Merge pull request #4 from martinbedouret/master

0.0.2

Author: martinbedouret

.gitignore

@@ -34,4 +34,7 @@ node_modules
 config/runtime.yaml
 
 # Netbeans project
-nbproject/
+nbproject/
+
+# Env
+config/env/development.js

api/controllers/user.js

@@ -10,7 +10,8 @@ module.exports = {
     removeUser: removeUser,
     getUser: getUser,
     updateUser: updateUser,
-    loginUser: loginUser
+    loginUser: loginUser,
+    logoutUser: logoutUser
 };
 
 function createUser(req, res) {
@@ -40,7 +41,7 @@ function createUser(req, res) {
                 }
             });
 
-            res.status(200).json({
+            return res.status(200).json({
                 success: 1,
                 message: 'An email has been sent to you. Please check it to verify your account.'
             });
@@ -63,7 +64,7 @@ function activateUser(req, res) {
                         message: 'ERROR: sending confirmation email FAILED ' + info
                     });
                 }
-                res.status(200).json({
+                return res.status(200).json({
                     success: 1,
                     message: 'CONFIRMED!'
                 });
@@ -144,27 +145,78 @@ function updateUser(req, res) {
         return res.status(200).json(users);
     });
 }
-function loginUser(args, res) {
-    var role = args.swagger.params.role.value;
-    var username = args.body.username;
-    var password = args.body.password;
-    console.log(role + username + password);
+function loginUser(req, res) {
+    var role = req.swagger.params.role.value;
+    var username = req.body.username;
+    var password = req.body.password;
 
     if (role !== "user" && role !== "admin") {
         return res.status(400).json({
             message: "Error: Role must be either admin or user"
         });
     }
-
-    if (username === "cboard_robot" && password === "youNIC4$" && role) {
+    User.authenticate(username, password, function (error, user) {
+      if (error || !user) {
+          return res.status(401).json({
+             message: "Wrong email or password."
+         });
+      } else {
+        req.session.userId = user._id;
         var tokenString = auth.issueToken(username, role);
-        res.status(200).json({
+        user.authToken = tokenString;
+        user.save(function (err, user) {
+            if (err) {
+                return res.status(500).json({
+                    message: 'Error saving user ' + err
+                });
+            }
+            if (!user) {
+                return res.status(404).json({
+                    message: 'Unable to find user. User id: ' + user._id
+                });
+            }
+        });
+        return res.status(200).json({
             token: tokenString,
             message: "Token successfully generated"
         });
-    } else {
-        res.status(403).json({
-            message: "Error: Credentials incorrect"
+      }
+    });
+}
+function logoutUser(req, res) {
+    var username = req.body.username;
+    var password = req.body.password;
+    User.authenticate(username, password, function (error, user) {
+        if (error || !user) {
+            return res.status(401).json({
+                message: "Wrong email or password."
+            });
+        }
+        if (req.session) {
+            // delete session object
+            req.session.destroy(function (err) {
+                if (err) {
+                    return res.status(500).json({
+                        message: 'Error removing session ' + err
+                    });
+                }
+            });
+        }
+        user.authToken = '';
+        user.save(function (err, user) {
+            if (err) {
+                return res.status(500).json({
+                    message: 'Error saving user ' + err
+                });
+            }
+            if (!user) {
+                return res.status(404).json({
+                    message: 'Unable to find user. User id: ' + user._id
+                });
+            }
+        });
+        return res.status(200).json({
+            message: "User successfully logout"
         });
-    }
-}
+    });
+}

api/mail/index.js

@@ -44,10 +44,14 @@ module.exports = function (locale) {
 
         // emailing options
         transportOptions: {
-            service: 'Gmail',
+            from: '[email protected]',
+            host: 'smtp.sendgrid.net',
+            port: 465,
+            secure: true,
+            service: 'Sendgrid',
             auth: {
-                user: '[email protected]',
-                pass: 'pisco32065'
+                user: 'apikey',
+                pass: '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'
             }
         },
         verifyMailOptions: {

api/models/User.js

@@ -1,7 +1,8 @@
 'use strict';
 
 var mongoose = require('mongoose');
-const crypto = require('crypto');
+var bcrypt = require('bcrypt');
+
 
 var Schema = mongoose.Schema;
 
@@ -14,14 +15,44 @@ const oAuthTypes = [
 ];
 
 const userSchema = new Schema({
-    name: {type: String, default: ''},
-    email: {type: String, default: ''},
-    username: {type: String, default: ''},
-    provider: {type: String, default: ''},
-    locale: {type: String, default: 'en'},
-    password: {type: String, default: ''},
-    authToken: {type: String, default: ''},
-    lastlogin: {type: Date, default: Date.now},
+    name: {
+        type: String, 
+        default: ''
+        },
+    email: {
+        type: String,
+        unique: true,
+        required: true,
+        trim: true
+        },
+    username: {
+        type: String,
+        unique: true,
+        required: true,
+        trim: true,
+        default: ''
+    },
+    provider: {
+        type: String, 
+        default: ''
+        },
+    locale: {
+        type: String, 
+        default: 'en'
+        },
+    password: {
+        type: String,
+        required: true,
+        default: ''
+        },
+    authToken: {
+        type: String,
+        default: ''
+        },
+    lastlogin: {
+        type: Date, 
+        default: Date.now
+        },
     facebook: {
         id: String,
         token: String,
@@ -104,50 +135,6 @@ userSchema.pre('save', function (next) {
 
 userSchema.methods = {
 
-    /**
-     * Authenticate - check if the passwords are the same
-     *
-     * @param {String} plainText
-     * @return {Boolean}
-     * @api public
-     */
-
-    authenticate: function (plainText) {
-        return this.encryptPassword(plainText) === this.hashed_password;
-    },
-
-    /**
-     * Make salt
-     *
-     * @return {String}
-     * @api public
-     */
-
-    makeSalt: function () {
-        return Math.round((new Date().valueOf() * Math.random())) + '';
-    },
-
-    /**
-     * Encrypt password
-     *
-     * @param {String} password
-     * @return {String}
-     * @api public
-     */
-
-    encryptPassword: function (password) {
-        if (!password)
-            return '';
-        try {
-            return crypto
-                    .createHmac('sha1', this.salt)
-                    .update(password)
-                    .digest('hex');
-        } catch (err) {
-            return '';
-        }
-    },
-
     /**
      * Validation is not required if using OAuth
      */
@@ -176,8 +163,37 @@ userSchema.statics = {
         return this.findOne(options.criteria)
                 .select(options.select)
                 .exec(cb);
-    }
-};
+    },
+    
+    /**
+     * Authenticate input against database
+     *
+     * @param {String} username
+     * @param {String} password
+     * @param {Function} callback 
+     * @api private
+     */
+    
+    authenticate: function (username, password, callback) {
+        this.findOne({ username: username })
+            .exec(function (err, user) {
+                if (err) {
+                    return callback(err);
+                } else if (!user) {
+                    var err = new Error('User not found.');
+                    err.status = 401;
+                    return callback(err);
+                }
+                bcrypt.compare(password, user.password, function (err, result) {
+                    if (result === true) {
+                        return callback(null, user);
+                    } else {
+                        return callback();
+                    }
+                });
+            });
+        }
+    };
 
 var User = mongoose.model('User', userSchema);
 

api/swagger/swagger.yaml

@@ -230,6 +230,33 @@ paths:
           description: Error
           schema:
             $ref: "#/definitions/ErrorResponse"
+  /user/logout:
+    x-swagger-router-controller: user
+    post:
+      operationId: logoutUser
+      description: Destroys user session and authentication token.
+      security:
+        - Bearer: []
+      x-security-scopes:
+        - admin
+        - user
+      parameters:
+        - name: info
+          description: User properties
+          in: body
+          required: true
+          schema:
+            $ref: "#/definitions/User"
+      responses:
+        "200":
+          description: Success
+          schema:
+            $ref: "#/definitions/LogoutResponse"
+        default:
+          description: Error
+          schema:
+            $ref: "#/definitions/ErrorResponse"
+
 # complex objects have schema definitions
 definitions:
   User:
@@ -304,5 +331,11 @@ definitions:
       properties:
         token:
             type: string
+        message:
+            type: string
+  LogoutResponse:
+      required:
+          - message
+      properties:
         message:
             type: string