overleaf/services/web/app/coffee/Features/User/UserController.coffee

UserDeleter = require("./UserDeleter")
UserLocator = require("./UserLocator")
User = require("../../models/User").User
newsLetterManager = require('../Newsletter/NewsletterManager')
UserRegistrationHandler = require("./UserRegistrationHandler")
logger = require("logger-sharelatex")
metrics = require("../../infrastructure/Metrics")
Url = require("url")
AuthenticationManager = require("../Authentication/AuthenticationManager")
UserUpdater = require("./UserUpdater")
SubscriptionDomainAllocator = require("../Subscription/SubscriptionDomainAllocator")
EmailHandler = require("../Email/EmailHandler")
PasswordResetTokenHandler = require "../PasswordReset/PasswordResetTokenHandler"
settings = require "settings-sharelatex"
crypto = require "crypto"

module.exports =

	deleteUser: (req, res)->
		user_id = req.session.user._id
		UserDeleter.deleteUser user_id, (err)->
			if !err?
				req.session.destroy()
			res.send(200)

	unsubscribe: (req, res)->
		UserLocator.findById req.session.user._id, (err, user)->
			newsLetterManager.unsubscribe user, ->
				res.send()

	updateUserSettings : (req, res)->
		logger.log user: req.session.user, "updating account settings"
		user_id = req.session.user._id
		User.findById user_id, (err, user)->
			if err? or !user?
				logger.err err:err, user_id:user_id, "problem updaing user settings"
				return res.send 500

			if req.body.first_name?
				user.first_name = req.body.first_name.trim()
			if req.body.last_name?
				user.last_name = req.body.last_name.trim()
			if req.body.role?
				user.role = req.body.role.trim()
			if req.body.institution?
				user.institution = req.body.institution.trim()
			if req.body.mode?
				user.ace.mode = req.body.mode
			if req.body.theme?
				user.ace.theme = req.body.theme
			if req.body.fontSize?
				user.ace.fontSize = req.body.fontSize
			if req.body.autoComplete?
				user.ace.autoComplete = req.body.autoComplete
			if req.body.spellCheckLanguage?
				user.ace.spellCheckLanguage = req.body.spellCheckLanguage
			if req.body.pdfViewer?
				user.ace.pdfViewer = req.body.pdfViewer
			user.save (err)->
				newEmail = req.body.email?.trim().toLowerCase()
				if !newEmail? or newEmail == user.email
					return res.send 200
				else if newEmail.indexOf("@") == -1
					return res.send(400)
				else
					UserUpdater.changeEmailAddress user_id, newEmail, (err)->
						if err?
							logger.err err:err, user_id:user_id, newEmail:newEmail, "problem updaing users email address"
							if err.message == "alread_exists"
								message = req.i18n.translate("alread_exists")
							else
								message = req.i18n.translate("problem_changing_email_address")
							return res.send 500, {message:message}
						res.send(200)

	logout : (req, res)->
		metrics.inc "user.logout"
		logger.log user: req?.session?.user, "logging out"
		req.session.destroy (err)->
			if err
				logger.err err: err, 'error destorying session'
			res.redirect '/login'

	register : (req, res, next = (error) ->)->
		email = req.body.email
		if !email? or email == ""
			res.send 422 # Unprocessable Entity
			return
		logger.log {email}, "registering new user"
		UserRegistrationHandler.registerNewUser {
			email: email
			password: crypto.randomBytes(32).toString("hex")
		}, (err, user)->
			if err? and err?.message != "EmailAlreadyRegistered"
				return next(err)
			
			if err?.message == "EmailAlreadyRegistered"
				logger.log {email}, "user already exists, resending welcome email"

			ONE_WEEK = 7 * 24 * 60 * 60 # seconds
			PasswordResetTokenHandler.getNewToken user._id, { expiresIn: ONE_WEEK }, (err, token)->
				return next(err) if err?
				
				setNewPasswordUrl = "#{settings.siteUrl}/user/password/set?passwordResetToken=#{token}&email=#{encodeURIComponent(email)}"

				EmailHandler.sendEmail "registered", {
					to: user.email
					setNewPasswordUrl: setNewPasswordUrl
				}, () ->
					
				res.json {
					email: user.email
					setNewPasswordUrl: setNewPasswordUrl
				}

	changePassword : (req, res, next = (error) ->)->
		metrics.inc "user.password-change"
		oldPass = req.body.currentPassword
		AuthenticationManager.authenticate {_id:req.session.user._id}, oldPass, (err, user)->
			return next(err) if err?
			if(user)
				logger.log user: req.session.user, "changing password"
				newPassword1 = req.body.newPassword1
				newPassword2 = req.body.newPassword2
				if newPassword1 != newPassword2
					logger.log user: user, "passwords do not match"
					res.send
						message:
						  type:'error'
						  text:'Your passwords do not match'
				else
					logger.log user: user, "password changed"
					AuthenticationManager.setUserPassword user._id, newPassword1, (error) ->
						return next(error) if error?
						res.send
							message:
							  type:'success'
							  text:'Your password has been changed'
			else
				logger.log user: user, "current password wrong"
				res.send
					message:
					  type:'error'
					  text:'Your old password is wrong'

	changeEmailAddress: (req, res)->
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`UserDeleter = require("./UserDeleter")`
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`UserLocator = require("./UserLocator")`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`User = require("../../models/User").User`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`newsLetterManager = require('../Newsletter/NewsletterManager')`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`UserRegistrationHandler = require("./UserRegistrationHandler")`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`logger = require("logger-sharelatex")`
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`metrics = require("../../infrastructure/Metrics")`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`Url = require("url")`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`AuthenticationManager = require("../Authentication/AuthenticationManager")`
added controler t change user email 2014-05-16 12:45:48 -04:00			`UserUpdater = require("./UserUpdater")`
on register try and auto allocate a group licence if one exists 2015-01-27 13:22:51 -05:00			`SubscriptionDomainAllocator = require("../Subscription/SubscriptionDomainAllocator")`
Move email sending into registration controller 2015-03-18 11:57:01 -04:00			`EmailHandler = require("../Email/EmailHandler")`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`PasswordResetTokenHandler = require "../PasswordReset/PasswordResetTokenHandler"`
			`settings = require "settings-sharelatex"`
			`crypto = require "crypto"`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`module.exports =`

			`deleteUser: (req, res)->`
			`user_id = req.session.user._id`
			`UserDeleter.deleteUser user_id, (err)->`
			`if !err?`
			`req.session.destroy()`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`res.send(200)`

			`unsubscribe: (req, res)->`
			`UserLocator.findById req.session.user._id, (err, user)->`
			`newsLetterManager.unsubscribe user, ->`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`res.send()`

			`updateUserSettings : (req, res)->`
			`logger.log user: req.session.user, "updating account settings"`
finished off change email 2014-05-19 06:50:32 -04:00			`user_id = req.session.user._id`
			`User.findById user_id, (err, user)->`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`if err? or !user?`
finished off change email 2014-05-19 06:50:32 -04:00			`logger.err err:err, user_id:user_id, "problem updaing user settings"`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`return res.send 500`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00
			`if req.body.first_name?`
			`user.first_name = req.body.first_name.trim()`
			`if req.body.last_name?`
			`user.last_name = req.body.last_name.trim()`
Wire up account settings forms 2014-06-20 06:15:25 -04:00			`if req.body.role?`
			`user.role = req.body.role.trim()`
			`if req.body.institution?`
			`user.institution = req.body.institution.trim()`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`if req.body.mode?`
			`user.ace.mode = req.body.mode`
			`if req.body.theme?`
			`user.ace.theme = req.body.theme`
			`if req.body.fontSize?`
			`user.ace.fontSize = req.body.fontSize`
			`if req.body.autoComplete?`
Add in auto complete 2014-06-24 16:09:20 -04:00			`user.ace.autoComplete = req.body.autoComplete`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`if req.body.spellCheckLanguage?`
			`user.ace.spellCheckLanguage = req.body.spellCheckLanguage`
			`if req.body.pdfViewer?`
			`user.ace.pdfViewer = req.body.pdfViewer`
finished off change email 2014-05-19 06:50:32 -04:00			`user.save (err)->`
changing email address should lowercase the email 2014-10-13 10:44:45 -04:00			`newEmail = req.body.email?.trim().toLowerCase()`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`if !newEmail? or newEmail == user.email`
finished off change email 2014-05-19 06:50:32 -04:00			`return res.send 200`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`else if newEmail.indexOf("@") == -1`
			`return res.send(400)`
Revert "Revert "change send doc lines using tpds to work with stream and doc store"" This reverts commit a41299570d07b83111b6a995902a30a67867a5c7. 2014-05-20 08:18:59 -04:00			`else`
finished off change email 2014-05-19 06:50:32 -04:00			`UserUpdater.changeEmailAddress user_id, newEmail, (err)->`
			`if err?`
			`logger.err err:err, user_id:user_id, newEmail:newEmail, "problem updaing users email address"`
Changed the error messages which are sent down to the client to be translated first fixed up tests from titles we check when rendering, deleted them as they never catch anything important, more hastle than they are worth imo. 2014-08-01 09:03:38 -04:00			`if err.message == "alread_exists"`
			`message = req.i18n.translate("alread_exists")`
			`else`
			`message = req.i18n.translate("problem_changing_email_address")`
			`return res.send 500, {message:message}`
finished off change email 2014-05-19 06:50:32 -04:00			`res.send(200)`
moved logout to new user controller 2014-04-09 11:59:28 -04:00
			`logout : (req, res)->`
			`metrics.inc "user.logout"`
			`logger.log user: req?.session?.user, "logging out"`
			`req.session.destroy (err)->`
			`if err`
			`logger.err err: err, 'error destorying session'`
			`res.redirect '/login'`

Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`register : (req, res, next = (error) ->)->`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`email = req.body.email`
			`if !email? or email == ""`
			`res.send 422 # Unprocessable Entity`
			`return`
			`logger.log {email}, "registering new user"`
			`UserRegistrationHandler.registerNewUser {`
			`email: email`
			`password: crypto.randomBytes(32).toString("hex")`
			`}, (err, user)->`
			`if err? and err?.message != "EmailAlreadyRegistered"`
			`return next(err)`

			`if err?.message == "EmailAlreadyRegistered"`
			`logger.log {email}, "user already exists, resending welcome email"`
Move email sending into registration controller 2015-03-18 11:57:01 -04:00
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`ONE_WEEK = 7 * 24 * 60 * 60 # seconds`
			`PasswordResetTokenHandler.getNewToken user._id, { expiresIn: ONE_WEEK }, (err, token)->`
			`return next(err) if err?`

added complex password validation to password resets 2015-04-30 06:59:44 -04:00			`setNewPasswordUrl = "#{settings.siteUrl}/user/password/set?passwordResetToken=#{token}&email=#{encodeURIComponent(email)}"`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00
			`EmailHandler.sendEmail "registered", {`
Move email sending into registration controller 2015-03-18 11:57:01 -04:00			`to: user.email`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`setNewPasswordUrl: setNewPasswordUrl`
Move email sending into registration controller 2015-03-18 11:57:01 -04:00			`}, () ->`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00
			`res.json {`
			`email: user.email`
			`setNewPasswordUrl: setNewPasswordUrl`
			`}`
added referal allocator to user controller 2014-04-15 08:59:00 -04:00
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`changePassword : (req, res, next = (error) ->)->`
			`metrics.inc "user.password-change"`
			`oldPass = req.body.currentPassword`
			`AuthenticationManager.authenticate {_id:req.session.user._id}, oldPass, (err, user)->`
			`return next(err) if err?`
			`if(user)`
			`logger.log user: req.session.user, "changing password"`
			`newPassword1 = req.body.newPassword1`
			`newPassword2 = req.body.newPassword2`
			`if newPassword1 != newPassword2`
			`logger.log user: user, "passwords do not match"`
			`res.send`
			`message:`
			`type:'error'`
			`text:'Your passwords do not match'`
			`else`
			`logger.log user: user, "password changed"`
			`AuthenticationManager.setUserPassword user._id, newPassword1, (error) ->`
			`return next(error) if error?`
			`res.send`
			`message:`
			`type:'success'`
			`text:'Your password has been changed'`
			`else`
			`logger.log user: user, "current password wrong"`
			`res.send`
			`message:`
			`type:'error'`
added controler t change user email 2014-05-16 12:45:48 -04:00			`text:'Your old password is wrong'`

			`changeEmailAddress: (req, res)->`