UserHandler = require("./UserHandler") UserDeleter = require("./UserDeleter") UserLocator = require("./UserLocator") User = require("../../models/User").User newsLetterManager = require('../Newsletter/NewsletterManager') UserRegistrationHandler = require("./UserRegistrationHandler") logger = require("logger-sharelatex") metrics = require("metrics-sharelatex") Url = require("url") AuthenticationManager = require("../Authentication/AuthenticationManager") AuthenticationController = require('../Authentication/AuthenticationController') UserSessionsManager = require("./UserSessionsManager") UserUpdater = require("./UserUpdater") SudoModeHandler = require('../SudoMode/SudoModeHandler') settings = require "settings-sharelatex" module.exports = UserController = tryDeleteUser: (req, res, next) -> user_id = AuthenticationController.getLoggedInUserId(req) password = req.body.password logger.log {user_id}, "trying to delete user account" if !password? or password == '' logger.err {user_id}, 'no password supplied for attempt to delete account' return res.sendStatus(403) AuthenticationManager.authenticate {_id: user_id}, password, (err, user) -> if err? logger.err {user_id}, 'error authenticating during attempt to delete account' return next(err) if !user logger.err {user_id}, 'auth failed during attempt to delete account' return res.sendStatus(403) UserDeleter.deleteUser user_id, (err) -> if err? logger.err {user_id}, "error while deleting user account" return next(err) sessionId = req.sessionID req.logout?() req.session.destroy (err) -> if err? logger.err err: err, 'error destorying session' return next(err) UserSessionsManager.untrackSession(user, sessionId) res.sendStatus(200) unsubscribe: (req, res)-> user_id = AuthenticationController.getLoggedInUserId(req) UserLocator.findById user_id, (err, user)-> newsLetterManager.unsubscribe user, -> res.send() updateUserSettings : (req, res)-> user_id = AuthenticationController.getLoggedInUserId(req) logger.log user_id: user_id, "updating account settings" User.findById user_id, (err, user)-> if err? or !user? logger.err err:err, user_id:user_id, "problem updaing user settings" return res.sendStatus 500 if req.body.first_name? user.first_name = req.body.first_name.trim() if req.body.last_name? user.last_name = req.body.last_name.trim() if req.body.role? user.role = req.body.role.trim() if req.body.institution? user.institution = req.body.institution.trim() if req.body.mode? user.ace.mode = req.body.mode if req.body.theme? user.ace.theme = req.body.theme if req.body.fontSize? user.ace.fontSize = req.body.fontSize if req.body.autoComplete? user.ace.autoComplete = req.body.autoComplete if req.body.autoPairDelimiters? user.ace.autoPairDelimiters = req.body.autoPairDelimiters if req.body.spellCheckLanguage? user.ace.spellCheckLanguage = req.body.spellCheckLanguage if req.body.pdfViewer? user.ace.pdfViewer = req.body.pdfViewer if req.body.syntaxValidation? user.ace.syntaxValidation = req.body.syntaxValidation user.save (err)-> newEmail = req.body.email?.trim().toLowerCase() if !newEmail? or newEmail == user.email or req.externalAuthenticationSystemUsed() # end here, don't update email AuthenticationController.setInSessionUser(req, {first_name: user.first_name, last_name: user.last_name}) return res.sendStatus 200 else if newEmail.indexOf("@") == -1 # email invalid return res.sendStatus(400) else # update the user email UserUpdater.changeEmailAddress user_id, newEmail, (err)-> if err? logger.err err:err, user_id:user_id, newEmail:newEmail, "problem updaing users email address" if err.message == "alread_exists" message = req.i18n.translate("email_already_registered") else message = req.i18n.translate("problem_changing_email_address") return res.send 500, {message:message} User.findById user_id, (err, user)-> if err? logger.err err:err, user_id:user_id, "error getting user for email update" return res.send 500 AuthenticationController.setInSessionUser(req, {email: user.email, first_name: user.first_name, last_name: user.last_name}) UserHandler.populateGroupLicenceInvite user, (err)-> #need to refresh this in the background if err? logger.err err:err, "error populateGroupLicenceInvite" res.sendStatus(200) logout : (req, res)-> metrics.inc "user.logout" user = AuthenticationController.getSessionUser(req) logger.log user: user, "logging out" sessionId = req.sessionID req.logout?() # passport logout req.session.destroy (err)-> if err logger.err err: err, 'error destorying session' if user? UserSessionsManager.untrackSession(user, sessionId) SudoModeHandler.clearSudoMode(user._id) res.redirect '/login' register : (req, res, next = (error) ->)-> email = req.body.email if !email? or email == "" res.sendStatus 422 # Unprocessable Entity return UserRegistrationHandler.registerNewUserAndSendActivationEmail email, (error, user, setNewPasswordUrl) -> return next(error) if error? res.json { email: user.email setNewPasswordUrl: setNewPasswordUrl } clearSessions: (req, res, next = (error) ->) -> metrics.inc "user.clear-sessions" user = AuthenticationController.getSessionUser(req) logger.log {user_id: user._id}, "clearing sessions for user" UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) -> return next(err) if err? res.sendStatus 201 changePassword : (req, res, next = (error) ->)-> metrics.inc "user.password-change" oldPass = req.body.currentPassword user_id = AuthenticationController.getLoggedInUserId(req) AuthenticationManager.authenticate {_id:user_id}, oldPass, (err, user)-> return next(err) if err? if(user) logger.log user: user._id, "changing password" newPassword1 = req.body.newPassword1 newPassword2 = req.body.newPassword2 if newPassword1 != newPassword2 logger.log user: user, "passwords do not match" res.send message: type:'error' text:'Your passwords do not match' else logger.log user: user, "password changed" AuthenticationManager.setUserPassword user._id, newPassword1, (error) -> return next(error) if error? UserSessionsManager.revokeAllUserSessions user, [req.sessionID], (err) -> return next(err) if err? res.send message: type:'success' text:'Your password has been changed' else logger.log user_id: user_id, "current password wrong" res.send message: type:'error' text:'Your old password is wrong'