Skip to content
This repository has been archived by the owner on Aug 30, 2021. It is now read-only.

Commit

Permalink
Force Lowercase & Remove Sensitive Data
Browse files Browse the repository at this point in the history
* add directive to force username & email lowercase
* remove sensitive data in password reset
* 2 space indentation  in reset & forgot password views
  • Loading branch information
almegdad committed Sep 1, 2015
1 parent 16b481f commit aafa5e6
Show file tree
Hide file tree
Showing 9 changed files with 71 additions and 52 deletions.
14 changes: 14 additions & 0 deletions modules/users/client/directives/users.client.directive.js
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
'use strict';

// Users directive used to force lowercase input
angular.module('users').directive('lowercase', function () {
return {
require: 'ngModel',
link: function (scope, element, attrs, modelCtrl) {
modelCtrl.$parsers.push(function (input) {
return input ? input.toLowerCase() : '';
});
element.css('text-transform', 'lowercase');
}
};
});
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ <h3 class="col-md-12 text-center">Or with your account</h3>
<fieldset>
<div class="form-group" show-errors>
<label for="username">Username</label>
<input type="text" id="username" name="username" class="form-control" ng-model="credentials.username" placeholder="Username" required>
<input type="text" id="username" name="username" class="form-control" ng-model="credentials.username" placeholder="Username" lowercase required>
<div ng-messages="userForm.username.$error" role="alert">
<p class="help-block error-text" ng-message="required">Username is required.</p>
</div>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,15 +19,15 @@ <h3 class="col-md-12 text-center">Or sign up using your email</h3>
</div>
<div class="form-group" show-errors>
<label for="email">Email</label>
<input type="email" id="email" name="email" class="form-control" ng-model="credentials.email" placeholder="Email" required>
<input type="email" id="email" name="email" class="form-control" ng-model="credentials.email" placeholder="Email" lowercase required>
<div ng-messages="userForm.email.$error" role="alert">
<p class="help-block error-text" ng-message="required">Email address is required.</p>
<p class="help-block error-text" ng-message="email">Email address is invalid.</p>
</div>
</div>
<div class="form-group" show-errors>
<label for="username">Username</label>
<input type="text" id="username" name="username" class="form-control" ng-model="credentials.username" placeholder="Username" required>
<input type="text" id="username" name="username" class="form-control" ng-model="credentials.username" placeholder="Username" lowercase required>
<div ng-messages="userForm.username.$error" role="alert">
<p class="help-block error-text" ng-message="required">Username is required.</p>
</div>
Expand Down
Original file line number Diff line number Diff line change
@@ -1,22 +1,22 @@
<section class="row" ng-controller="PasswordController">
<h3 class="col-md-12 text-center">Restore your password</h3>
<p class="small text-center">Enter your account username.</p>
<div class="col-xs-offset-2 col-xs-8 col-md-offset-5 col-md-2">
<form ng-submit="askForPasswordReset()" class="form-horizontal" autocomplete="off">
<fieldset>
<h3 class="col-md-12 text-center">Restore your password</h3>
<p class="small text-center">Enter your account username.</p>
<div class="col-xs-offset-2 col-xs-8 col-md-offset-5 col-md-2">
<form ng-submit="askForPasswordReset()" class="form-horizontal" autocomplete="off">
<fieldset>
<div class="form-group">
<input type="text" id="username" name="username" class="form-control" ng-model="credentials.username" placeholder="Username">
<input type="text" id="username" name="username" class="form-control" ng-model="credentials.username" placeholder="Username" lowercase>
</div>
<div class="text-center form-group">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
<div ng-show="error" class="text-center text-danger">
<strong>{{error}}</strong>
</div>
<div ng-show="success" class="text-center text-success">
<strong>{{success}}</strong>
</div>
</fieldset>
</form>
</div>
<div class="text-center form-group">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
<div ng-show="error" class="text-center text-danger">
<strong>{{error}}</strong>
</div>
<div ng-show="success" class="text-center text-success">
<strong>{{success}}</strong>
</div>
</fieldset>
</form>
</div>
</section>
48 changes: 24 additions & 24 deletions modules/users/client/views/password/reset-password.client.view.html
Original file line number Diff line number Diff line change
@@ -1,26 +1,26 @@
<section class="row" ng-controller="PasswordController">
<h3 class="col-md-12 text-center">Reset your password</h3>
<div class="col-xs-offset-2 col-xs-8 col-md-offset-5 col-md-2">
<form ng-submit="resetUserPassword()" class="signin form-horizontal" autocomplete="off">
<fieldset>
<div class="form-group">
<label for="newPassword">New Password</label>
<input type="password" id="newPassword" name="newPassword" class="form-control" ng-model="passwordDetails.newPassword" placeholder="New Password">
</div>
<div class="form-group">
<label for="verifyPassword">Verify Password</label>
<input type="password" id="verifyPassword" name="verifyPassword" class="form-control" ng-model="passwordDetails.verifyPassword" placeholder="Verify Password">
</div>
<div class="text-center form-group">
<button type="submit" class="btn btn-lg btn-primary">Update Password</button>
</div>
<div ng-show="error" class="text-center text-danger">
<strong>{{error}}</strong>
</div>
<div ng-show="success" class="text-center text-success">
<strong>{{success}}</strong>
</div>
</fieldset>
</form>
</div>
<h3 class="col-md-12 text-center">Reset your password</h3>
<div class="col-xs-offset-2 col-xs-8 col-md-offset-5 col-md-2">
<form ng-submit="resetUserPassword()" class="signin form-horizontal" autocomplete="off">
<fieldset>
<div class="form-group">
<label for="newPassword">New Password</label>
<input type="password" id="newPassword" name="newPassword" class="form-control" ng-model="passwordDetails.newPassword" placeholder="New Password">
</div>
<div class="form-group">
<label for="verifyPassword">Verify Password</label>
<input type="password" id="verifyPassword" name="verifyPassword" class="form-control" ng-model="passwordDetails.verifyPassword" placeholder="Verify Password">
</div>
<div class="text-center form-group">
<button type="submit" class="btn btn-lg btn-primary">Update Password</button>
</div>
<div ng-show="error" class="text-center text-danger">
<strong>{{error}}</strong>
</div>
<div ng-show="success" class="text-center text-success">
<strong>{{success}}</strong>
</div>
</fieldset>
</form>
</div>
</section>
Original file line number Diff line number Diff line change
Expand Up @@ -18,15 +18,15 @@
</div>
<div class="form-group" show-errors>
<label for="email">Email</label>
<input type="email" id="email" name="email" class="form-control" ng-model="user.email" placeholder="Email" required>
<input type="email" id="email" name="email" class="form-control" ng-model="user.email" placeholder="Email" lowercase required>
<div ng-messages="userForm.email.$error" role="alert">
<p class="help-block error-text" ng-message="required">Email address is required.</p>
<p class="help-block error-text" ng-message="email">Email address is invalid.</p>
</div>
</div>
<div class="form-group" show-errors>
<label for="username">Username</label>
<input type="text" id="username" name="username" class="form-control" ng-model="user.username" placeholder="Username" required>
<input type="text" id="username" name="username" class="form-control" ng-model="user.username" placeholder="Username" lowercase required>
<div ng-messages="userForm.username.$error" role="alert">
<p class="help-block error-text" ng-message="required">Username is required.</p>
</div>
Expand Down
2 changes: 1 addition & 1 deletion modules/users/server/config/strategies/local.js
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ module.exports = function () {
},
function (username, password, done) {
User.findOne({
username: username
username: username.toLowerCase()
}, function (err, user) {
if (err) {
return done(err);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ exports.forgot = function (req, res, next) {
function (token, done) {
if (req.body.username) {
User.findOne({
username: req.body.username
username: req.body.username.toLowerCase()
}, '-salt -password', function (err, user) {
if (!user) {
return res.status(400).send({
Expand Down Expand Up @@ -144,7 +144,10 @@ exports.reset = function (req, res, next) {
if (err) {
res.status(400).send(err);
} else {
// Return authenticated user
// Remove sensitive data before return authenticated user
user.password = undefined;
user.salt = undefined;

res.json(user);

done(err, user);
Expand Down
6 changes: 4 additions & 2 deletions modules/users/server/models/user.server.model.js
Original file line number Diff line number Diff line change
Expand Up @@ -51,15 +51,17 @@ var UserSchema = new Schema({
},
email: {
type: String,
trim: true,
unique: true,
lowercase: true,
trim: true,
default: '',
validate: [validateLocalStrategyEmail, 'Please fill a valid email address']
},
username: {
type: String,
unique: 'Username already exists',
required: 'Please fill in a username',
lowercase: true,
trim: true
},
password: {
Expand Down Expand Up @@ -139,7 +141,7 @@ UserSchema.methods.authenticate = function (password) {
*/
UserSchema.statics.findUniqueUsername = function (username, suffix, callback) {
var _this = this;
var possibleUsername = username + (suffix || '');
var possibleUsername = username.toLowerCase() + (suffix || '');

_this.findOne({
username: possibleUsername
Expand Down

0 comments on commit aafa5e6

Please sign in to comment.