mirror of https://gitgud.io/fatchan/jschan.git
closes #14
parent
c1468e74a0
commit
514b55a506
6 changed files with 137 additions and 0 deletions
@ -1,3 +1,4 @@ |
|||||||
node_modules/ |
node_modules/ |
||||||
configs/*.json |
configs/*.json |
||||||
uploads/img/* |
uploads/img/* |
||||||
|
gulp/dist/ |
||||||
|
@ -0,0 +1,40 @@ |
|||||||
|
'use strict'; |
||||||
|
|
||||||
|
const bcrypt = require('bcrypt') |
||||||
|
, Accounts = require(__dirname+'/../../db/accounts.js'); |
||||||
|
|
||||||
|
module.exports = async (req, res, next) => { |
||||||
|
|
||||||
|
const username = req.body.username.toLowerCase(); |
||||||
|
const password = req.body.password; |
||||||
|
const newPassword = req.body.newpassword; |
||||||
|
|
||||||
|
//fetch an account
|
||||||
|
const account = await Accounts.findOne(username); |
||||||
|
|
||||||
|
//if the account doesnt exist, reject
|
||||||
|
if (!account) { |
||||||
|
return res.status(403).render('message', { |
||||||
|
'title': 'Forbidden', |
||||||
|
'message': 'Incorrect username or password', |
||||||
|
'redirect': redirect ? `/login?redirect=${redirect}` : '/changepassword' |
||||||
|
}); |
||||||
|
} |
||||||
|
|
||||||
|
// bcrypt compare input to saved hash
|
||||||
|
const passwordMatch = await bcrypt.compare(password, account.passwordHash); |
||||||
|
|
||||||
|
//if hashes matched
|
||||||
|
if (passwordMatch === true) { |
||||||
|
//change the password
|
||||||
|
await Accounts.changePassword(username, newPassword); |
||||||
|
return res.redirect('/login'); |
||||||
|
} |
||||||
|
|
||||||
|
return res.status(403).render('message', { |
||||||
|
'title': 'Forbidden', |
||||||
|
'message': 'Incorrect username or password', |
||||||
|
'redirect': redirect ? `/login?redirect=${redirect}` : '/login' |
||||||
|
}); |
||||||
|
|
||||||
|
} |
@ -0,0 +1,10 @@ |
|||||||
|
'use strict'; |
||||||
|
|
||||||
|
module.exports = (req, res, next) => { |
||||||
|
|
||||||
|
//render the page
|
||||||
|
res.render('changepassword', { |
||||||
|
csrf: req.csrfToken() |
||||||
|
}); |
||||||
|
|
||||||
|
} |
@ -0,0 +1,22 @@ |
|||||||
|
extends ../layout.pug |
||||||
|
|
||||||
|
block head |
||||||
|
title Login |
||||||
|
|
||||||
|
block content |
||||||
|
section.form-wrapper |
||||||
|
form.form-post(action='/forms/changepassword' method='POST') |
||||||
|
input(type='hidden' name='_csrf' value=csrf) |
||||||
|
section.postform-section |
||||||
|
.postform-label Username |
||||||
|
input#username(type='text', name='username', placeholder='username' maxlength='50') |
||||||
|
section.postform-section |
||||||
|
.postform-label Existing Password |
||||||
|
input#password(type='password', name='password', maxlength='100') |
||||||
|
section.postform-section |
||||||
|
.postform-label New Password |
||||||
|
input#password(type='password', name='newpassword', maxlength='100') |
||||||
|
section.postform-section |
||||||
|
.postform-label Confirm New Password |
||||||
|
input#password(type='password', name='newpasswordconfirm', maxlength='100') |
||||||
|
input(type='submit', value='submit') |
Loading…
Reference in new issue