apostrophe-people - npm Package Compare versions

Comparing version 0.5.28 to 0.5.29

index.js

@@ -9,2 +9,3 @@ var async = require('async');
 var nodemailer = require('nodemailer');
+var passwordHash = require('password-hash');
 
@@ -306,2 +307,56 @@ // Creating an instance of the people module is easy:
 
+    self._app.post(self._action + '/change-password', function(req, res) {
+      var __ = res.__;
+      var oldPassword,
+          newPassword,
+          person;
+      // use the callback concatination in async.series instead of vars as reset-request does
+      return async.series({
+        validate: function(callback) {
+          oldPassword = self._apos.sanitizeString(req.body.oldPassword);
+          newPassword = self._apos.sanitizeString(req.body.newPassword);
+          if (!oldPassword) {
+            return callback(__('Old Password is required'));
+          }
+          return callback(null);
+        },
+        get: function(callback) {
+          return self._apos.pages.findOne({
+            type: 'person',
+            login: true,
+            _id: req.user._id
+          }, function(err, page) {
+            if (err) {
+              return callback(err);
+            }
+            if (!page) {
+              return callback(__('No user with that username or email address was found, or there is no email address associated with your account. Please try again or contact your administrator.'));
+            }
+            person = page;
+            return callback(null);
+          });
+        },
+        confirm: function(callback) {
+          // confirm oldPassword matches what's in the DB
+          if (!passwordHash.verify(oldPassword, person.password)) {
+            return callback(__('Old password was incorrect'));
+          }
+          return callback(null);
+        },
+        update: function(callback) {
+          // save hash of new password in db
+          var password = self.hashPassword(newPassword);
+          return self._apos.pages.update({ _id: person._id }, { $set: { password: password }, $unset: { $resetPassword: 1 } }, function(err, count) {
+            if (err || (!count)) {
+              return callback(null);
+            }
+            return callback(null);
+          });
+        }
+      }, function(err) {
+        // res.send error or results
+        res.send({ status: (err) ? 'error' : 'ok'});
+      });
+    });
+
     self._app.get(self._action + '/reset-request', function(req, res) {
@@ -944,2 +999,3 @@ return res.send(self.renderPage(req, 'resetRequest', {}));
       }
+      self.pushAsset('template', 'passwordEditor', { when: 'user' });
     };
@@ -946,0 +1002,0 @@ }

package.json

 {
   "name": "apostrophe-people",
-  "version": "0.5.28",
+  "version": "0.5.29",
   "description": "Staff directories, user accounts and personal profiles for the Apostrophe content management system",
@@ -5,0 +5,0 @@ "main": "index.js",

public/js/editor.js

@@ -175,3 +175,78 @@ // JavaScript which enables editing of this module's content belongs here.
   }
+
+  $('body').on('click', '[data-password-change]', function(){
+    var tagEditor = new AposPasswordEditor({action: self._action});
+    tagEditor.modal();
+    return false;
+  });
 }
 
+function AposPasswordEditor(options) {
+  var self = this;
+  if (!options) {
+    options = {};
+  }
+  self._action = options.action || '/apos-people';
+
+  // Call this method after constructing the object
+  self.modal = function() {
+    self.$el = apos.modalFromTemplate('.apos-password-editor', self);
+  };
+
+  self.init = function(callback) {
+    console.log(self.$el[0]);
+    return callback(null);
+  }
+
+  self.save = function(callback) {
+    // validate passwords match and fields are entered
+    var oldPassword = self.$el.findByName('oldPassword').val();
+    var newPassword = self.$el.findByName('newPassword').val();
+    var confirmPassword = self.$el.findByName('confirmPassword').val();
+
+    if (!oldPassword){
+      //error
+      aposSchemas.addError(self.$el, 'oldPassword', true);
+      return callback('Old Password is required');
+    }
+    if (!newPassword){
+      //error
+      aposSchemas.addError(self.$el, 'newPassword', true);
+      return callback('New Password is required');
+    }
+    if (!confirmPassword){
+      //error
+      aposSchemas.addError(self.$el, 'confirmPassword', true);
+      return callback('Password confirmation is required');
+    }
+    if (newPassword !== confirmPassword){
+      //error
+      aposSchemas.addError(self.$el, 'newPassword');
+      alert('New passwords did not match');
+      return callback('New Passwords did not match');
+    }
+
+    $.jsonCall(
+      self._action + '/change-password',  
+      {
+        oldPassword: oldPassword,
+        newPassword: newPassword
+      },
+      function(data) {
+        if (data.status == 'ok') {
+          alert('Your password has been changed');
+          return callback(null);
+        } else {
+          alert('You did not enter your old password correctly');
+          return callback('You did not enter your old password correctly');
+        }
+      },
+      function(data) {
+        alert('An error occurred. Please try again.');
+        return callback('An error occurred in server response');
+      }
+    );
+
+
+  }
+}

New alerts

New author

Supply chain risk

A new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

76048

increased by7.35%

Number of package files

27

increased by3.85%

Lines of code

1382

increased by9.68%

Worsened metrics

Number of medium supply chain risk alerts

1

increased byInfinity%

No dependency changes