overleaf/services/web/app/coffee/Features/User/UserRegistrationHandler.coffee

sanitize = require('sanitizer')
User = require("../../models/User").User
UserCreator = require("./UserCreator")
AuthenticationManager = require("../Authentication/AuthenticationManager")
NewsLetterManager = require("../Newsletter/NewsletterManager")
async = require("async")
logger = require("logger-sharelatex")
crypto = require("crypto")
EmailHandler = require("../Email/EmailHandler")
OneTimeTokenHandler = require "../Security/OneTimeTokenHandler"
Analytics = require "../Analytics/AnalyticsManager"
settings = require "settings-sharelatex"

module.exports = UserRegistrationHandler =
	validateEmail : (email) ->
		re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)|(\ ".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])|(([a-zA -Z\-0-9]+\.)+[a-zA-Z]{2,}))$/
		return re.test(email)

	hasZeroLengths : (props) ->
		hasZeroLength = false
		props.forEach (prop) ->
			if prop.length == 0
				hasZeroLength = true
		return hasZeroLength

	_registrationRequestIsValid : (body, callback)->
		email = sanitize.escape(body.email).trim().toLowerCase()
		password = body.password
		username = email.match(/^[^@]*/)
		if @hasZeroLengths([password, email])
			return false
		else if !@validateEmail(email)
			return false
		else
			return true

	_createNewUserIfRequired: (user, userDetails, callback)->
		if !user?
			userDetails.holdingAccount = false
			UserCreator.createNewUser {holdingAccount:false, email:userDetails.email, first_name:userDetails.first_name, last_name:userDetails.last_name}, callback
		else
			callback null, user

	registerNewUser: (userDetails, callback)->
		self = @
		requestIsValid = @_registrationRequestIsValid userDetails
		if !requestIsValid
			return callback(new Error("request is not valid"))
		userDetails.email = userDetails.email?.trim()?.toLowerCase()
		User.findOne email:userDetails.email, (err, user)->
			if err?
				return callback err
			if user?.holdingAccount == false
				return callback(new Error("EmailAlreadyRegistered"), user)
			self._createNewUserIfRequired user, userDetails, (err, user)->
				if err?
					return callback(err)
				async.series [
					(cb)-> User.update {_id: user._id}, {"$set":{holdingAccount:false}}, cb
					(cb)-> AuthenticationManager.setUserPassword user._id, userDetails.password, cb
					(cb)->
						NewsLetterManager.subscribe user, ->
						cb() #this can be slow, just fire it off
				], (err)->
					logger.log user: user, "registered"
					Analytics.recordEvent user._id, "user-registered"
					callback(err, user)
	
	registerNewUserAndSendActivationEmail: (email, callback = (error, user, setNewPasswordUrl) ->) ->
		logger.log {email}, "registering new user"
		UserRegistrationHandler.registerNewUser {
			email: email
			password: crypto.randomBytes(32).toString("hex")
		}, (err, user)->
			if err? and err?.message != "EmailAlreadyRegistered"
				return callback(err)
			
			if err?.message == "EmailAlreadyRegistered"
				logger.log {email}, "user already exists, resending welcome email"

			ONE_WEEK = 7 * 24 * 60 * 60 # seconds
			OneTimeTokenHandler.getNewToken user._id, { expiresIn: ONE_WEEK }, (err, token)->
				return callback(err) if err?
				
				setNewPasswordUrl = "#{settings.siteUrl}/user/activate?token=#{token}&user_id=#{user._id}"

				EmailHandler.sendEmail "registered", {
					to: user.email
					setNewPasswordUrl: setNewPasswordUrl
				}, () ->
				
				callback null, user, setNewPasswordUrl
changed xss lib to sanitize not validator 2014-03-31 11:46:28 -04:00			`sanitize = require('sanitizer')`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`User = require("../../models/User").User`
			`UserCreator = require("./UserCreator")`
			`AuthenticationManager = require("../Authentication/AuthenticationManager")`
fix case problem with require of newsletter manager 2014-04-10 17:21:20 -04:00			`NewsLetterManager = require("../Newsletter/NewsletterManager")`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`async = require("async")`
			`logger = require("logger-sharelatex")`
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00			`crypto = require("crypto")`
			`EmailHandler = require("../Email/EmailHandler")`
			`OneTimeTokenHandler = require "../Security/OneTimeTokenHandler"`
Track registration events. 2016-08-11 07:29:58 -04:00			`Analytics = require "../Analytics/AnalyticsManager"`
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00			`settings = require "settings-sharelatex"`
Intial open source comment 2014-02-12 05:23:40 -05:00
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00			`module.exports = UserRegistrationHandler =`
Intial open source comment 2014-02-12 05:23:40 -05:00			`validateEmail : (email) ->`
			`re = /^(([^<>()[\]\\.,;:\s@\"]+(\.[^<>()[\]\\.,;:\s@\"]+)*)\|(\ ".+\"))@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\])\|(([a-zA -Z\-0-9]+\.)+[a-zA-Z]{2,}))$/`
			`return re.test(email)`

			`hasZeroLengths : (props) ->`
			`hasZeroLength = false`
			`props.forEach (prop) ->`
			`if prop.length == 0`
			`hasZeroLength = true`
			`return hasZeroLength`

Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`_registrationRequestIsValid : (body, callback)->`
			`email = sanitize.escape(body.email).trim().toLowerCase()`
			`password = body.password`
Intial open source comment 2014-02-12 05:23:40 -05:00			`username = email.match(/^[^@]*/)`
			`if @hasZeroLengths([password, email])`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`return false`
Intial open source comment 2014-02-12 05:23:40 -05:00			`else if !@validateEmail(email)`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`return false`
Intial open source comment 2014-02-12 05:23:40 -05:00			`else`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`return true`
reformtted reg handler tests 2014-04-10 07:39:13 -04:00
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`_createNewUserIfRequired: (user, userDetails, callback)->`
			`if !user?`
should be able to set first and last name via user details on registration 2016-06-13 08:21:44 -04:00			`userDetails.holdingAccount = false`
explicit call to UserCreator.createNewUser 2016-06-13 08:38:17 -04:00			`UserCreator.createNewUser {holdingAccount:false, email:userDetails.email, first_name:userDetails.first_name, last_name:userDetails.last_name}, callback`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`else`
			`callback null, user`
reformtted reg handler tests 2014-04-10 07:39:13 -04:00
			`registerNewUser: (userDetails, callback)->`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`self = @`
			`requestIsValid = @_registrationRequestIsValid userDetails`
			`if !requestIsValid`
Return proper error from registration handler 2015-03-18 12:19:48 -04:00			`return callback(new Error("request is not valid"))`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`userDetails.email = userDetails.email?.trim()?.toLowerCase()`
			`User.findOne email:userDetails.email, (err, user)->`
			`if err?`
			`return callback err`
			`if user?.holdingAccount == false`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`return callback(new Error("EmailAlreadyRegistered"), user)`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`self._createNewUserIfRequired user, userDetails, (err, user)->`
			`if err?`
			`return callback(err)`
			`async.series [`
			`(cb)-> User.update {_id: user._id}, {"$set":{holdingAccount:false}}, cb`
			`(cb)-> AuthenticationManager.setUserPassword user._id, userDetails.password, cb`
fire off register to newsletter on user registration as it can be slow 2015-02-23 11:03:45 -05:00			`(cb)->`
			`NewsLetterManager.subscribe user, ->`
			`cb() #this can be slow, just fire it off`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`], (err)->`
			`logger.log user: user, "registered"`
Track registration events. 2016-08-11 07:29:58 -04:00			`Analytics.recordEvent user._id, "user-registered"`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`callback(err, user)`
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00
			`registerNewUserAndSendActivationEmail: (email, callback = (error, user, setNewPasswordUrl) ->) ->`
			`logger.log {email}, "registering new user"`
			`UserRegistrationHandler.registerNewUser {`
			`email: email`
			`password: crypto.randomBytes(32).toString("hex")`
			`}, (err, user)->`
			`if err? and err?.message != "EmailAlreadyRegistered"`
next -> callback 2016-02-16 06:12:07 -05:00			`return callback(err)`
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00
			`if err?.message == "EmailAlreadyRegistered"`
			`logger.log {email}, "user already exists, resending welcome email"`

			`ONE_WEEK = 7 * 24 * 60 * 60 # seconds`
			`OneTimeTokenHandler.getNewToken user._id, { expiresIn: ONE_WEEK }, (err, token)->`
next -> callback 2016-02-16 06:12:07 -05:00			`return callback(err) if err?`
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00
			`setNewPasswordUrl = "#{settings.siteUrl}/user/activate?token=#{token}&user_id=#{user._id}"`

			`EmailHandler.sendEmail "registered", {`
			`to: user.email`
			`setNewPasswordUrl: setNewPasswordUrl`
			`}, () ->`

			`callback null, user, setNewPasswordUrl`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00


reformtted reg handler tests 2014-04-10 07:39:13 -04:00