Properly querystring encode the parameters
This commit is contained in:
Florent Vilmart
@@ -4,36 +4,38 @@ import Config from '../Config';
|
|||||||
import express from 'express';
|
import express from 'express';
|
||||||
import path from 'path';
|
import path from 'path';
|
||||||
import fs from 'fs';
|
import fs from 'fs';
|
||||||
|
import qs from 'querystring';
|
||||||
|
|
||||||
let public_html = path.resolve(__dirname, "../../public_html");
|
let public_html = path.resolve(__dirname, "../../public_html");
|
||||||
let views = path.resolve(__dirname, '../../views');
|
let views = path.resolve(__dirname, '../../views');
|
||||||
|
|
||||||
export class PublicAPIRouter extends PromiseRouter {
|
export class PublicAPIRouter extends PromiseRouter {
|
||||||
|
|
||||||
verifyEmail(req) {
|
verifyEmail(req) {
|
||||||
let { token, username }= req.query;
|
let { token, username }= req.query;
|
||||||
let appId = req.params.appId;
|
let appId = req.params.appId;
|
||||||
let config = new Config(appId);
|
let config = new Config(appId);
|
||||||
|
|
||||||
if (!config.publicServerURL) {
|
if (!config.publicServerURL) {
|
||||||
return this.missingPublicServerURL();
|
return this.missingPublicServerURL();
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!token || !username) {
|
if (!token || !username) {
|
||||||
return this.invalidLink(req);
|
return this.invalidLink(req);
|
||||||
}
|
}
|
||||||
|
|
||||||
let userController = config.userController;
|
let userController = config.userController;
|
||||||
return userController.verifyEmail(username, token).then( () => {
|
return userController.verifyEmail(username, token).then( () => {
|
||||||
|
let params = qs.stringify({username});
|
||||||
return Promise.resolve({
|
return Promise.resolve({
|
||||||
status: 302,
|
status: 302,
|
||||||
location: `${config.verifyEmailSuccessURL}?username=${username}`
|
location: `${config.verifyEmailSuccessURL}?${params}`
|
||||||
});
|
});
|
||||||
}, ()=> {
|
}, ()=> {
|
||||||
return this.invalidLink(req);
|
return this.invalidLink(req);
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
changePassword(req) {
|
changePassword(req) {
|
||||||
return new Promise((resolve, reject) => {
|
return new Promise((resolve, reject) => {
|
||||||
let config = new Config(req.query.id);
|
let config = new Config(req.query.id);
|
||||||
@@ -55,61 +57,63 @@ export class PublicAPIRouter extends PromiseRouter {
|
|||||||
});
|
});
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
requestResetPassword(req) {
|
requestResetPassword(req) {
|
||||||
|
|
||||||
let config = req.config;
|
let config = req.config;
|
||||||
|
|
||||||
if (!config.publicServerURL) {
|
if (!config.publicServerURL) {
|
||||||
return this.missingPublicServerURL();
|
return this.missingPublicServerURL();
|
||||||
}
|
}
|
||||||
|
|
||||||
let { username, token } = req.query;
|
let { username, token } = req.query;
|
||||||
|
|
||||||
if (!username || !token) {
|
if (!username || !token) {
|
||||||
return this.invalidLink(req);
|
return this.invalidLink(req);
|
||||||
}
|
}
|
||||||
|
|
||||||
return config.userController.checkResetTokenValidity(username, token).then( (user) => {
|
return config.userController.checkResetTokenValidity(username, token).then( (user) => {
|
||||||
|
let params = qs.stringify({token, id: config.applicationId, username, app: config.appName, });
|
||||||
return Promise.resolve({
|
return Promise.resolve({
|
||||||
status: 302,
|
status: 302,
|
||||||
location: `${config.choosePasswordURL}?token=${token}&id=${config.applicationId}&username=${username}&app=${config.appName}`
|
location: `${config.choosePasswordURL}?${params}`
|
||||||
})
|
})
|
||||||
}, () => {
|
}, () => {
|
||||||
return this.invalidLink(req);
|
return this.invalidLink(req);
|
||||||
})
|
})
|
||||||
}
|
}
|
||||||
|
|
||||||
resetPassword(req) {
|
resetPassword(req) {
|
||||||
|
|
||||||
let config = req.config;
|
let config = req.config;
|
||||||
|
|
||||||
if (!config.publicServerURL) {
|
if (!config.publicServerURL) {
|
||||||
return this.missingPublicServerURL();
|
return this.missingPublicServerURL();
|
||||||
}
|
}
|
||||||
|
|
||||||
let {
|
let {
|
||||||
username,
|
username,
|
||||||
token,
|
token,
|
||||||
new_password
|
new_password
|
||||||
} = req.body;
|
} = req.body;
|
||||||
|
|
||||||
if (!username || !token || !new_password) {
|
if (!username || !token || !new_password) {
|
||||||
return this.invalidLink(req);
|
return this.invalidLink(req);
|
||||||
}
|
}
|
||||||
|
|
||||||
return config.userController.updatePassword(username, token, new_password).then((result) => {
|
return config.userController.updatePassword(username, token, new_password).then((result) => {
|
||||||
return Promise.resolve({
|
return Promise.resolve({
|
||||||
status: 302,
|
status: 302,
|
||||||
location: config.passwordResetSuccessURL
|
location: config.passwordResetSuccessURL
|
||||||
});
|
});
|
||||||
}, (err) => {
|
}, (err) => {
|
||||||
|
let params = qs.stringify({username: username, token: token, id: config.applicationId, error:err, app:config.appName})
|
||||||
return Promise.resolve({
|
return Promise.resolve({
|
||||||
status: 302,
|
status: 302,
|
||||||
location: `${config.choosePasswordURL}?token=${token}&id=${config.applicationId}&username=${username}&error=${err}&app=${config.appName}`
|
location: `${config.choosePasswordURL}?${params}`
|
||||||
});
|
});
|
||||||
});
|
});
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
invalidLink(req) {
|
invalidLink(req) {
|
||||||
@@ -118,36 +122,36 @@ export class PublicAPIRouter extends PromiseRouter {
|
|||||||
location: req.config.invalidLinkURL
|
location: req.config.invalidLinkURL
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
missingPublicServerURL() {
|
missingPublicServerURL() {
|
||||||
return Promise.resolve({
|
return Promise.resolve({
|
||||||
text: 'Not found.',
|
text: 'Not found.',
|
||||||
status: 404
|
status: 404
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
setConfig(req) {
|
setConfig(req) {
|
||||||
req.config = new Config(req.params.appId);
|
req.config = new Config(req.params.appId);
|
||||||
return Promise.resolve();
|
return Promise.resolve();
|
||||||
}
|
}
|
||||||
|
|
||||||
mountRoutes() {
|
mountRoutes() {
|
||||||
this.route('GET','/apps/:appId/verify_email',
|
this.route('GET','/apps/:appId/verify_email',
|
||||||
req => { this.setConfig(req) },
|
req => { this.setConfig(req) },
|
||||||
req => { return this.verifyEmail(req); });
|
req => { return this.verifyEmail(req); });
|
||||||
|
|
||||||
this.route('GET','/apps/choose_password',
|
this.route('GET','/apps/choose_password',
|
||||||
req => { return this.changePassword(req); });
|
req => { return this.changePassword(req); });
|
||||||
|
|
||||||
this.route('POST','/apps/:appId/request_password_reset',
|
this.route('POST','/apps/:appId/request_password_reset',
|
||||||
req => { this.setConfig(req) },
|
req => { this.setConfig(req) },
|
||||||
req => { return this.resetPassword(req); });
|
req => { return this.resetPassword(req); });
|
||||||
|
|
||||||
this.route('GET','/apps/:appId/request_password_reset',
|
this.route('GET','/apps/:appId/request_password_reset',
|
||||||
req => { this.setConfig(req) },
|
req => { this.setConfig(req) },
|
||||||
req => { return this.requestResetPassword(req); });
|
req => { return this.requestResetPassword(req); });
|
||||||
}
|
}
|
||||||
|
|
||||||
expressApp() {
|
expressApp() {
|
||||||
let router = express();
|
let router = express();
|
||||||
router.use("/apps", express.static(public_html));
|
router.use("/apps", express.static(public_html));
|
||||||
|
|||||||
Reference in New Issue
Block a user