Skip to content

Commit d3be332

Browse files
SwaggerooSwaggeroo
committed
Database connected
1 parent a29eb91 commit d3be332

3 files changed

Lines changed: 29 additions & 35 deletions

File tree

routes/otp.js

Lines changed: 13 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -2,21 +2,22 @@ const express = require('express');
22
const router = express.Router();
33
const debugRoute = require('debug')('app:route');
44
const speakeasy = require('speakeasy');
5+
//Services
6+
const dbAdapter = require('../services/dbAdapter');
57
//Models
68
const {generateAuthToken} = require('../models/User');
79
//Middleware
810
const auth = require('../middleware/auth');
911

1012
router.get('/generate', auth, async (req, res) => {
11-
//TODO get user from database
12-
let user = {};
13+
let user = await dbAdapter.getUserById(req.user.id);
1314

1415
if (!user) {
1516
debugRoute("GET /api/otp/generate - 404 - User not found");
1617
return res.status(404).send('User not found.');
1718
}
1819

19-
if (user.otp_enabled && user.otp_verified) {
20+
if (user.totp_secret !== undefined && user.totp_confirmed) {
2021
debugRoute("GET /api/otp/generate - 400 - OTP already enabled");
2122
return res.status(400).send('OTP already enabled.');
2223
}
@@ -25,7 +26,7 @@ router.get('/generate', auth, async (req, res) => {
2526
let secret = speakeasy.generateSecret().base32;
2627
user.totp_secret = secret;
2728

28-
//TODO save user
29+
await dbAdapter.updateUser(user);
2930

3031
debugRoute("GET /api/otp/generate - 200 - OTP generated");
3132

@@ -38,8 +39,7 @@ router.post('/verify', auth, async (req, res) => {
3839
return res.status(400).send("Token required");
3940
}
4041

41-
//TODO get user from database and change me
42-
let user = {totp_secret: "someting"};
42+
let user = await dbAdapter.getUserById(req.user.id);
4343

4444
if (!user) {
4545
debugRoute("POST /api/otp/verify - 404 - User not found");
@@ -52,13 +52,11 @@ router.post('/verify', auth, async (req, res) => {
5252
}
5353

5454
let verified = speakeasy.totp.verify({
55-
secret: user.otp_secret,
55+
secret: user.totp_secret,
5656
encoding: 'base32',
5757
token: req.body.token,
5858
window: 1
5959
});
60-
//TODO change me
61-
verified = true;
6260

6361
if (!verified) {
6462
debugRoute("POST /api/otp/verify - 400 - Invalid token");
@@ -67,8 +65,8 @@ router.post('/verify', auth, async (req, res) => {
6765

6866
if (!user.totp_confirmed) {
6967
user.totp_confirmed = true;
70-
user.lastSecurityUpdate = Date.now();
71-
//TODO save User
68+
user.last_security_change = Date.now();
69+
await dbAdapter.updateUser(user);
7270
}
7371

7472
debugRoute("POST /api/otp/verify - 200 - OTP verified");
@@ -77,30 +75,27 @@ router.post('/verify', auth, async (req, res) => {
7775
});
7876

7977
router.post('/disable', auth, async (req, res) => {
80-
//TODO get user from database
78+
let user = dbAdapter.getUserById(req.user.id);
8179

82-
let user = {};
8380
if (!user) {
8481
debugRoute("POST /api/otp/disable - 404 - User not found");
8582
return res.status(404).send('User not found.');
8683
}
8784

88-
//TODO change me
89-
user.totp_confirmed = true;
9085
if (!user.totp_confirmed) {
9186
debugRoute("POST /api/otp/disable - 400 - OTP not enabled");
9287
return res.status(400).send('OTP not enabled.');
9388
}
9489

9590
user.totp_secret = undefined;
9691
user.totp_confirmed = false;
97-
user.lastSecurityUpdate = Date.now();
92+
user.last_security_change = Date.now();
9893

99-
//save user
94+
await dbAdapter.updateUser(user);
10095

10196
debugRoute("POST /api/otp/disable - 200 - OTP disabled");
10297

103-
res.send(generateAuthToken(false,false));
98+
res.send(generateAuthToken(user.id, user.admin,false,false));
10499
});
105100

106101
module.exports = router;

routes/users.js

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -112,7 +112,6 @@ router.post('/password/reset/request/:email', async (req, res) => {
112112
}
113113

114114
user.email_verification_code = generateVerificationCode();
115-
user.last_security_change = Date.now();
116115
user.last_email_send = Date.now()
117116

118117
await dbAdapter.updateUser(user);
@@ -140,19 +139,19 @@ router.put('/password/reset/:code', async (req, res) => {
140139
}
141140

142141
//TODO get user from database
143-
//let user = dbAdapter;
142+
let user = {};
144143
//if (Date.now() - user.passwordResetTime > 600000) {
145144
// debugRoute("GET /api/users/password/reset/:code - 400 - Reset code expired");
146145
// return res.status(400).send("Reset code expired");
147146
//}
148147

149148
const salt = bcrypt.genSaltSync(10);
150149
user.password = await bcrypt.hash(req.body.password, salt);
151-
user.passwordResetCode = undefined;
152-
user.passwordResetTime = undefined;
153-
user.lastSecurityUpdate = Date.now();
150+
user.email_verification_code = undefined;
151+
user.last_email_send = undefined;
152+
user.last_security_change = Date.now();
154153

155-
//TODO push to Server
154+
await dbAdapter.updateUser(user);
156155

157156
debugRoute("GET /api/users/password/reset/:code - 200 - Password reset");
158157

routes/verification.js

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,8 @@ const router = express.Router();
33
const debugRoute = require('debug')('app:route');
44
const {sendVerificationEmail} = require("../services/mailer");
55
const Joi = require("joi");
6+
//Services
7+
const dbAdapter = require('../services/dbAdapter');
68
//Models
79
const {generateVerificationCode} = require('../models/User');
810

@@ -12,9 +14,7 @@ router.post('/resend/:email', async (req, res) => {
1214
return res.status(400).send("Invalid email");
1315
}
1416

15-
//TODO get user from database
16-
17-
let user = {};
17+
let user = await dbAdapter.getUserByEmail(req.params.email);
1818
if (!user) {
1919
debugRoute("POST /api/verification/resend/:email - 404 - User not found");
2020
return res.status(404).send('User not found.');
@@ -30,11 +30,11 @@ router.post('/resend/:email', async (req, res) => {
3030
return res.status(400).send('User already verified.');
3131
}
3232

33-
user.verificationCode = generateVerificationCode();
34-
user.verificationCodeSent = Date.now();
33+
user.email_verification_code = generateVerificationCode();
34+
user.last_email_send = Date.now();
3535
sendVerificationEmail(user)
3636

37-
//TODO save user
37+
await dbAdapter.updateUser(user);
3838

3939
debugRoute("POST /api/verification/resend/:email - 200 - Verification code resent");
4040

@@ -55,16 +55,16 @@ router.post('/verify/:code', async (req, res) => {
5555
//TODO find user in database
5656
let user = {}
5757

58-
if (user.verificationCodeSent < Date.now() - 259200000) {
58+
if (user.last_email_send < Date.now() - 259200000) {
5959
debugRoute("POST /api/verification/verify/:code - 400 - Verification code expired");
6060
return res.status(400).send('Verification code expired.');
6161
}
6262

63-
user.active = true;
64-
user.verificationCode = undefined;
65-
user.verificationCodeSent = undefined;
63+
user.email_confirmed = true;
64+
user.email_verification_code = undefined;
65+
user.last_email_send = undefined;
6666

67-
//TODO save user
67+
await dbAdapter.updateUser(user);
6868

6969
debugRoute("POST /api/verification/verify/:code - 200 - User verified");
7070

0 commit comments

Comments
 (0)