassword.js +++ b/gamersnet_backend/routes/users/changePassword.js @@ -38,7 +38,6 @@ async function changePassword(request, response) { await updateUserToken(userID, alphaNumericToken); - response.cookie('token', alphaNumericToken, {maxAge: TOKEN_LIFE_SPAN, httpOnly: false}); response.status(204).end(); } else {