pnid registration and login fully working. does still need expanding.

middleware/authentication.js

@@ -17,6 +17,15 @@ function adminAuthNeeded(req, res, next) {
 	}
 }
 
+// middleware to use if pnid authentication is required
+function pnidAuthNeeded(req, res, next) {
+	if (req.isAuthenticated() && !req.user.role) {
+		return next();
+	} else {
+		apiHelper.sendApiAuthError(res);
+	}
+}
+
 // middleware to use if authentication is optional
 function authOptional(req, res, next) {
 	return next();
@@ -24,5 +33,6 @@ function authOptional(req, res, next) {
 
 module.exports = {
 	adminAuthNeeded,
+	pnidAuthNeeded,
 	authOptional
 };

models/pnid.js

@@ -52,13 +52,13 @@ function validateEmail(email) {
 PNIDSchema.plugin(uniqueValidator, {message: '{PATH} already in use.'});
 
 // hashing password
-PNIDSchema.pre('save', async function(next) {
+PNIDSchema.pre('save', function(next) {
 	// only if modified
 	if (!this.isModified('password')) {
 		return next();
 	}
 	// hashing
-	const primaryhash = PNIDModel.hashPasswordPrimary(this.get('password'), this.get('pid'));
+	const primaryhash = PNIDModel.hashPasswordPrimary(this.get('password'), this.get('pnid.pid'));
 	bcrypt.hash(primaryhash, 10, (err, hash) => {
 		if (err) {
 			return next(err);
@@ -69,9 +69,9 @@ PNIDSchema.pre('save', async function(next) {
 	});
 });
 
-PNIDSchema.statics.findByEmail = function(username) {
+PNIDSchema.statics.findByEmail = function(email) {
 	return this.model('pnid').findOne({
-		username
+		email
 	});
 };
 
@@ -104,10 +104,10 @@ PNIDSchema.statics.generatePID  = async function() {
 	});
 
 	if (does_pid_inuse) {
-		return await PNIDModel.generatePID();
+		return '' + await PNIDModel.generatePID();
 	}
 
-	return pid;
+	return '' + pid;
 };
 
 const PNIDModel = mongoose.model('pnid', PNIDSchema);

passport.config.js

@@ -53,14 +53,25 @@ module.exports = (app) => {
 				// user doesnt exist
 				return done(null, false, {message: 'Incorrect email'});
 			}
-
 			bcrypt.compare(password, user.password, (err, res) => {
 				if (err || !res) {
 					// error comparing hashes
-					return done(null, false, {message: 'Incorrect password'});
+					// try primary hash on password and checking again.
+					bcrypt.compare(PNIDModel.hashPasswordPrimary(password, user.pnid.pid), user.password, (err, res) => {
+						if (err || !res) {
+							// error comparing hashes
+							// password hashed and non hashed both incorrect.
+							return done(null, false, {message: 'Incorrect password'});
+						}
+						// password is correct, return user
+						console.log('found user and correct pass');
+						return done(null, user);
+					});
+				} else {
+					// password is correct, return user
+					console.log('found user and correct pass');
+					return done(null, user);					
 				}
-				// password is correct, return user
-				return done(null, user);
 			});
 		}).catch((err) => {
 			if (err) {
@@ -76,9 +87,16 @@ module.exports = (app) => {
 		done(null, user.id);
 	});
 		
+	//SERIOUSLY. DONT TOUCH THIS SPAGHETTI, IT TOOK ME FOREVER TO GET THIS TO WORK!!!!1!!
 	passport.deserializeUser(function(id, done) {
 		adminUserModel.findById(id, function(err, user) {
-			done(err, user);
+			if (err || !user) {
+				PNIDModel.findById(id, function(err, user) { 
+					done(err, user);
+				});
+			} else {
+				done(err, user);					
+			}
 		});
 	});
 };

routes/admin.js

@@ -10,7 +10,7 @@ const router = require('express').Router();
 const passport = require('passport');
 const moment = require('moment');
 const apiHelper = require('../helpers/api');
-const adminUserMiddleware = require('../middleware/admin-authentication');
+const userMiddleware = require('../middleware/authentication');
 
 // database models
 const adminUser = require('../models/admin-user');
@@ -67,7 +67,7 @@ router.post('/admin/api/v1/login', passport.authenticate('adminUserStrategy'), f
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/register', adminUserMiddleware.adminAuthNeeded, (req, res) => {
+router.post('/admin/api/v1/register', userMiddleware.adminAuthNeeded, (req, res) => {
 	if (!req.body) {
 		// no post body
 		apiHelper.sendApiGenericError(res);
@@ -109,7 +109,7 @@ router.post('/admin/api/v1/register', adminUserMiddleware.adminAuthNeeded, (req,
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/removeadmin', adminUserMiddleware.adminAuthNeeded, (req, res) => {
+router.post('/admin/api/v1/removeadmin', userMiddleware.adminAuthNeeded, (req, res) => {
 	if (!req.body) {
 		// no post body
 		apiHelper.sendApiGenericError(res);
@@ -136,7 +136,7 @@ router.post('/admin/api/v1/removeadmin', adminUserMiddleware.adminAuthNeeded, (r
 *		errors: Strings[messages]
 *	}
 */
-router.get('/admin/api/v1/listadmins', adminUserMiddleware.adminAuthNeeded, (req, res) => {
+router.get('/admin/api/v1/listadmins', userMiddleware.adminAuthNeeded, (req, res) => {
 	adminUser.adminUserModel.find({}, (err, admins) => {
 		// TODO format exception so it doesnt have a huge list of errors
 		if (err) return apiHelper.sendApiError(res, 500, [err]);
@@ -167,7 +167,7 @@ router.get('/admin/api/v1/listadmins', adminUserMiddleware.adminAuthNeeded, (req
 *		errors: Strings[messages]
 *	}
 */
-router.get('/admin/api/v1/check', adminUserMiddleware.authOptional, (req, res) => {
+router.get('/admin/api/v1/check', userMiddleware.authOptional, (req, res) => {
 	apiHelper.sendReturn(res, {
 		isAuthed: req.user ? true : false,
 		role: req.user ? (req.user.role ? req.user.role : undefined) : undefined
@@ -185,7 +185,7 @@ router.get('/admin/api/v1/check', adminUserMiddleware.authOptional, (req, res) =
 *		errors: Strings[messages]
 *	}
 */
-router.get('/admin/api/v1/logout', adminUserMiddleware.adminAuthNeeded, (req, res) => {
+router.get('/admin/api/v1/logout', userMiddleware.adminAuthNeeded, (req, res) => {
 	req.logout();
 	apiHelper.sendReturn(res, {});
 });
@@ -210,7 +210,7 @@ router.get('/admin/api/v1/logout', adminUserMiddleware.adminAuthNeeded, (req, re
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/newpost', adminUserMiddleware.adminAuthNeeded, function (req, res) {
+router.post('/admin/api/v1/newpost', userMiddleware.adminAuthNeeded, function (req, res) {
 	
 	if (!req.body) return apiHelper.sendApiGenericError(res);
 
@@ -262,7 +262,7 @@ router.post('/admin/api/v1/newpost', adminUserMiddleware.adminAuthNeeded, functi
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/editpost', adminUserMiddleware.adminAuthNeeded, function (req, res) {
+router.post('/admin/api/v1/editpost', userMiddleware.adminAuthNeeded, function (req, res) {
 	
 	if (!req.body) return apiHelper.sendApiGenericError(res);
 
@@ -299,7 +299,7 @@ router.post('/admin/api/v1/editpost', adminUserMiddleware.adminAuthNeeded, funct
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/newauthor', adminUserMiddleware.adminAuthNeeded, function (req, res) {
+router.post('/admin/api/v1/newauthor', userMiddleware.adminAuthNeeded, function (req, res) {
 	
 	if (!req.body) return apiHelper.sendApiGenericError(res);
 
@@ -340,7 +340,7 @@ router.post('/admin/api/v1/newauthor', adminUserMiddleware.adminAuthNeeded, func
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/editauthor', adminUserMiddleware.adminAuthNeeded, function (req, res) {
+router.post('/admin/api/v1/editauthor', userMiddleware.adminAuthNeeded, function (req, res) {
 	
 	if (!req.body) return apiHelper.sendApiGenericError(res);
 
@@ -377,7 +377,7 @@ router.post('/admin/api/v1/editauthor', adminUserMiddleware.adminAuthNeeded, fun
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/newprogress', adminUserMiddleware.adminAuthNeeded, function (req, res) {
+router.post('/admin/api/v1/newprogress', userMiddleware.adminAuthNeeded, function (req, res) {
 	
 	if (!req.body) return apiHelper.sendApiGenericError(res);
 
@@ -429,7 +429,7 @@ router.post('/admin/api/v1/newprogress', adminUserMiddleware.adminAuthNeeded, fu
 *		errors: Strings[messages]
 *	}
 */
-router.post('/admin/api/v1/editprogress', adminUserMiddleware.adminAuthNeeded, function (req, res) {
+router.post('/admin/api/v1/editprogress', userMiddleware.adminAuthNeeded, function (req, res) {
 	
 	if (!req.body) return apiHelper.sendApiGenericError(res);
 

routes/pnid.js

@@ -8,6 +8,7 @@ file for handling admin api.
 // imports
 const router = require('express').Router();
 const passport = require('passport');
+const userMiddleware = require('../middleware/authentication');
 const apiHelper = require('../helpers/api');
 const config = require('../config.json');
 const Recaptcha = require('express-recaptcha').Recaptcha;
@@ -24,6 +25,10 @@ router.get('/pnid/register', recaptcha.middleware.render, (req, res) => {
 router.get('/pnid/login', (req, res) => {
 	res.render('login');
 });
+// renders pnid dashboard
+router.get('/pnid/dashboard', userMiddleware.pnidAuthNeeded, (req, res) => {
+	res.render('dashboard');
+});
 
 /* 
 *	/api/v1/login
@@ -85,7 +90,7 @@ router.post('/api/v1/register', recaptcha.middleware.verify, async (req, res) =>
 		password,
 		pnid: {
 			key: 'abcd',
-			pid: PNID.PNIDModel.generatePID()
+			pid: await PNID.PNIDModel.generatePID()
 		}
 	});
 

views/dashboard.hbs

@@ -0,0 +1 @@
+<h1>pnid dashboard</h1>

views/login.hbs

@@ -2,5 +2,12 @@
 <form action="/api/v1/login" method="POST">
     <input type="text" name="email">
     <input type="text" name="password">
+    <a href="#" onclick="hashPassword()">Click to hash password (required before login)</a>
     <button>submit login</button>
-</form>
+</form>
+
+<script>
+    function hashPassword() {
+
+    }
+</script>