修改找回密码逻辑，修改登录跳转逻辑

2025-12-08 19:55:55 +00:00 · 2012-03-13 17:39:04 +08:00 · 2012-03-13 17:39:04 +08:00 · a96ea0622f
commit a96ea0622f
parent e29f0fe03c
4 changed files with 141 additions and 34 deletions
--- a/controllers/sign.js
+++ b/controllers/sign.js
@ -100,7 +100,14 @@ exports.showLogin = function(req, res) {
 	req.session._loginReferer = req.headers.referer;
 	res.render('sign/signin');
 };
-
+/**
+ * define some page when login just jump to the home page
+ * @type {Array}
+ */
+var notJump = [
+  '/active_account', //active page
+  '/reset_pass'      //reset password page, avoid to reset twice
+];
 /**
 * Handle user login.
 * 
@ -131,7 +138,15 @@ exports.login = function(req, res, next) {
 		}
 		// store session cookie
 		gen_session(user, res);
-		res.redirect(req.session._loginReferer || 'home');
+    //check at some page just jump to home page 
+    var refer = req.session._loginReferer || 'home';
+    for (var i=0, len=notJump.length; i!=len; ++i) {
+      if (refer.indexOf(notJump[i]) >= 0) {
+        refer = 'home';
+        break;
+      }
+    }
+		res.redirect(refer);
 	});
 };

@ -179,35 +194,81 @@ exports.search_pass = function(req,res,next){
 			return;
 		}

-		User.findOne({email:email},function(err,user){
-			if(!user){
-				res.render('sign/search_pass', {error:'没有这个电子邮箱。',email:email});
-				return;
-			}
-			mail_ctrl.send_reset_pass_mail(email,md5(email+config.session_secret),user.name,function(err,success){
-				res.render('notify/notify',{success: '我们已给您填写的电子邮箱发送了一封邮件，请点击里面的链接来重置密码。'});
+		// User.findOne({email:email},function(err,user){
+    //动态生成retrive_key和timestamp到users collection,之后重置密码进行验证
+    var retrieveKey = randomString(15);
+    var retrieveTime = new Date().getTime();
+    User.findOne({email : email}, function(err, user) {
+        if(!user) {
+          res.render('sign/search_pass', {error:'没有这个电子邮箱。',email:email});
+          return;
+        }
+        user.retrieve_key = retrieveKey;
+        user.retrieve_time = retrieveTime;
+        user.save(function(err) {
+          if(err) {
+            return next(err);
+          }
+          mail_ctrl.send_reset_pass_mail(email, retrieveKey, user.name, function(err,success) {
+          res.render('notify/notify',{success: '我们已给您填写的电子邮箱发送了一封邮件，请点击里面的链接来重置密码。'});
+        });
 			});
 		});
 	}	
 }
-
-exports.reset_pass = function(req,res,next){
-	var key = req.query.key;
-	var name = req.query.name;
-	var new_pass = '';
-
-	User.findOne({name:name},function(err,user){
-		if(!user || md5(user.email+config.session_secret) != key){
-			res.render('notify/notify',{error: '信息有误，密码无法重置。'});
-			return;
-		}
-		new_pass = random_password();
-		user.pass = md5(new_pass);
-		user.save(function(err){
-			res.render('notify/notify',{success: '你的密码已被重置为：' + new_pass + '，请立即用此密码登录后在设置页面更改密码。'});
-		});	
-	});
-
+/**
+ * reset password
+ * 'get' to show the page, 'post' to reset password
+ * after reset password, retrieve_key&time will be destroy
+ * @param  {http.req}   req  
+ * @param  {http.res}   res 
+ * @param  {Function} next 
+ */
+exports.reset_pass = function(req,res,next) {
+  var method = req.method.toLowerCase();
+  if(method === 'get') {
+    var key = req.query.key;
+    var name = req.query.name;
+    User.findOne({name:name, retrieve_key:key},function(err,user) {
+      if(!user) {
+        return res.render('notify/notify',{error: '信息有误，密码无法重置。'});
+      }
+      var now = new Date().getTime();
+      var oneDay = 1000 * 60 * 60 * 24;
+      console.log(user);
+      console.log(user.retrieve_time, now);
+      if(!user.retrieve_time || now - user.retrieve_time > oneDay) {
+        return res.render('notify/notify', {error : '该链接已过期，请重新申请。'});
+      }
+      return res.render('sign/reset', {name : name, key : key});
+      user.save(function(err) {
+        res.render('notify/notify',{success: '你的密码已被重置为：' + new_pass + '，请立即用此密码登录后在设置页面更改密码。'});
+      });
+    });    
+  } else {
+    var psw = req.body.psw || '';
+    var repsw = req.body.repsw || '';
+    var key = req.body.key || '';
+    var name = req.body.name || '';
+    if(psw !== repsw) {
+      return res.render('sign/reset', {name : name, key : key, error : '两次密码输入不一致。'});
+    }
+    User.findOne({name:name, retrieve_key: key}, function(err, user) {
+      if(!user) {
+        return res.render('notify/notify', {error : '错误的激活链接'});
+      }
+      user.pass = md5(psw);
+      user.retrieve_key = null;
+      user.retrieve_time = null;
+      user.save(function(err) {
+        if(err) {
+          return next(err);
+        }
+        console.log(user);
+        return res.render('notify/notify', {success: '你的密码已重置。'});
+      })
+    })
+  }
 }

 // auth_user middleware
@ -250,30 +311,30 @@ exports.auth_user = function(req,res,next){
 };

 // private
-function gen_session(user,res){
+function gen_session(user,res) {
 	var auth_token = encrypt(user._id + '\t'+user.name + '\t' + user.pass +'\t' + user.email, config.session_secret);
 	res.cookie(config.auth_cookie_name, auth_token, {path: '/',maxAge: 1000*60*60*24*7}); //cookie 有效期1周			
 }
-function encrypt(str,secret){
+function encrypt(str,secret) {
   var cipher = crypto.createCipher('aes192', secret);
   var enc = cipher.update(str,'utf8','hex');
   enc += cipher.final('hex');
   return enc;
 }
-function decrypt(str,secret){
+function decrypt(str,secret) {
   var decipher = crypto.createDecipher('aes192', secret);
   var dec = decipher.update(str,'hex','utf8');
   dec += decipher.final('utf8');
   return dec;
 }
-function md5(str){
+function md5(str) {
 	var md5sum = crypto.createHash('md5');
 	md5sum.update(str);
 	str = md5sum.digest('hex');
 	return str;
 }
-function random_password(passwd_size){
-	var size = passwd_size || 6;
+function randomString(size) {
+	size = size || 6;
 	var code_string = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';	
 	var max_num = code_string.length + 1;
 	var new_pass = '';
--- a/models/user.js
+++ b/models/user.js
@ -28,7 +28,10 @@ var UserSchema = new Schema({
 	
 	receive_reply_mail: {type: Boolean, default: false },
 	receive_at_mail: { type: Boolean, default: false },
-	from_wp: { type: Boolean }
+	from_wp: { type: Boolean },
+
+	retrieve_time : {type: Number},
+	retrieve_key : {type: String}
 });

 mongoose.model('User', UserSchema);
--- a/routes.js
+++ b/routes.js
@ -35,6 +35,7 @@ exports = module.exports = function(app) {
  app.get('/search_pass', sign.search_pass);
  app.post('/search_pass', sign.search_pass);
  app.get('/reset_pass', sign.reset_pass);
+  app.post('/reset_pass', sign.reset_pass);

  // user
  app.get('/user/:name', user.index);
--- a/views/sign/reset.html
+++ b/views/sign/reset.html
@ -0,0 +1,42 @@
+<%- partial('sign/sidebar') %>
+
+<div id='content'>
+	<div class='panel'>
+		<div class='header'>
+			<ul class='breadcrumb'>
+				<li><a href='/'>主页</a><span class='divider'>/</span></li>
+				<li class='active'>重置密码</li>
+			</ul>
+		</div>
+		<div class='inner'>
+			<div class='sep10'></div>
+			<div class='sep10'></div>
+			<% if(locals.error){ %>
+			<div class="alert alert-error">	
+				<a class="close" data-dismiss="alert" href="#">&times;</a>
+				<strong><%= error %></strong>
+			</div>
+			<% } %>
+			<form id='signin_form' class='form-horizontal' action='/reset_pass' method='post'>
+				<div class='control-group'>
+					<label class='control-label' for='psw'>新密码</label>
+					<div class='controls'>
+						<input class='input-xlarge' id='psw' name='psw' size='30' type='password' />
+					</div>
+				</div>
+				<div class='control-group'>
+					<label class='control-label' for='repsw'>确认密码</label>
+					<div class='controls'>
+						<input class='input-xlarge' id='repsw' name='repsw' size='30' type='password' />
+					</div>
+				</div>
+				<input type='hidden' name='_csrf' value='<%= csrf %>' />
+				<input type='hidden' name='name' id='name' value='<%= name%>'>
+				<input type='hidden' name='key' id='key' value='<%= key%>'>
+				<div class='form-actions'>
+					<input type='submit' class='btn' value='确定' />
+				</div>
+			</form>
+		</div>
+	</div>	
+</div>