Add password reset emailer

2013-05-30 14:07:29 -04:00 · 2013-05-30 14:07:29 -04:00 · 5205afb9cd
parent c8df4b036c
commit 5205afb9cd
6 changed files with 70 additions and 6 deletions
--- a/api.js
+++ b/api.js
@ -14,6 +14,7 @@ var Server = require("./server.js");
 var Logger = require("./logger.js");
 var apilog = new Logger.Logger("api.log");
 var Database = require("./database.js");
+var Config = require("./config.js");
 var fs = require("fs");

 var plainHandlers = {
@ -250,9 +251,51 @@ function handlePasswordReset(params, req, res) {
        return;
    }

+    if(!Config.MAIL) {
+        sendJSON(res, {
+            success: false,
+            error: "This server does not have email enabled.  Contact an administrator"
+        });
+        return;
+    }
+    var msg = [
+        "A password reset request was issued for your account `",
+        name,
+        "` on ",
+        Config.DOMAIN,
+        ".  This request is valid for 24 hours.  ",
+        "If you did not initiate this, there is no need to take action.  ",
+        "To reset your password, copy and paste the following link into ",
+        "your browser: ",
+        Config.DOMAIN,
+        "/reset.html?",
+        hash
+    ].join("");

-    sendJSON(res, {
-        success: true
+    var mail = {
+        from: "CyTube Services <" + Config.MAIL_FROM + ">",
+        to: email,
+        subject: "Password reset request",
+        text: msg
+    };
+
+    Config.MAIL.sendMail(mail, function(err, response) {
+        if(err) {
+            Logger.errlog.log("Mail fail: " + err);
+            sendJSON(res, {
+                success: false,
+                error: "Email failed.  Contact an admin if this persists."
+            });
+        }
+        else {
+            sendJSON(res, {
+                success: true
+            });
+
+            if(Config.DEBUG) {
+                Logger.syslog.log(response);
+            }
+        }
    });
 }

--- a/config.js
+++ b/config.js
@ -17,3 +17,21 @@ exports.IO_PORT = 1337; // Socket.IO port, DO NOT USE PORT 80.
 exports.WEBSERVER_PORT = 8080; // Webserver port.  Binding port 80 requires root permissions
 exports.MAX_PER_IP = 10;
 exports.GUEST_LOGIN_DELAY = 60; // Seconds
+
+var nodemailer = require("nodemailer");
+exports.MAIL = false;
+/* Example for setting up email:
+exports.MAIL = nodemailer.createTransport("SMTP", {
+    service: "Gmail",
+    auth: {
+        user: "some.user@gmail.com",
+        pass: "supersecretpassword"
+    }
+});
+
+See https://github.com/andris9/Nodemailer
+*/
+exports.MAIL_FROM = "some.user@gmail.com";
+// Domain for password reset link
+// Email sent goes to exports.DOMAIN/reset.html?resethash
+exports.DOMAIN = "http://localhost";
--- a/database.js
+++ b/database.js
@ -655,8 +655,8 @@ function generatePasswordReset(ip, name, email) {
            "`ip`, `name`, `hash`, `email`, `expire`",
         ") VALUES (",
            "?, ?, ?, ?, ?",
-         ") ON DUPLICATE KEY UPDATE `expire`=?"].join(""),
-        [ip, name, hash, email, exp, exp]
+         ") ON DUPLICATE KEY UPDATE `hash`=?,`expire`=?"].join(""),
+        [ip, name, hash, email, exp, hash, exp]
    );

    results = db.querySync(query);
--- a/package.json
+++ b/package.json
@ -11,6 +11,7 @@
        "express": ">=3.2",
        "mysql-libmysqlclient": "*",
        "node_hash": "*",
-        "bcrypt": "*"
+        "bcrypt": "*",
+        "nodemailer": "*"
    }
 }
--- a/server.js
+++ b/server.js
@ -9,7 +9,7 @@ The above copyright notice and this permission notice shall be included in all c
 THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 */

-const VERSION = "1.9.2";
+const VERSION = "1.9.3";

 var fs = require("fs");
 var Logger = require("./logger.js");
--- a/www/assets/js/account.js
+++ b/www/assets/js/account.js
@ -267,6 +267,7 @@ $("#cebtn").click(function() {
 });

 $("#rpbtn").click(function() {
+    $("#rpbtn").text("Sending...");
    $("#pwresetpane").find(".alert-error").remove();
    $("#pwresetpane").find(".alert-success").remove();
    var name = $("#rpusername").val();
@ -278,6 +279,7 @@ $("#rpbtn").click(function() {
        "email=" + email
    ].join("&") + "&callback=?";
    $.getJSON(url, function(data) {
+        $("#rpbtn").text("Send Reset");
        if(data.success) {
            $("<div/>").addClass("alert alert-success")
                .text("Password reset link issued.  Check your email.")