overleaf/services/web/app/coffee/Features/User/UserController.coffee

UserHandler = require("./UserHandler")
UserDeleter = require("./UserDeleter")
UserLocator = require("./UserLocator")
User = require("../../models/User").User
newsLetterManager = require('../Newsletter/NewsletterManager')
UserRegistrationHandler = require("./UserRegistrationHandler")
logger = require("logger-sharelatex")
metrics = require("../../infrastructure/Metrics")
Url = require("url")
AuthenticationManager = require("../Authentication/AuthenticationManager")
AuthenticationController = require('../Authentication/AuthenticationController')
UserSessionsManager = require("./UserSessionsManager")
UserUpdater = require("./UserUpdater")
settings = require "settings-sharelatex"

module.exports = UserController =

	deleteUser: (req, res)->
		user_id = AuthenticationController.getLoggedInUserId(req)
		UserDeleter.deleteUser user_id, (err)->
			if !err?
				req.session?.destroy()
			res.sendStatus(200)

	unsubscribe: (req, res)->
		user_id = AuthenticationController.getLoggedInUserId(req)
		UserLocator.findById user_id, (err, user)->
			newsLetterManager.unsubscribe user, ->
				res.send()

	updateUserSettings : (req, res)->
		user_id = AuthenticationController.getLoggedInUserId(req)
		logger.log user_id: user_id, "updating account settings"
		User.findById user_id, (err, user)->
			if err? or !user?
				logger.err err:err, user_id:user_id, "problem updaing user settings"
				return res.sendStatus 500

			if req.body.first_name?
				user.first_name = req.body.first_name.trim()
			if req.body.last_name?
				user.last_name = req.body.last_name.trim()
			if req.body.role?
				user.role = req.body.role.trim()
			if req.body.institution?
				user.institution = req.body.institution.trim()
			if req.body.mode?
				user.ace.mode = req.body.mode
			if req.body.theme?
				user.ace.theme = req.body.theme
			if req.body.fontSize?
				user.ace.fontSize = req.body.fontSize
			if req.body.autoComplete?
				user.ace.autoComplete = req.body.autoComplete
			if req.body.spellCheckLanguage?
				user.ace.spellCheckLanguage = req.body.spellCheckLanguage
			if req.body.pdfViewer?
				user.ace.pdfViewer = req.body.pdfViewer
			user.save (err)->
				newEmail = req.body.email?.trim().toLowerCase()
				if !newEmail? or newEmail == user.email
					AuthenticationController.setInSessionUser(req, {first_name: user.first_name, last_name: user.last_name})
					return res.sendStatus 200
				else if newEmail.indexOf("@") == -1
					return res.sendStatus(400)
				else
					UserUpdater.changeEmailAddress user_id, newEmail, (err)->
						if err?
							logger.err err:err, user_id:user_id, newEmail:newEmail, "problem updaing users email address"
							if err.message == "alread_exists"
								message = req.i18n.translate("email_already_registered")
							else
								message = req.i18n.translate("problem_changing_email_address")
							return res.send 500, {message:message}
						User.findById user_id, (err, user)->
							if err?
								logger.err err:err, user_id:user_id, "error getting user for email update"
								return res.send 500
							AuthenticationController.setInSessionUser(req, {email: user.email, first_name: user.first_name, last_name: user.last_name})
							UserHandler.populateGroupLicenceInvite user, (err)-> #need to refresh this in the background
								if err?
									logger.err err:err, "error populateGroupLicenceInvite"
								res.sendStatus(200)

	logout : (req, res)->
		metrics.inc "user.logout"
		user = AuthenticationController.getSessionUser(req)
		logger.log user: user, "logging out"
		sessionId = req.sessionID
		req.logout?()  # passport logout
		req.session.destroy (err)->
			if err
				logger.err err: err, 'error destorying session'
			UserSessionsManager.untrackSession(user, sessionId)
			res.redirect '/login'

	register : (req, res, next = (error) ->)->
		email = req.body.email
		if !email? or email == ""
			res.sendStatus 422 # Unprocessable Entity
			return
		UserRegistrationHandler.registerNewUserAndSendActivationEmail email, (error, user, setNewPasswordUrl) ->
			return next(error) if error?
			res.json {
				email: user.email
				setNewPasswordUrl: setNewPasswordUrl
			}

	changePassword : (req, res, next = (error) ->)->
		metrics.inc "user.password-change"
		oldPass = req.body.currentPassword
		user_id = AuthenticationController.getLoggedInUserId(req)
		AuthenticationManager.authenticate {_id:user_id}, oldPass, (err, user)->
			return next(err) if err?
			if(user)
				logger.log user: user._id, "changing password"
				newPassword1 = req.body.newPassword1
				newPassword2 = req.body.newPassword2
				if newPassword1 != newPassword2
					logger.log user: user, "passwords do not match"
					res.send
						message:
						  type:'error'
						  text:'Your passwords do not match'
				else
					logger.log user: user, "password changed"
					AuthenticationManager.setUserPassword user._id, newPassword1, (error) ->
						return next(error) if error?
						UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) ->
							return next(err) if err?
							res.send
								message:
									type:'success'
									text:'Your password has been changed'
			else
				logger.log user: user, "current password wrong"
				res.send
					message:
					  type:'error'
					  text:'Your old password is wrong'
if user changes email then check if they have a site licence 2016-03-13 18:24:39 -04:00			`UserHandler = require("./UserHandler")`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`UserDeleter = require("./UserDeleter")`
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`UserLocator = require("./UserLocator")`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`User = require("../../models/User").User`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`newsLetterManager = require('../Newsletter/NewsletterManager')`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`UserRegistrationHandler = require("./UserRegistrationHandler")`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`logger = require("logger-sharelatex")`
moved logout to new user controller 2014-04-09 11:59:28 -04:00			`metrics = require("../../infrastructure/Metrics")`
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`Url = require("url")`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`AuthenticationManager = require("../Authentication/AuthenticationManager")`
WIP: refactor 2016-09-05 10:58:31 -04:00			`AuthenticationController = require('../Authentication/AuthenticationController')`
Begin keeping record of user sessions in reds. 2016-06-29 06:35:25 -04:00			`UserSessionsManager = require("./UserSessionsManager")`
added controler t change user email 2014-05-16 12:45:48 -04:00			`UserUpdater = require("./UserUpdater")`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`settings = require "settings-sharelatex"`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00
if user changes email then check if they have a site licence 2016-03-13 18:24:39 -04:00			`module.exports = UserController =`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00
			`deleteUser: (req, res)->`
WIP: refactor 2016-09-05 10:58:31 -04:00			`user_id = AuthenticationController.getLoggedInUserId(req)`
created new UserController and put delete user in it 2014-04-09 09:50:12 -04:00			`UserDeleter.deleteUser user_id, (err)->`
			`if !err?`
removed req.session.destorys from endpoints now on the api router which are not needed 2015-06-30 09:39:37 -04:00			`req.session?.destroy()`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`res.sendStatus(200)`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00
			`unsubscribe: (req, res)->`
WIP: refactor 2016-09-05 10:58:31 -04:00			`user_id = AuthenticationController.getLoggedInUserId(req)`
			`UserLocator.findById user_id, (err, user)->`
moved unsubscribe endpoint to new user controller 2014-04-09 10:41:19 -04:00			`newsLetterManager.unsubscribe user, ->`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`res.send()`

			`updateUserSettings : (req, res)->`
WIP: refactor 2016-09-05 10:58:31 -04:00			`user_id = AuthenticationController.getLoggedInUserId(req)`
log user_id not user 2016-09-20 10:11:14 -04:00			`logger.log user_id: user_id, "updating account settings"`
finished off change email 2014-05-19 06:50:32 -04:00			`User.findById user_id, (err, user)->`
moved user update user settings to user controller 2014-04-09 11:33:54 -04:00			`if err? or !user?`
finished off change email 2014-05-19 06:50:32 -04:00			`logger.err err:err, user_id:user_id, "problem updaing user settings"`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`return res.sendStatus 500`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00
			`if req.body.first_name?`
			`user.first_name = req.body.first_name.trim()`
			`if req.body.last_name?`
			`user.last_name = req.body.last_name.trim()`
Wire up account settings forms 2014-06-20 06:15:25 -04:00			`if req.body.role?`
			`user.role = req.body.role.trim()`
			`if req.body.institution?`
			`user.institution = req.body.institution.trim()`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`if req.body.mode?`
			`user.ace.mode = req.body.mode`
			`if req.body.theme?`
			`user.ace.theme = req.body.theme`
			`if req.body.fontSize?`
			`user.ace.fontSize = req.body.fontSize`
			`if req.body.autoComplete?`
Add in auto complete 2014-06-24 16:09:20 -04:00			`user.ace.autoComplete = req.body.autoComplete`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`if req.body.spellCheckLanguage?`
			`user.ace.spellCheckLanguage = req.body.spellCheckLanguage`
			`if req.body.pdfViewer?`
			`user.ace.pdfViewer = req.body.pdfViewer`
finished off change email 2014-05-19 06:50:32 -04:00			`user.save (err)->`
changing email address should lowercase the email 2014-10-13 10:44:45 -04:00			`newEmail = req.body.email?.trim().toLowerCase()`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`if !newEmail? or newEmail == user.email`
update session when user settings change 2016-09-22 11:58:25 -04:00			`AuthenticationController.setInSessionUser(req, {first_name: user.first_name, last_name: user.last_name})`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`return res.sendStatus 200`
Allow partial updates to user settings 2014-06-20 04:42:43 -04:00			`else if newEmail.indexOf("@") == -1`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`return res.sendStatus(400)`
Revert "Revert "change send doc lines using tpds to work with stream and doc store"" This reverts commit a41299570d07b83111b6a995902a30a67867a5c7. 2014-05-20 08:18:59 -04:00			`else`
finished off change email 2014-05-19 06:50:32 -04:00			`UserUpdater.changeEmailAddress user_id, newEmail, (err)->`
			`if err?`
			`logger.err err:err, user_id:user_id, newEmail:newEmail, "problem updaing users email address"`
Changed the error messages which are sent down to the client to be translated first fixed up tests from titles we check when rendering, deleted them as they never catch anything important, more hastle than they are worth imo. 2014-08-01 09:03:38 -04:00			`if err.message == "alread_exists"`
fixed missign translation for when email is already registered 2016-02-16 07:05:16 -05:00			`message = req.i18n.translate("email_already_registered")`
Changed the error messages which are sent down to the client to be translated first fixed up tests from titles we check when rendering, deleted them as they never catch anything important, more hastle than they are worth imo. 2014-08-01 09:03:38 -04:00			`else`
			`message = req.i18n.translate("problem_changing_email_address")`
			`return res.send 500, {message:message}`
if user changes email then check if they have a site licence 2016-03-13 18:24:39 -04:00			`User.findById user_id, (err, user)->`
			`if err?`
			`logger.err err:err, user_id:user_id, "error getting user for email update"`
			`return res.send 500`
update session when user settings change 2016-09-22 11:58:25 -04:00			`AuthenticationController.setInSessionUser(req, {email: user.email, first_name: user.first_name, last_name: user.last_name})`
if user changes email then check if they have a site licence 2016-03-13 18:24:39 -04:00			`UserHandler.populateGroupLicenceInvite user, (err)-> #need to refresh this in the background`
			`if err?`
			`logger.err err:err, "error populateGroupLicenceInvite"`
			`res.sendStatus(200)`
moved logout to new user controller 2014-04-09 11:59:28 -04:00
			`logout : (req, res)->`
			`metrics.inc "user.logout"`
use `getSessionUser` rather than `getLoggedInUser` 2016-09-07 05:30:58 -04:00			`user = AuthenticationController.getSessionUser(req)`
wipe out more session access 2016-09-22 10:33:50 -04:00			`logger.log user: user, "logging out"`
			`sessionId = req.sessionID`
use `getSessionUser` rather than `getLoggedInUser` 2016-09-07 05:30:58 -04:00			`req.logout?() # passport logout`
			`req.session.destroy (err)->`
			`if err`
			`logger.err err: err, 'error destorying session'`
			`UserSessionsManager.untrackSession(user, sessionId)`
			`res.redirect '/login'`
moved logout to new user controller 2014-04-09 11:59:28 -04:00
Moved register function into user registration handler and new user controller 2014-04-10 09:43:06 -04:00			`register : (req, res, next = (error) ->)->`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`email = req.body.email`
			`if !email? or email == ""`
send -> sendStatus 2015-07-08 11:56:38 -04:00			`res.sendStatus 422 # Unprocessable Entity`
Remove public registration and require that a user be registered by an admin 2015-03-19 10:22:48 -04:00			`return`
Refactor registration so it can be called from modules 2015-12-11 12:11:13 -05:00			`UserRegistrationHandler.registerNewUserAndSendActivationEmail email, (error, user, setNewPasswordUrl) ->`
			`return next(error) if error?`
			`res.json {`
			`email: user.email`
			`setNewPasswordUrl: setNewPasswordUrl`
			`}`
added referal allocator to user controller 2014-04-15 08:59:00 -04:00
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`changePassword : (req, res, next = (error) ->)->`
			`metrics.inc "user.password-change"`
			`oldPass = req.body.currentPassword`
WIP: refactor 2016-09-05 10:58:31 -04:00			`user_id = AuthenticationController.getLoggedInUserId(req)`
			`AuthenticationManager.authenticate {_id:user_id}, oldPass, (err, user)->`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`return next(err) if err?`
			`if(user)`
WIP: refactor 2016-09-05 10:58:31 -04:00			`logger.log user: user._id, "changing password"`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`newPassword1 = req.body.newPassword1`
			`newPassword2 = req.body.newPassword2`
			`if newPassword1 != newPassword2`
			`logger.log user: user, "passwords do not match"`
			`res.send`
			`message:`
			`type:'error'`
			`text:'Your passwords do not match'`
			`else`
			`logger.log user: user, "password changed"`
			`AuthenticationManager.setUserPassword user._id, newPassword1, (error) ->`
			`return next(error) if error?`
add an array of session ids to retain. 2016-07-05 09:20:47 -04:00			`UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) ->`
Refactor: add `?` suffix to truth tests. 2016-07-07 04:35:44 -04:00			`return next(err) if err?`
Add `revokeAllSessions` handler, when password is reset 2016-07-01 04:51:22 -04:00			`res.send`
			`message:`
			`type:'success'`
			`text:'Your password has been changed'`
moved password change to new user controller with tests 2014-04-10 12:15:18 -04:00			`else`
			`logger.log user: user, "current password wrong"`
			`res.send`
			`message:`
			`type:'error'`
added controler t change user email 2014-05-16 12:45:48 -04:00			`text:'Your old password is wrong'`