Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

#166138182 Fix failing password check #40

Merged
merged 4 commits into from
May 20, 2019
Merged

#166138182 Fix failing password check #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
307b8e4
bug(signin): return error if password don't match
chidimo May 20, 2019
2b5ee7d
refactor(users): make user check return true or false
chidimo May 20, 2019
4f765a4
refactor(users): write user check helper
chidimo May 20, 2019
e70f3a6
chore(UI): Minor non-breaking change
chidimo May 20, 2019
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
4 changes: 2 additions & 2 deletions UI/admin.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down Expand Up @@ -84,7 +84,7 @@ <h2 id="page_heading">
<div class="admin_top_div">
<div class="user_card card">
<div class="user_photo">
<img src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</div>
<hr class="card_divider">

Expand Down
6 changes: 3 additions & 3 deletions UI/dashboard.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down Expand Up @@ -84,7 +84,7 @@ <h2 class="page_heading">Orji Chidi <i class="fas fa-check-circle"></i></h2>
<div class="user_card card">
<div
class="user_photo"
style="background-image: url('https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4')"
style="background-image: url('https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1')"
>
<svg
id="profile_pix"
Expand All @@ -104,7 +104,7 @@ <h2 class="page_heading">Orji Chidi <i class="fas fa-check-circle"></i></h2>
<!-- <img
title="Click to change"
id="profile_pix"
src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4"
src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1"
alt="Profile picture"
> -->
<input type="file" id="img_uploader" name="img_uploader" accept="image/*" />
Expand Down
2 changes: 1 addition & 1 deletion UI/js/dashboard.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ const update_profile_pix = file => {
reader.readAsDataURL(file);
}
else {
profile_pix.src = 'https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4';
profile_pix.src = 'https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1';
}
};

Expand Down
4 changes: 2 additions & 2 deletions UI/loan.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down Expand Up @@ -118,7 +118,7 @@ <h2 class="page_heading">Loan | 1</h2>

<div class="user_card card">
<div class="user_photo">
<img src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</div>
<hr class="card_divider">

Expand Down
2 changes: 1 addition & 1 deletion UI/loan.new.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down
2 changes: 1 addition & 1 deletion UI/loans.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down
2 changes: 1 addition & 1 deletion UI/profile.edit.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down
4 changes: 2 additions & 2 deletions UI/user.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down Expand Up @@ -100,7 +100,7 @@ <h2 id="page_heading">
<img
title="Click to change"
id="profile_pix"
src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4"
src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1"
alt="Profile picture"
>
<input type="file" id="img_uploader" name="img_uploader" accept="image/*" />
Expand Down
2 changes: 1 addition & 1 deletion UI/users.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@
<li>
<a id="profile_dropdown" href="#" class="">
<span class="micro_avatar_wrapper">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/4" alt="">
<img class="micro_avatar" src="https://s3.eu-west-2.amazonaws.com/quick-credit/profile_photos/1" alt="">
</span>
<svg
xmlns="http://www.w3.org/2000/svg"
Expand Down
28 changes: 18 additions & 10 deletions controllers/AuthController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,10 @@
import Model from '../models/Model';
import
{
check_user_existence,
get_user_clause,
add_user_to_db
check_user_exists,
get_existing_user,
add_user_to_db,
check_password
} from './helpers/AuthController';
// import { dev_logger } from '../utils/loggers';

Expand All @@ -12,8 +13,8 @@ const users_model = new Model('users');
const AuthController = {
signup: async (req, res) => {
const { email } = req.body;
const user_exists = await check_user_existence(
users_model, email, res);
const user_exists = await check_user_exists(
users_model, `WHERE email='${email}'`, res);

if (user_exists) {
return res
Expand All @@ -24,16 +25,23 @@ const AuthController = {
const [ { id }, ] = rows;
const clause = `WHERE id=${id}`;
const err_msg = `User with id ${id} does not exist.`;
const user = await get_user_clause(users_model, res, clause, err_msg);
const user = await get_existing_user(users_model, res, clause, err_msg);
return res.status(201).json({ data: { ...user, token: req.token } });
},

signin: async (req, res) => {
const { email } = req.body;
const { email, password } = req.body;
const clause = `WHERE email='${email}'`;
const err_msg = `User with email ${email} does not exist.`;
const user = await get_user_clause(users_model, res, clause, err_msg);
return res.status(200).json({ data: { ...user, token: req.token } });
// check user exists
const match = await check_password(users_model, email, password, res);
if (match) {
const user = await get_existing_user(
users_model, res, clause, err_msg);
return res
.status(200).json({ data: { ...user, token: req.token } });
}
return res.status(404).json({ error: 'Incorrect password' });
},
};

Expand Down
58 changes: 29 additions & 29 deletions controllers/UsersController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,33 +1,36 @@
import Model from '../models/Model';
import { InternalServerError } from '../utils/errorHandlers';
import { get_user_clause } from './helpers/AuthController';
import {
aws_signed_url,
update_user_photo_url
} from './helpers/UsersController';
get_existing_user, check_user_exists
} from './helpers/AuthController';
import { aws_signed_url, } from './helpers/UsersController';

const users_model = new Model('users');

const UsersController = {
get_user: async (req, res) => {
const { id } = req.params;
const clause = `WHERE id=${id}`;
const err_msg = `User with id ${id} not found`;
const user = await get_user_clause(users_model, res, clause, err_msg);
if (user.id) {
const exists = await check_user_exists(users_model, clause, res);
if (exists) {
const user = await get_existing_user(users_model, res, clause);
return res.status(200).json({ data: user });
}
return res.status(404)
.json({ error: `User with id ${id} not found` });
},

verify_user: async (req, res) => {
const { id } = req.params;
const clause = `WHERE id=${id}`;
const err_msg = `User with id ${id} not found`;
await users_model.update('status=\'verified\'', clause);
const user = await get_user_clause(users_model, res, clause, err_msg);
if (user.id) {
const exists = await check_user_exists(users_model, clause, res);
if (exists) {
await users_model.update('status=\'verified\'', clause);
const user = await get_existing_user(users_model, res, clause);
return res.status(200).json({ data: user });
}
return res.status(404)
.json({ error: `User with id ${id} not found` });
},

get_users: async (req, res) => {
Expand All @@ -36,15 +39,13 @@ const UsersController = {
let data;
if (status) {
data = await users_model.select(
`id, email, password, firstname,
lastname, phone, status, address`,
'id, email, firstname, lastname, phone, status, address',
`WHERE status='${status}'`
);
}
else {
data = await users_model.select(
`id, email, password, firstname,
lastname, phone, status, address`,
'id, email, firstname, lastname, phone, status, address',
);
}
return res.status(200).json({ data: data.rows });
Expand All @@ -56,21 +57,19 @@ const UsersController = {
const { id } = req.params;
const { firstname, lastname, phone, home, office } = req.body;
const clause = `WHERE id=${id}`;
const err_msg = `User with id ${id} not found`;
try {
const exists = await check_user_exists(users_model, clause, res);
if (exists) {
await users_model.update(
`firstname='${firstname}', lastname='${lastname}',
phone='${phone}',
address='{"home": "${home}", "office": "${office}"}'`,
clause
);
const user = await get_user_clause(
users_model, res, clause, err_msg);
const user = await get_existing_user(users_model, res, clause);
return res.status(200).json({ data: user });
}
catch (e) {
return InternalServerError(res, e);
}
return res.status(404)
.json({ error: `User with id ${id} not found` });
},

get_aws_signed_url: (req, res) => {
Expand All @@ -83,15 +82,16 @@ const UsersController = {
update_photo_url: async (req, res) => {
const { id } = req.params;
const { photo_url } = req.body;
try {
await update_user_photo_url(users_model, id, photo_url, res);
const clause = `WHERE id=${id}`;
const err_msg = `User with id ${id} does not exist.`;
const user = await get_user_clause(
users_model, res, clause, err_msg);
const clause = `WHERE id=${id}`;
const exists = await check_user_exists(users_model, clause, res);
if (exists) {
await users_model.update(`photo='${photo_url}'`, clause);
const user = await get_existing_user(users_model, res, clause);
return res.status(200).json({ data: user });
}
catch (e) { return InternalServerError(res, e); }
return res.status(404)
.json({ error: `User with id ${id} not found` });

}
};

Expand Down
24 changes: 16 additions & 8 deletions controllers/helpers/AuthController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,13 +2,24 @@ import bcrypt from 'bcrypt';

import { InternalServerError } from '../../utils/errorHandlers';

export const check_user_existence = async (model_instance, email, res) => {
export const check_user_exists = async (model_instance, clause, res) => {
try {
const { rows } = await model_instance.select(
'id, email', `WHERE email='${email}'`);
'id, email', clause);
const [ user, ] = rows;

if (user) return user;
if (user) return true;
return false;
}
catch (e) { return InternalServerError(res, e);}
};

export const check_password = async (model_instance, email, password, res) => {
try {
const { rows } = await model_instance.select(
'id, email, password', `WHERE email='${email}'`);
const [ user, ] = rows;
if (bcrypt.compareSync(password, user.password)) return true;
return false;
}
catch (e) { return InternalServerError(res, e);}
};
Expand All @@ -27,15 +38,12 @@ export const add_user_to_db = async (model_instance, req, res) => {
catch (e) { return InternalServerError(res, e);}
};

export const get_user_clause = async (model_instance, res, clause, err_msg) => {
export const get_existing_user = async (model_instance, res, clause) => {
try {
const { rows } = await model_instance.select(
'id, email, firstname, photo, lastname, phone, status, address',
clause
);
if (rows.length === 0) return res.status(404).json({
error: err_msg
});
return rows[0];
}
catch (e) { return InternalServerError(res, e); }
Expand Down
9 changes: 0 additions & 9 deletions controllers/helpers/UsersController.js
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
import AWS from 'aws-sdk';
import settings from '../../settings';
import { dev_logger } from '../../utils/loggers';
import { InternalServerError } from '../../utils/errorHandlers';

const s3 = new AWS.S3({
accessKeyId: settings.AWS_settings.accessKeyId,
Expand All @@ -22,11 +21,3 @@ export const aws_signed_url = (id, filetype) => {
const url = s3.getSignedUrl('putObject', params);
return url;
};

export const update_user_photo_url = async (model_instance, id, url, res) => {
try {
await model_instance.update(
`photo='${url}'`, `WHERE id=${id}`);
}
catch (e) { return InternalServerError(res, e); }
};