sends emails now

Author: mzhang28

.gitignore

@@ -1,3 +1,4 @@
 node_modules
 .sublime-workspace
 .sublime-project
+.env

api/api.js

@@ -1,5 +1,6 @@
 var account = require("./account");
 var auth = require("./auth");
+var forgot = require("./forgot");
 var scoreboard = require("./scoreboard");
 
 module.exports = function(app) {
@@ -39,4 +40,11 @@ module.exports = function(app) {
 	app.get("/api/scoreboard/graph", function(req, res) {
 		scoreboard.get_graph(req, res);
 	});
+
+	// *******************
+	//   FORGOT PASSWORD
+	// *******************
+	app.post("/api/forgot", function(req, res) {
+		forgot.send_reset_email(req, res);
+	});
 };

api/forgot.js

@@ -0,0 +1,201 @@
+var common = require("./common");
+var moment = require("moment");
+require("dotenv").load();
+
+// THIS INFO GOES INTO A .env FOLDER OR YOU CAN PROVIDE IT AS ENVIRONMENTAL VARIABLES ON YOUR HOST
+var sendgrid = require("sendgrid")(process.env.SENDGRID_USERNAME, process.env.SENDGRID_PASSWORD);
+
+// *************
+//   CONSTANTS
+// *************
+// change this stuff
+var FROM_EMAIL = "[email protected]";
+var FROM_NAME = "Your CTF";
+var DOMAIN = "yourctf.com";
+
+exports.send_reset_email = function(req, res) {
+	var email = req.param("email");
+
+	if (!email) {
+		res.send({
+			success: 0,
+			message: "You have to enter an email!",
+		});
+		return;
+	}
+
+	common.db.collection("accounts").find({
+		email: email
+	}).toArray(function(err, data) {
+		if (err) {
+			res.send({
+				success: 0,
+				message: "An internal error occurred."
+			});
+			return;
+		}
+
+		if (data.length == 0) {
+			res.send({
+				success: 0,
+				message: "Couldn't find your email. Try signing up?"
+			});
+			return;
+		}
+
+		if (data.length > 1) {
+			res.send({
+				success: 0,
+				message: ""
+			});
+			return;
+		}
+
+		var checkTeam = data[0];
+		var salt = common.generateSalt();
+		var code = common.hash(email+salt, "sha256") + salt;
+		var expire = moment().add(48, "hours");
+
+		// deactivate existing codes for this email
+		common.db.collection("reset_password").update({
+			email: email,
+			active: true
+		}, {
+			$set: {
+				active: false
+			}
+		}, function(err2, data2) {
+			// insert a request
+			common.db.collection("reset_password").insert({
+				code: code,
+				email: email,
+				salt: salt,
+				expire: expire.format(),
+				active: true
+			}, { w: 1 }, function(err3, data3) {
+				if (err3) {
+					res.send({
+						success: 0,
+						message: "Couldn't make a password reset request."
+					});
+					return;
+				}
+
+				sendgrid.send({
+					to: email,
+					from: FROM_EMAIL,
+					fromname: FROM_NAME,
+					replyto: FROM_EMAIL,
+					subject: "Password Reset Requested.",
+					html: '<p>Hey there</p><p>Someone (hopefully you) requested to change the password for the account with the email ' + req.param('email') + '. Obviously, we\'ll be asking for verification of identity, so if you did in fact request this, follow this link: http://' + DOMAIN + '/forgot/' + code + "</p><p>" + FROM_NAME + "</p>"
+				}, function(err4, json) {
+					if (err4) {
+						console.dir(err4);
+						res.send({
+							success: 0,
+							message: "Failed to send email"
+						});
+						return;
+					} else {
+						res.send({
+							success: 1,
+							message: "Email successfully sent!"
+						});
+						return;
+					}
+				});
+			});
+		});
+	});
+};
+
+exports.verify_code = function(req, res) {
+	var code = req.param("code");
+	var pass = req.param("p1");
+	var confirm = req.param("p2");
+
+	if (!(code && pass && confirm)) {
+		res.send({
+			success: 0,
+			message: "You must fill out all of the fields!"
+		});
+		return;
+	}
+
+	if (pass !== confirm) {
+		res.send({
+			success: 0,
+			message: "Passwords don't match."
+		});
+		return;
+	}
+
+	common.db.collection("reset_password").find({
+		code: code,
+		active: true
+	}).toArray(function(err, data) {
+		if (err) {
+			res.send({
+				success: 0,
+				message: "Internal error.",
+			});
+			return;
+		}
+		if (data.length == 0) {
+			res.send({
+				success: 0,
+				message: "Couldn't find an active ticket for this code. Try requesting another"
+			});
+			return;
+		}
+
+		var obj = data[0];
+		var now = moment();
+		var exp = moment(obj.expire);
+		if (now.isBefore(exp) && obj.active) {
+			var salted = common.encryptPass(pass); //yum
+			common.db.collection("reset_password").update({
+				code: code
+			}, {
+				$set: {
+					active: false
+				}
+			}, function(err2, data2) {
+				if (err2) {
+					res.send({
+						success: 0,
+						message: "Internal error.",
+					});
+					return;
+				}
+				common.db.collection("accounts").update({
+					email: obj.email
+				}, {
+					$set: {
+						pass: salted
+					}
+				}, function(err3, data3) {
+					if (err3) {
+						res.send({
+							success: 0,
+							message: "Internal error.",
+						});
+						return;
+					} else {
+						res.send({
+							success: 1,
+							message: "Your password has been changed!"
+						});
+						return;
+					}
+				});
+			});
+		} else {
+			res.send({
+				success: 0,
+				message: "Maybe your code expired?"
+			});
+			return;
+		}
+	});
+}

app/pages/forgot.html

@@ -0,0 +1,76 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+		<meta charset="utf-8">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0, user-scalable=yes">
+
+		<title>Forgot Password - CTF Platform</title>
+
+		<link rel="stylesheet" href="css/main.css" media="screen" />
+		<link rel="icon" href="images/logo.ico" media="screen" />
+	</head>
+
+	<body>
+		<nav role="navigation" class="navbar navbar-default">
+			<div class="container-fluid">
+				<div class="navbar-header">
+					<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#navbar-content">
+						<span class="sr-only">Toggle Navigation</span><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span>
+					</button><a href="/" class="navbar-brand">CTF-Platform</a>
+				</div>
+				<div id="navbar-content" class="collapse navbar-collapse">
+				    <ul class="nav navbar-nav" id="nav-left">
+				    </ul>
+				    <ul class="nav navbar-nav navbar-right" id="nav-right">
+				    </ul>
+				</div>
+			</div>
+		</nav>
+
+		<div class="container">
+			<div class="container">
+				<div class="page-header">
+					<h1>Forgot Password</h1>
+				</div>
+			</div>
+
+			<div class="container">
+				<div id="forgot_msg"></div>
+				<div class="well col-lg-7">
+					<div>
+						<form action="javascript:dispatch();" class="form-horizontal">
+							<fieldset>
+								<legend>Enter the email you used to sign up.</legend>
+								<div class="form-group">
+									<label for="forgot-email" class="col-lg-3 control-label">Email</label>
+									<div class="col-lg-8">
+										<input type="email" name="forgot-email" id="forgot-email" placeholder="Email" autofocus="on" class="form-control">
+									</div>
+								</div>
+								<div class="form-group">
+									<label class="col-lg-3 control-label"></label>
+									<div class="col-lg-7">
+										<button id="forgot-btn" onClick="javascript:dispatch(); return false;" class="btn btn-primary">Send Password Reset Email</button>
+									</div>
+								</div>
+							</fieldset>
+						</form>
+					</div>
+				</div>
+			</div>
+
+			<div id="footer"></div>
+		</div>
+
+		<script type="text/javascript" src="js/jquery.js"></script>
+		<script type="text/javascript" src="js/bootstrap.min.js"></script>
+		<script type="text/javascript" src="js/dependencies.js"></script>
+		<script type="text/javascript" src="js/forgot.js"></script>
+		<script type="text/javascript">
+			$(function() {
+				display_navbar();
+				load_footer();
+			});
+		</script>
+	</body>
+</html>

app/router.js

@@ -10,7 +10,8 @@ var pages = [
 	"register",
 	"about",
 	"updates",
-	"scoreboard"
+	"scoreboard",
+	"forgot"
 ];
 
 var auth_pages = [

package.json

@@ -4,10 +4,12 @@
   "private": true,
   "dependencies": {
     "async": "^0.9.0",
+    "dotenv": "^0.4.0",
     "express": "3.x",
+    "html-entities": "^1.1.1",
     "moment": "^2.8.4",
     "mongodb": "^1.4.23",
-    "html-entities": "^1.1.1"
+    "sendgrid": "^1.3.0"
   },
   "engines": {
     "node": "0.10.x"

web/js/forgot.js

@@ -0,0 +1,28 @@
+(function() {
+	window.dispatch = function() {
+		$("[id^=forgot-]").attr("disabled", "disabled");
+		$.ajax({
+			url: "/api/forgot",
+			dataType: "json",
+			data: {
+				email: $("#forgot-email").val()
+			},
+			type: "POST",
+			success: function(data) {
+				var alert_class = "";
+				if (data.success == 1) {
+					alert_class = "success";
+				} else {
+					alert_class = "danger";
+					$("[id^=forgot-]").removeAttr("disabled");
+				}
+				$("#forgot_msg").hide().html("<div class=\"alert alert-" + alert_class + "\"> " + data['message'] + " </div>").slideDown("normal");
+				setTimeout(function() {
+					$("#forgot_msg").slideUp("normal", function() {
+						return $("#forgot_msg").html("").show();
+					});
+				}, 2000);
+			},
+		});
+	};
+})();