retropilot
/
retropilot-server
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

userAdminApi now allows users to change their 

password
pull/4/head
AdamSBlack 2021-10-03 15:35:44 +01:00
parent f642360a5d
commit 7590e9b644
4 changed files with 55 additions and 39 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
controllers/authentication.js
View File

@ -2,7 +2,8 @@ const jwt = require('jsonwebtoken');
let models;
let logger;
const models_orm = require('./../models/index.model')
const crypto = require('crypto');
const config = require('./../config')
async function validateJWT(token, key) {
try {
@ -23,15 +24,29 @@ async function readJWT(token) {
}
async function changePassword(account, newPassword, oldPassword) {
if (!account || !newPassword || !oldPassword) { return {success: false, error: 'MISSING_DATA'}}
const oldPasswordHash = crypto.createHash('sha256').update(oldPassword + config.applicationSalt).digest('hex')
if (account.password === oldPasswordHash) {
const newPasswordHash = crypto.createHash('sha256').update(newPassword + config.applicationSalt).digest('hex')
const update = models_orm.models.accounts.update(
{ password: newPasswordHash },
{ where: { id: account.id } }
)
return {success: true, msg: 'PASSWORD CHANGED', changed: true}
} else {
return {success: false, msg: 'BAD PASSWORD', passwordCorrect: false}
}
}
async function getAuthenticatedAccount(req, res) {
const sessionCookie = (req.signedCookies !== undefined ? req.signedCookies.session : null);
if (!sessionCookie || sessionCookie.expires <= Date.now()) { return null; }
const email = sessionCookie.account.trim().toLowerCase();
// TODO stop storing emails in the cookie
const account = await models_orm.models.accounts.findOne({where: {email: email}});
@ -59,6 +74,7 @@ module.exports = (_models, _logger) => {
return {
validateJWT: validateJWT,
getAuthenticatedAccount: getAuthenticatedAccount
getAuthenticatedAccount: getAuthenticatedAccount,
changePassword: changePassword
}
}

2
routes/index.js
View File

@ -6,7 +6,7 @@ module.exports = (_models, _controllers, _logger) => {
return {
useradmin: require('./useradmin')(_models, _controllers, _logger),
api: require('./api')(_models, _controllers, _logger),
//useradminapi: require('./userAdminApi')(_models, _controllers, _logger)
useradminapi: require('./userAdminApi')(_models, _controllers, _logger)
//adminApi: require('./administration/adminApi')(_models, _controllers, _logger)
}
}

64
routes/userAdminApi.js
View File

@ -222,7 +222,7 @@ router.get('/retropilot/0/overview', runAsyncWrapper(async (req, res) => {
}))
router.get('/useradmin/unpair_device/:dongleId', runAsyncWrapper(async (req, res) => {
router.get('/retropilot/0/unpair_device/:dongleId', runAsyncWrapper(async (req, res) => {
const account = await controllers.authentication.getAuthenticatedAccount(req, res);
if (account == null) {
return res.json({success: false, data: {session: false}}).status(403)
@ -243,39 +243,39 @@ router.get('/useradmin/unpair_device/:dongleId', runAsyncWrapper(async (req, res
res.json({success: true, data: {unlink: true}})
}))
router.post('/retropilot/0/pair_device', bodyParser.urlencoded({extended: true}), runAsyncWrapper(async (req, res) => {
const account = await controllers.authentication.getAuthenticatedAccount(req, res);
if (account == null) {
res.json({success: false, msg: 'UNAUTHORISED', status: 403})
}
const pairDevice = await controllers.devices.pairDevice(req.body.qr_string);
if (pairDevice.success === true) {
res.json({success: true, msg: 'Paired', status: 200, data: pairDevice})
} else {
res.json({success: false, msg:'error', data: pairDevice})
}
}))
router.post('/retropilot/0/password/change', bodyParser.urlencoded({extended: true}), runAsyncWrapper(async (req, res) => {
const account = await controllers.authentication.getAuthenticatedAccount(req, res);
if (account == null) {
res.json({success: false, msg: 'UNAUTHORISED', status: 403})
}
const pwChange = await controllers.authentication.changePassword(account, req.body.newPassword, req.body.oldPassword);
if (pwChange.success === true) {
res.json({success: true})
} else {
res.json({success: false, data: pwChange});
}
}));
/*
router.post('/useradmin/pair_device', bodyParser.urlencoded({extended: true}), runAsyncWrapper(async (req, res) => {
const account = await controllers.authentication.getAuthenticatedAccount(req, res);
if (account == null) {
res.redirect('/useradmin?status=' + encodeURIComponent('Invalid or expired session'));
return;
}
var qrCodeParts = req.body.qr_string.split("--"); // imei, serial, jwtToken
const device = await models.__db.get('SELECT * FROM devices WHERE imei = ? AND serial = ?', qrCodeParts[0], qrCodeParts[1]);
if (device == null) {
res.redirect('/useradmin/overview?linkstatus=' + encodeURIComponent('Device not registered on Server'));
}
var decoded = controllers.authentication.validateJWT(qrCodeParts[2], device.public_key);
if (decoded == null || decoded.pair == undefined) {
res.redirect('/useradmin/overview?linkstatus=' + encodeURIComponent('Device QR Token is invalid or has expired'));
}
if (device.account_id != 0) {
res.redirect('/useradmin/overview?linkstatus=' + encodeURIComponent('Device is already paired, unpair in that account first'));
}
const result = await models.__db.run(
'UPDATE devices SET account_id = ? WHERE dongle_id = ?',
account.id,
device.dongle_id
);
res.redirect('/useradmin/overview');
}))
router.get('/useradmin/device/:dongleId', runAsyncWrapper(async (req, res) => {
const account = await controllers.authentication.getAuthenticatedAccount(req, res);
if (account == null) {

4
server.js
View File

@ -57,8 +57,8 @@ const web = async () => {
app.use(routers.api);
app.use(routers.useradmin);
if (config.flags.useUserAdminApi) app.use(routers.useradminapi);
//app.use(routers.adminApi)
//if (config.flags.useUserAdminApi) app.use(routers.useradminapi);
app.use(routers.useradminapi)
app.use(cors());