2016-03-13 18:24:39 -04:00
|
|
|
UserHandler = require("./UserHandler")
|
2014-04-09 09:50:12 -04:00
|
|
|
UserDeleter = require("./UserDeleter")
|
2018-05-24 09:55:12 -04:00
|
|
|
UserGetter = require("./UserGetter")
|
2014-04-09 11:33:54 -04:00
|
|
|
User = require("../../models/User").User
|
2014-04-09 10:41:19 -04:00
|
|
|
newsLetterManager = require('../Newsletter/NewsletterManager')
|
2014-04-10 09:43:06 -04:00
|
|
|
UserRegistrationHandler = require("./UserRegistrationHandler")
|
2014-04-09 11:33:54 -04:00
|
|
|
logger = require("logger-sharelatex")
|
2017-04-03 11:18:30 -04:00
|
|
|
metrics = require("metrics-sharelatex")
|
2014-04-10 09:43:06 -04:00
|
|
|
Url = require("url")
|
2014-04-10 12:15:18 -04:00
|
|
|
AuthenticationManager = require("../Authentication/AuthenticationManager")
|
2016-09-05 10:58:31 -04:00
|
|
|
AuthenticationController = require('../Authentication/AuthenticationController')
|
2016-06-29 06:35:25 -04:00
|
|
|
UserSessionsManager = require("./UserSessionsManager")
|
2014-05-16 12:45:48 -04:00
|
|
|
UserUpdater = require("./UserUpdater")
|
2017-05-15 06:53:52 -04:00
|
|
|
SudoModeHandler = require('../SudoMode/SudoModeHandler')
|
2015-03-19 10:22:48 -04:00
|
|
|
settings = require "settings-sharelatex"
|
2014-04-10 12:15:18 -04:00
|
|
|
|
2016-03-13 18:24:39 -04:00
|
|
|
module.exports = UserController =
|
2014-04-09 09:50:12 -04:00
|
|
|
|
2016-10-25 09:33:47 -04:00
|
|
|
tryDeleteUser: (req, res, next) ->
|
2016-09-05 10:58:31 -04:00
|
|
|
user_id = AuthenticationController.getLoggedInUserId(req)
|
2016-10-25 09:33:47 -04:00
|
|
|
password = req.body.password
|
2016-10-26 05:57:34 -04:00
|
|
|
logger.log {user_id}, "trying to delete user account"
|
2016-10-25 09:33:47 -04:00
|
|
|
if !password? or password == ''
|
|
|
|
logger.err {user_id}, 'no password supplied for attempt to delete account'
|
|
|
|
return res.sendStatus(403)
|
|
|
|
AuthenticationManager.authenticate {_id: user_id}, password, (err, user) ->
|
|
|
|
if err?
|
|
|
|
logger.err {user_id}, 'error authenticating during attempt to delete account'
|
|
|
|
return next(err)
|
2016-10-25 11:23:50 -04:00
|
|
|
if !user
|
2016-10-26 05:57:34 -04:00
|
|
|
logger.err {user_id}, 'auth failed during attempt to delete account'
|
2016-10-25 11:23:50 -04:00
|
|
|
return res.sendStatus(403)
|
|
|
|
UserDeleter.deleteUser user_id, (err) ->
|
|
|
|
if err?
|
|
|
|
logger.err {user_id}, "error while deleting user account"
|
|
|
|
return next(err)
|
2016-11-28 07:37:53 -05:00
|
|
|
sessionId = req.sessionID
|
|
|
|
req.logout?()
|
|
|
|
req.session.destroy (err) ->
|
|
|
|
if err?
|
|
|
|
logger.err err: err, 'error destorying session'
|
|
|
|
return next(err)
|
|
|
|
UserSessionsManager.untrackSession(user, sessionId)
|
|
|
|
res.sendStatus(200)
|
2014-04-09 10:41:19 -04:00
|
|
|
|
|
|
|
unsubscribe: (req, res)->
|
2016-09-05 10:58:31 -04:00
|
|
|
user_id = AuthenticationController.getLoggedInUserId(req)
|
2018-05-24 09:55:12 -04:00
|
|
|
UserGetter.getUser user_id, (err, user)->
|
2014-04-09 10:41:19 -04:00
|
|
|
newsLetterManager.unsubscribe user, ->
|
2014-04-09 11:33:54 -04:00
|
|
|
res.send()
|
|
|
|
|
|
|
|
updateUserSettings : (req, res)->
|
2016-09-05 10:58:31 -04:00
|
|
|
user_id = AuthenticationController.getLoggedInUserId(req)
|
2016-09-20 10:11:14 -04:00
|
|
|
logger.log user_id: user_id, "updating account settings"
|
2014-05-19 06:50:32 -04:00
|
|
|
User.findById user_id, (err, user)->
|
2014-04-09 11:33:54 -04:00
|
|
|
if err? or !user?
|
2014-05-19 06:50:32 -04:00
|
|
|
logger.err err:err, user_id:user_id, "problem updaing user settings"
|
2015-07-08 11:56:38 -04:00
|
|
|
return res.sendStatus 500
|
2014-06-20 04:42:43 -04:00
|
|
|
|
|
|
|
if req.body.first_name?
|
|
|
|
user.first_name = req.body.first_name.trim()
|
|
|
|
if req.body.last_name?
|
|
|
|
user.last_name = req.body.last_name.trim()
|
2014-06-20 06:15:25 -04:00
|
|
|
if req.body.role?
|
|
|
|
user.role = req.body.role.trim()
|
|
|
|
if req.body.institution?
|
|
|
|
user.institution = req.body.institution.trim()
|
2014-06-20 04:42:43 -04:00
|
|
|
if req.body.mode?
|
|
|
|
user.ace.mode = req.body.mode
|
|
|
|
if req.body.theme?
|
|
|
|
user.ace.theme = req.body.theme
|
|
|
|
if req.body.fontSize?
|
|
|
|
user.ace.fontSize = req.body.fontSize
|
|
|
|
if req.body.autoComplete?
|
2014-06-24 16:09:20 -04:00
|
|
|
user.ace.autoComplete = req.body.autoComplete
|
2017-07-31 03:36:13 -04:00
|
|
|
if req.body.autoPairDelimiters?
|
|
|
|
user.ace.autoPairDelimiters = req.body.autoPairDelimiters
|
2014-06-20 04:42:43 -04:00
|
|
|
if req.body.spellCheckLanguage?
|
|
|
|
user.ace.spellCheckLanguage = req.body.spellCheckLanguage
|
|
|
|
if req.body.pdfViewer?
|
|
|
|
user.ace.pdfViewer = req.body.pdfViewer
|
2016-10-06 06:51:24 -04:00
|
|
|
if req.body.syntaxValidation?
|
|
|
|
user.ace.syntaxValidation = req.body.syntaxValidation
|
2018-05-10 13:03:54 -04:00
|
|
|
if req.body.fontFamily?
|
|
|
|
user.ace.fontFamily = req.body.fontFamily
|
|
|
|
if req.body.lineHeight?
|
|
|
|
user.ace.lineHeight = req.body.lineHeight
|
|
|
|
|
2014-05-19 06:50:32 -04:00
|
|
|
user.save (err)->
|
2014-10-13 10:44:45 -04:00
|
|
|
newEmail = req.body.email?.trim().toLowerCase()
|
2017-11-20 05:10:23 -05:00
|
|
|
if !newEmail? or newEmail == user.email or req.externalAuthenticationSystemUsed()
|
2016-11-17 09:34:02 -05:00
|
|
|
# end here, don't update email
|
2016-09-22 11:58:25 -04:00
|
|
|
AuthenticationController.setInSessionUser(req, {first_name: user.first_name, last_name: user.last_name})
|
2015-07-08 11:56:38 -04:00
|
|
|
return res.sendStatus 200
|
2014-06-20 04:42:43 -04:00
|
|
|
else if newEmail.indexOf("@") == -1
|
2016-11-17 09:34:02 -05:00
|
|
|
# email invalid
|
2015-07-08 11:56:38 -04:00
|
|
|
return res.sendStatus(400)
|
2014-05-20 08:18:59 -04:00
|
|
|
else
|
2016-11-17 09:34:02 -05:00
|
|
|
# update the user email
|
2014-05-19 06:50:32 -04:00
|
|
|
UserUpdater.changeEmailAddress user_id, newEmail, (err)->
|
|
|
|
if err?
|
|
|
|
logger.err err:err, user_id:user_id, newEmail:newEmail, "problem updaing users email address"
|
2014-08-01 09:03:38 -04:00
|
|
|
if err.message == "alread_exists"
|
2016-02-16 07:05:16 -05:00
|
|
|
message = req.i18n.translate("email_already_registered")
|
2014-08-01 09:03:38 -04:00
|
|
|
else
|
|
|
|
message = req.i18n.translate("problem_changing_email_address")
|
|
|
|
return res.send 500, {message:message}
|
2016-03-13 18:24:39 -04:00
|
|
|
User.findById user_id, (err, user)->
|
|
|
|
if err?
|
|
|
|
logger.err err:err, user_id:user_id, "error getting user for email update"
|
|
|
|
return res.send 500
|
2016-09-22 11:58:25 -04:00
|
|
|
AuthenticationController.setInSessionUser(req, {email: user.email, first_name: user.first_name, last_name: user.last_name})
|
2016-03-13 18:24:39 -04:00
|
|
|
UserHandler.populateGroupLicenceInvite user, (err)-> #need to refresh this in the background
|
|
|
|
if err?
|
|
|
|
logger.err err:err, "error populateGroupLicenceInvite"
|
|
|
|
res.sendStatus(200)
|
2014-04-09 11:59:28 -04:00
|
|
|
|
|
|
|
logout : (req, res)->
|
|
|
|
metrics.inc "user.logout"
|
2016-09-07 05:30:58 -04:00
|
|
|
user = AuthenticationController.getSessionUser(req)
|
2016-09-22 10:33:50 -04:00
|
|
|
logger.log user: user, "logging out"
|
|
|
|
sessionId = req.sessionID
|
2016-09-07 05:30:58 -04:00
|
|
|
req.logout?() # passport logout
|
|
|
|
req.session.destroy (err)->
|
|
|
|
if err
|
|
|
|
logger.err err: err, 'error destorying session'
|
2017-08-03 08:26:14 -04:00
|
|
|
if user?
|
|
|
|
UserSessionsManager.untrackSession(user, sessionId)
|
|
|
|
SudoModeHandler.clearSudoMode(user._id)
|
2016-09-07 05:30:58 -04:00
|
|
|
res.redirect '/login'
|
2014-04-09 11:59:28 -04:00
|
|
|
|
2014-04-10 09:43:06 -04:00
|
|
|
register : (req, res, next = (error) ->)->
|
2015-03-19 10:22:48 -04:00
|
|
|
email = req.body.email
|
|
|
|
if !email? or email == ""
|
2015-07-08 11:56:38 -04:00
|
|
|
res.sendStatus 422 # Unprocessable Entity
|
2015-03-19 10:22:48 -04:00
|
|
|
return
|
2015-12-11 12:11:13 -05:00
|
|
|
UserRegistrationHandler.registerNewUserAndSendActivationEmail email, (error, user, setNewPasswordUrl) ->
|
|
|
|
return next(error) if error?
|
|
|
|
res.json {
|
|
|
|
email: user.email
|
|
|
|
setNewPasswordUrl: setNewPasswordUrl
|
|
|
|
}
|
2014-04-15 08:59:00 -04:00
|
|
|
|
2016-10-07 05:52:58 -04:00
|
|
|
clearSessions: (req, res, next = (error) ->) ->
|
|
|
|
metrics.inc "user.clear-sessions"
|
|
|
|
user = AuthenticationController.getSessionUser(req)
|
|
|
|
logger.log {user_id: user._id}, "clearing sessions for user"
|
|
|
|
UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) ->
|
|
|
|
return next(err) if err?
|
|
|
|
res.sendStatus 201
|
|
|
|
|
2014-04-10 12:15:18 -04:00
|
|
|
changePassword : (req, res, next = (error) ->)->
|
|
|
|
metrics.inc "user.password-change"
|
|
|
|
oldPass = req.body.currentPassword
|
2016-09-05 10:58:31 -04:00
|
|
|
user_id = AuthenticationController.getLoggedInUserId(req)
|
|
|
|
AuthenticationManager.authenticate {_id:user_id}, oldPass, (err, user)->
|
2014-04-10 12:15:18 -04:00
|
|
|
return next(err) if err?
|
|
|
|
if(user)
|
2016-09-05 10:58:31 -04:00
|
|
|
logger.log user: user._id, "changing password"
|
2014-04-10 12:15:18 -04:00
|
|
|
newPassword1 = req.body.newPassword1
|
|
|
|
newPassword2 = req.body.newPassword2
|
|
|
|
if newPassword1 != newPassword2
|
|
|
|
logger.log user: user, "passwords do not match"
|
|
|
|
res.send
|
|
|
|
message:
|
|
|
|
type:'error'
|
|
|
|
text:'Your passwords do not match'
|
|
|
|
else
|
|
|
|
logger.log user: user, "password changed"
|
|
|
|
AuthenticationManager.setUserPassword user._id, newPassword1, (error) ->
|
|
|
|
return next(error) if error?
|
2016-07-05 09:20:47 -04:00
|
|
|
UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) ->
|
2016-07-07 04:35:44 -04:00
|
|
|
return next(err) if err?
|
2016-07-01 04:51:22 -04:00
|
|
|
res.send
|
|
|
|
message:
|
|
|
|
type:'success'
|
|
|
|
text:'Your password has been changed'
|
2014-04-10 12:15:18 -04:00
|
|
|
else
|
2016-10-25 10:01:00 -04:00
|
|
|
logger.log user_id: user_id, "current password wrong"
|
2014-04-10 12:15:18 -04:00
|
|
|
res.send
|
|
|
|
message:
|
|
|
|
type:'error'
|
2014-05-16 12:45:48 -04:00
|
|
|
text:'Your old password is wrong'
|