apostrophe-people
Advanced tools
Comparing version 0.5.28 to 0.5.29
56
index.js
@@ -9,2 +9,3 @@ var async = require('async'); | ||
var nodemailer = require('nodemailer'); | ||
var passwordHash = require('password-hash'); | ||
@@ -306,2 +307,56 @@ // Creating an instance of the people module is easy: | ||
self._app.post(self._action + '/change-password', function(req, res) { | ||
var __ = res.__; | ||
var oldPassword, | ||
newPassword, | ||
person; | ||
// use the callback concatination in async.series instead of vars as reset-request does | ||
return async.series({ | ||
validate: function(callback) { | ||
oldPassword = self._apos.sanitizeString(req.body.oldPassword); | ||
newPassword = self._apos.sanitizeString(req.body.newPassword); | ||
if (!oldPassword) { | ||
return callback(__('Old Password is required')); | ||
} | ||
return callback(null); | ||
}, | ||
get: function(callback) { | ||
return self._apos.pages.findOne({ | ||
type: 'person', | ||
login: true, | ||
_id: req.user._id | ||
}, function(err, page) { | ||
if (err) { | ||
return callback(err); | ||
} | ||
if (!page) { | ||
return callback(__('No user with that username or email address was found, or there is no email address associated with your account. Please try again or contact your administrator.')); | ||
} | ||
person = page; | ||
return callback(null); | ||
}); | ||
}, | ||
confirm: function(callback) { | ||
// confirm oldPassword matches what's in the DB | ||
if (!passwordHash.verify(oldPassword, person.password)) { | ||
return callback(__('Old password was incorrect')); | ||
} | ||
return callback(null); | ||
}, | ||
update: function(callback) { | ||
// save hash of new password in db | ||
var password = self.hashPassword(newPassword); | ||
return self._apos.pages.update({ _id: person._id }, { $set: { password: password }, $unset: { $resetPassword: 1 } }, function(err, count) { | ||
if (err || (!count)) { | ||
return callback(null); | ||
} | ||
return callback(null); | ||
}); | ||
} | ||
}, function(err) { | ||
// res.send error or results | ||
res.send({ status: (err) ? 'error' : 'ok'}); | ||
}); | ||
}); | ||
self._app.get(self._action + '/reset-request', function(req, res) { | ||
@@ -944,2 +999,3 @@ return res.send(self.renderPage(req, 'resetRequest', {})); | ||
} | ||
self.pushAsset('template', 'passwordEditor', { when: 'user' }); | ||
}; | ||
@@ -946,0 +1002,0 @@ } |
{ | ||
"name": "apostrophe-people", | ||
"version": "0.5.28", | ||
"version": "0.5.29", | ||
"description": "Staff directories, user accounts and personal profiles for the Apostrophe content management system", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -175,3 +175,78 @@ // JavaScript which enables editing of this module's content belongs here. | ||
} | ||
$('body').on('click', '[data-password-change]', function(){ | ||
var tagEditor = new AposPasswordEditor({action: self._action}); | ||
tagEditor.modal(); | ||
return false; | ||
}); | ||
} | ||
function AposPasswordEditor(options) { | ||
var self = this; | ||
if (!options) { | ||
options = {}; | ||
} | ||
self._action = options.action || '/apos-people'; | ||
// Call this method after constructing the object | ||
self.modal = function() { | ||
self.$el = apos.modalFromTemplate('.apos-password-editor', self); | ||
}; | ||
self.init = function(callback) { | ||
console.log(self.$el[0]); | ||
return callback(null); | ||
} | ||
self.save = function(callback) { | ||
// validate passwords match and fields are entered | ||
var oldPassword = self.$el.findByName('oldPassword').val(); | ||
var newPassword = self.$el.findByName('newPassword').val(); | ||
var confirmPassword = self.$el.findByName('confirmPassword').val(); | ||
if (!oldPassword){ | ||
//error | ||
aposSchemas.addError(self.$el, 'oldPassword', true); | ||
return callback('Old Password is required'); | ||
} | ||
if (!newPassword){ | ||
//error | ||
aposSchemas.addError(self.$el, 'newPassword', true); | ||
return callback('New Password is required'); | ||
} | ||
if (!confirmPassword){ | ||
//error | ||
aposSchemas.addError(self.$el, 'confirmPassword', true); | ||
return callback('Password confirmation is required'); | ||
} | ||
if (newPassword !== confirmPassword){ | ||
//error | ||
aposSchemas.addError(self.$el, 'newPassword'); | ||
alert('New passwords did not match'); | ||
return callback('New Passwords did not match'); | ||
} | ||
$.jsonCall( | ||
self._action + '/change-password', | ||
{ | ||
oldPassword: oldPassword, | ||
newPassword: newPassword | ||
}, | ||
function(data) { | ||
if (data.status == 'ok') { | ||
alert('Your password has been changed'); | ||
return callback(null); | ||
} else { | ||
alert('You did not enter your old password correctly'); | ||
return callback('You did not enter your old password correctly'); | ||
} | ||
}, | ||
function(data) { | ||
alert('An error occurred. Please try again.'); | ||
return callback('An error occurred in server response'); | ||
} | ||
); | ||
} | ||
} |
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
76048
27
1382
1