user find method

d-band · Oct 30, 2019 · 14321aa · 14321aa
1 parent 00e630e
commit 14321aa
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 11 deletions.
diff --git a/src/controllers/admin.js b/src/controllers/admin.js
@@ -287,7 +287,10 @@ export async function addRole (ctx) {
     return;
   }
 
-  const user = await User.findByEmail(email);
+  const user = await User.findOne({
+    attributes: ['id'],
+    where: { email, enable: 1 }
+  });
   if (!user) {
     ctx.flash('error', 'User is not existed');
     ctx.redirect(ctx._routes.admin.roles);

diff --git a/src/controllers/user.js b/src/controllers/user.js
@@ -88,6 +88,7 @@ export async function session (ctx) {
   const returnTo = ctx.session.returnTo;
 
   ctx.session.returnTo = null;
+  delete user.totp_key;
   ctx.session.user = user;
   await ctx.log(user.id, 'LOGIN');
   ctx.redirect(returnTo || ctx._routes.home);
@@ -114,7 +115,10 @@ export async function passwordReset (ctx) {
     return;
   }
 
-  const user = await User.findByEmail(email);
+  const user = await User.findOne({
+    attributes: ['id', 'email'],
+    where: { email, enable: 1 }
+  });
   if (!user) {
     ctx.flash('error', 'User not found');
     ctx.redirect(ctx._routes.password_reset);
@@ -232,7 +236,10 @@ export async function sendToken (ctx) {
   const now = Date.now();
   ctx.assert(!lastTime || (now - lastTime) > min, 400, 'Try again in a minute');
 
-  const user = await User.findByEmail(email);
+  const user = await User.findOne({
+    attributes: ['totp_key'],
+    where: { email, enable: 1 }
+  });
   ctx.assert(user, 400, 'User not found');
 
   await ctx.sendMail(email, 'send_token', {

diff --git a/src/models/user.js b/src/models/user.js
@@ -44,7 +44,9 @@ export default function (sequelize, DataTypes) {
   });
 
   User.auth = async function (email, password) {
-    const user = await this.findByEmail(email);
+    const user = await this.findOne({
+      where: { email, enable: 1 }
+    });
     if (!user) return null;
     if (user.pass_hash !== encrypt(password, user.pass_salt)) {
       return null;
@@ -55,13 +57,6 @@ export default function (sequelize, DataTypes) {
     return user;
   };
 
-  User.findByEmail = function (email) {
-    const enable = 1;
-    return this.findOne({
-      where: { email, enable }
-    });
-  };
-
   User.add = function ({ id, password, email, totp_key, is_admin }, options) {
     const salt = makeSalt();
     const hash = encrypt(password, salt);