in modules/backend/routes/public.js [39:161]
module.exports.factory = function(mongo, settings, usersService, authService, errors) {
return new Promise((factoryResolve) => {
const router = new express.Router();
// GET user.
router.post('/user', (req, res) => {
usersService.get(req.user, req.session.viewedUser)
.then(res.api.ok)
.catch(res.api.error);
});
/**
* Register new account.
*/
router.post('/signup', (req, res) => {
const createdByAdmin = _.get(req, 'user.admin', false);
usersService.create(req.origin(), req.body, createdByAdmin)
.then((user) => {
if (createdByAdmin)
return user;
return new Promise((resolve, reject) => {
req.logIn(user, {}, (err) => {
if (err)
reject(err);
resolve(user);
});
});
})
.then(res.api.ok)
.catch(res.api.error);
});
/**
* Sign in into exist account.
*/
router.post('/signin', (req, res, next) => {
passport.authenticate('local', (errAuth, user) => {
if (errAuth)
return res.api.error(new errors.AuthFailedException(errAuth.message));
if (!user)
return res.api.error(new errors.AuthFailedException('Invalid email or password'));
if (settings.activation.enabled) {
const activationToken = req.body.activationToken;
const errToken = authService.validateActivationToken(user, activationToken);
if (errToken)
return res.api.error(errToken);
if (authService.isActivationTokenExpired(user, activationToken)) {
authService.resetActivationToken(req.origin(), user.email)
.catch((ignored) => {
// No-op.
});
return res.api.error(new errors.AuthFailedException('This activation link was expired. We resend a new one. Please open the most recent email and click on the activation link.'));
}
user.activated = true;
}
return req.logIn(user, {}, (errLogIn) => {
if (errLogIn)
return res.api.error(new errors.AuthFailedException(errLogIn.message));
return res.sendStatus(200);
});
})(req, res, next);
});
/**
* Logout.
*/
router.post('/logout', (req, res) => {
req.logout();
res.sendStatus(200);
});
/**
* Send e-mail to user with reset token.
*/
router.post('/password/forgot', (req, res) => {
authService.resetPasswordToken(req.origin(), req.body.email)
.then(() => res.api.ok('An email has been sent with further instructions.'))
.catch(res.api.error);
});
/**
* Change password with given token.
*/
router.post('/password/reset', (req, res) => {
const {token, password} = req.body;
authService.resetPasswordByToken(req.origin(), token, password)
.then(res.api.ok)
.catch(res.api.error);
});
/* GET reset password page. */
router.post('/password/validate/token', (req, res) => {
const token = req.body.token;
authService.validateResetToken(token)
.then(res.api.ok)
.catch(res.api.error);
});
/* Send e-mail to user with account confirmation token. */
router.post('/activation/resend', (req, res) => {
authService.resetActivationToken(req.origin(), req.body.email)
.then(() => res.api.ok('An email has been sent with further instructions.'))
.catch(res.api.error);
});
factoryResolve(router);
});
};