accounts are now looked up by session.id instead of username fixes #18

braitsch · Feb 28, 2016 · c6ec2c4 · c6ec2c4
1 parent f4d9c3f
commit c6ec2c4
Show file tree

Hide file tree

Showing 12 changed files with 39 additions and 44 deletions.
diff --git a/app/public/js/controllers/homeController.js b/app/public/js/controllers/homeController.js
@@ -1,7 +1,6 @@
 
 function HomeController()
 {
-
 // bind event listeners to button clicks //
 	var that = this;
 
@@ -35,7 +34,7 @@ function HomeController()
 	{
 		var that = this;
 		$.ajax({
-			url: "/home",
+			url: "/logout",
 			type: "POST",
 			data: {logout : true},
 			success: function(data){

diff --git a/app/public/js/controllers/loginController.js b/app/public/js/controllers/loginController.js
@@ -1,15 +1,11 @@
 
 function LoginController()
 {
-
 // bind event listeners to button clicks //
-
 	$('#retrieve-password-submit').click(function(){ $('#get-credentials-form').submit();});
 	$('#login-form #forgot-password').click(function(){ $('#get-credentials').modal('show');});
-
-// automatically toggle focus between the email modal window and the login form //
 
+// automatically toggle focus between the email modal window and the login form //
 	$('#get-credentials').on('shown', function(){ $('#email-tf').focus(); });
 	$('#get-credentials').on('hidden', function(){ $('#user-tf').focus(); });
-
 }
diff --git a/app/public/js/form-validators/accountValidator.js b/app/public/js/form-validators/accountValidator.js
@@ -1,6 +1,6 @@
 
-function AccountValidator(){
-
+function AccountValidator()
+{
 // build array maps of the form inputs & control groups //
 
 	this.formFields = [$('#name-tf'), $('#email-tf'), $('#user-tf'), $('#pass-tf')];

diff --git a/app/public/js/form-validators/emailValidator.js b/app/public/js/form-validators/emailValidator.js
@@ -1,16 +1,14 @@
 
-function EmailValidator(){
-
+function EmailValidator()
+{
 // bind this to _local for anonymous functions //
-
 	var _local = this;
 
 // modal window to allow users to request credentials by email //
 	_local.retrievePassword = $('#get-credentials');
 	_local.retrievePassword.modal({ show : false, keyboard : true, backdrop : true });
 	_local.retrievePasswordAlert = $('#get-credentials .alert');
 	_local.retrievePassword.on('show', function(){ $('#get-credentials-form').resetForm(); _local.retrievePasswordAlert.hide();});
-
 }
 
 EmailValidator.prototype.validateEmail = function(e)

diff --git a/app/public/js/form-validators/loginValidator.js b/app/public/js/form-validators/loginValidator.js
@@ -1,8 +1,7 @@
 
-function LoginValidator(){
-
+function LoginValidator()
+{
 // bind a simple alert window to this controller to display any errors //
-
 	this.loginErrors = $('.modal-alert');
 	this.loginErrors.modal({ show : false, keyboard : true, backdrop : true });
 
@@ -12,7 +11,6 @@ function LoginValidator(){
 		$('.modal-alert .modal-body p').text(m);
 		this.loginErrors.modal('show');
 	}
-
 }
 
 LoginValidator.prototype.validateForm = function()

diff --git a/app/public/js/form-validators/resetValidator.js b/app/public/js/form-validators/resetValidator.js
@@ -1,6 +1,6 @@
 
-function ResetValidator(){
-
+function ResetValidator()
+{
 // modal window to allow users to reset their password //
 	this.setPassword = $('#set-password');
 	this.setPassword.modal({ show : false, keyboard : false, backdrop : 'static' });

diff --git a/app/public/js/views/home.js b/app/public/js/views/home.js
@@ -46,4 +46,4 @@ $(document).ready(function(){
 	$('.modal-confirm .submit').html('Delete');
 	$('.modal-confirm .submit').addClass('btn-danger');
 
-})
+});
diff --git a/app/public/js/views/login.js b/app/public/js/views/login.js
@@ -1,6 +1,6 @@
 
 $(document).ready(function(){
-	
+
 	var lv = new LoginValidator();
 	var lc = new LoginController();
 
@@ -48,4 +48,4 @@ $(document).ready(function(){
 		}
 	});
 
-})
+});
diff --git a/app/public/js/views/signup.js b/app/public/js/views/signup.js
@@ -36,4 +36,4 @@ $(document).ready(function(){
 	$('.modal-alert .modal-header h3').text('Success!');
 	$('.modal-alert .modal-body p').html('Your account has been created.</br>Click OK to return to the login page.');
 
-})
+});
diff --git a/app/server/modules/account-manager.js b/app/server/modules/account-manager.js
@@ -76,20 +76,20 @@ exports.addNewAccount = function(newData, callback)
 
 exports.updateAccount = function(newData, callback)
 {
-	accounts.findOne({user:newData.user}, function(e, o){
+	accounts.findOne({_id:getObjectId(newData.id)}, function(e, o){
 		o.name 		= newData.name;
 		o.email 	= newData.email;
 		o.country 	= newData.country;
 		if (newData.pass == ''){
-			accounts.save(o, {safe: true}, function(err) {
-				if (err) callback(err);
+			accounts.save(o, {safe: true}, function(e) {
+				if (e) callback(e);
 				else callback(null, o);
 			});
 		}	else{
 			saltAndHash(newData.pass, function(hash){
 				o.pass = hash;
-				accounts.save(o, {safe: true}, function(err) {
-					if (err) callback(err);
+				accounts.save(o, {safe: true}, function(e) {
+					if (e) callback(e);
 					else callback(null, o);
 				});
 			});
@@ -137,7 +137,7 @@ exports.getAllRecords = function(callback)
 		if (e) callback(e)
 		else callback(null, res)
 	});
-};
+}
 
 exports.delAllRecords = function(callback)
 {
@@ -174,8 +174,6 @@ var validatePassword = function(plainPass, hashedPass, callback)
 	callback(null, hashedPass === validHash);
 }
 
-/* auxiliary methods */
-
 var getObjectId = function(id)
 {
 	return new require('mongodb').ObjectID(id);
@@ -188,8 +186,7 @@ var findById = function(id, callback)
 		if (e) callback(e)
 		else callback(null, res)
 	});
-};
-
+}
 
 var findByMultipleFields = function(a, callback)
 {

diff --git a/app/server/routes.js b/app/server/routes.js
@@ -6,7 +6,6 @@ var EM = require('./modules/email-dispatcher');
 module.exports = function(app) {
 
 // main login page //
-
 	app.get('/', function(req, res){
 	// check if the user's credentials are saved in a cookie //
 		if (req.cookies.user == undefined || req.cookies.pass == undefined){
@@ -55,13 +54,15 @@ module.exports = function(app) {
 	});
 
 	app.post('/home', function(req, res){
-		if (req.body['user'] != undefined) {
+		if (req.session.user == null){
+			res.redirect('/');
+		}	else{
 			AM.updateAccount({
-				user 	: req.body['user'],
-				name 	: req.body['name'],
-				email 	: req.body['email'],
+				id		: req.session.user._id,
+				name	: req.body['name'],
+				email	: req.body['email'],
 				pass	: req.body['pass'],
-				country : req.body['country']
+				country	: req.body['country']
 			}, function(e, o){
 				if (e){
 					res.status(400).send('error-updating-account');
@@ -75,12 +76,14 @@ module.exports = function(app) {
 					res.status(200).send('ok');
 				}
 			});
-		}	else if (req.body['logout'] == 'true'){
-			res.clearCookie('user');
-			res.clearCookie('pass');
-			req.session.destroy(function(e){ res.status(200).send('ok'); });
 		}
 	});
+
+	app.post('/logout', function(req, res){
+		res.clearCookie('user');
+		res.clearCookie('pass');
+		req.session.destroy(function(e){ res.status(200).send('ok'); });
+	})
 
 // creating new accounts //
 
@@ -183,4 +186,4 @@ module.exports = function(app) {
 
 	app.get('*', function(req, res) { res.render('404', { title: 'Page Not Found'}); });
 
-};
+};
diff --git a/history.md b/history.md
@@ -1,3 +1,7 @@
+####1.4.1 / 2016-02-27
+	* calls to logout now route to /logout instead of /home
+	* accounts are now looked up by session.id instead of username
+
 ####1.4.0 / 2015-06-14
 	* updating to express v4.12.4
 	* adding connect-mongo for db session store