diff --git a/emails/resetpwd/it/html.pug b/emails/resetpwd/it/html.pug
index 12c8c57..a9a0d56 100755
--- a/emails/resetpwd/it/html.pug
+++ b/emails/resetpwd/it/html.pug
@@ -3,8 +3,24 @@ p #{nomeapp} recentemente ha ricevuto una richiesta per una password dimenticata
p Per cambiare la tua password di #{nomeapp}
p Clicca QUI
-p Se non sei stato tu a richiedere questo cambiamento, non hai bisogno di fare niente.
+span Oppure inserisci il codice
+span.grande #{tokenforgot_code}
+span sulla APP
+p
+p P.S: Se non sei stato tu a richiedere questo cambiamento, non hai bisogno di fare niente.
p Questo link scadrĂ tra 4 ore.
p Cordiali Saluti
p Supporto #{nomeapp}
+
+style(type="text/css").
+ html, body {
+ padding: 0;
+ margin: 0;
+ }
+
+ .grande {
+ font-size: 1.25rem;
+ font-weight: bold;
+ }
+
diff --git a/src/server/models/user.js b/src/server/models/user.js
index b4553f0..9762d8c 100755
--- a/src/server/models/user.js
+++ b/src/server/models/user.js
@@ -139,6 +139,10 @@ const UserSchema = new mongoose.Schema({
tokenforgot_code: {
type: String,
},
+ retry_pwd: {
+ type: Number,
+ default: 0,
+ },
date_tokenreg: {
type: Date,
},
@@ -1178,29 +1182,42 @@ UserSchema.statics.findByLinkTokenforgotCode = function (idapp, email, tokenforg
});
};
-UserSchema.statics.createNewRequestPwd = function (idapp, email) {
+UserSchema.statics.createNewRequestPwd = function (idapp, email, code) {
const User = this;
const sendemail = require('../sendemail');
- return User.findByEmail(idapp, email).then(async (user) => {
- if (!user) {
- return false;
- } else {
- // Creo il tokenforgot
- user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).
- toString();
- user.date_tokenforgot = new Date();
- user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999);
- user.lasttimeonline = new Date();
- return await user.save().then(async () => {
- await sendemail.sendEmail_RequestNewPassword(user.lang, user, user.email, user.idapp, user.tokenforgot, user.tokenforgot_code);
-
- return true;
+ if (code && code.length === 6) {
+ return User.findByLinkTokenforgotCode(idapp, email, code)
+ .then((user) => {
+ if (user)
+ return { ris: true, link: tools.getlinkRelativeRequestNewPassword(idapp, email, user.tokenforgot) };
+ else
+ return { ris: false };
+ }).catch((e) => {
+ console.log(' Err createNewRequestPwd', e.message);
+ res.status(400).send();
});
- }
+ } else {
+ return User.findByEmail(idapp, email).then(async (user) => {
+ if (!user) {
+ return { ris: false };
+ } else {
+ // Creo il tokenforgot
+ user.tokenforgot = jwt.sign(user._id.toHexString(), process.env.SIGNCODE).
+ toString();
+ user.date_tokenforgot = new Date();
+ user.tokenforgot_code = 100000 + Math.round(Math.random() * 899999);
+ user.lasttimeonline = new Date();
+ return await user.save().then(async () => {
+ await sendemail.sendEmail_RequestNewPassword(user.lang, user, user.email, user.idapp, user.tokenforgot, user.tokenforgot_code);
- });
+ return { ris: true };
+ });
+ }
+
+ });
+ }
};
UserSchema.statics.createNewRequestPwdByUsernameAndGetLink = async function (idapp, username) {
@@ -1436,7 +1453,7 @@ UserSchema.statics.getUserById = function (idapp, id) {
UserSchema.statics.getUserByUsername = function (idapp, username) {
const User = this;
- return User.findOne({
+ return User.findne({
idapp,
username,
$or: [{ deleted: { $exists: false } }, { deleted: { $exists: true, $eq: false } }],
@@ -3671,14 +3688,14 @@ UserSchema.statics.getQueryUsersDiffusori = function (idapp) {
},
},
{
- $match: { "count": { $gte: 2 } }
+ $match: { "count": { $gte: 2 } }
},
{
$sort: {
count: -1,
},
},
- { $limit: 20 },
+ { $limit: 20 },
{
$lookup: {
from: "users",
@@ -3715,11 +3732,11 @@ UserSchema.statics.getQueryUsersDiffusori = function (idapp) {
{
$replaceRoot: {
newRoot: {
- $mergeObjects: [ "$user", "$$ROOT" ],
+ $mergeObjects: ["$user", "$$ROOT"],
},
},
},
- {
+ {
$project: {
_id: 0,
count: 1,
@@ -4211,6 +4228,25 @@ UserSchema.statics.calcOtherByUser = async function (idapp, userId) {
};
+UserSchema.statics.tooManyReqPassword = async function (idapp, email, set) {
+ const User = this;
+
+ const maxnum = 30;
+
+ const user = await User.findByEmail(idapp, email);
+ if (user) {
+ if (!user.retry_pwd)
+ user.retry_pwd = 0
+ if (set && user.retry_pwd <= maxnum) {
+ user.retry_pwd++;
+
+ await User.findOneAndUpdate({ _id: user._id }, { $set: { retry_pwd: user.retry_pwd } });
+ }
+ return user.retry_pwd > maxnum ;
+ }
+
+};
+
UserSchema.statics.createNewSubRecord = async function (idapp, req) {
const User = this;
diff --git a/src/server/router/index_router.js b/src/server/router/index_router.js
index b8bf5d9..3a5103a 100755
--- a/src/server/router/index_router.js
+++ b/src/server/router/index_router.js
@@ -135,26 +135,34 @@ router.post(process.env.LINKVERIF_REG, (req, res) => {
// Faccio richiesta di una Nuova Password
router.post(process.env.LINK_REQUEST_NEWPASSWORD, async (req, res) => {
- const body = _.pick(req.body, ['idapp', 'email']);
- const idapp = body.idapp;
- const email = body.email.toLowerCase().trim();
- console.log(
- 'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp +
- ' email = ' + email);
try {
- const ris = await User.createNewRequestPwd(idapp, email);
- if (ris) {
- res.send({ code: server_constants.RIS_CODE_OK, msg: '' });
+ const body = _.pick(req.body, ['idapp', 'email', 'codetocheck']);
+ const idapp = body.idapp;
+ const email = body.email.toLowerCase().trim();
+ const codetocheck = body.codetocheck ? body.codetocheck.trim() : '';
+
+ // Check if too many requests
+ if (await User.tooManyReqPassword(idapp, email, true)) {
+ console.log(process.env.LINK_REQUEST_NEWPASSWORD, 'TOO MANY REQUESTS !!! EXIT ', email);
+ res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: 'TOO MANY REQUESTS' });
+ return false;
+ }
+
+ console.log(
+ 'POST ' + process.env.LINK_REQUEST_NEWPASSWORD + ' idapp= ' + idapp +
+ ' email = ' + email);
+
+ const reqpwd = await User.createNewRequestPwd(idapp, email, codetocheck);
+ if (reqpwd && reqpwd.ris) {
+ res.send({ code: server_constants.RIS_CODE_OK, msg: '', link: reqpwd.link });
} else {
- tools.snooze(5000);
return res.status(200).
send({ code: server_constants.RIS_CODE_EMAIL_NOT_EXIST, msg: '' });
}
} catch (e) {
console.log(process.env.LINK_REQUEST_NEWPASSWORD, e.message);
- res.status(400).send();
- res.send({ code: server_constants.RIS_CODE_ERR, msg: e });
+ res.status(400).send({ code: server_constants.RIS_CODE_ERR, msg: e });
}
});
diff --git a/src/server/tools/general.js b/src/server/tools/general.js
index d8ada63..8e7694c 100755
--- a/src/server/tools/general.js
+++ b/src/server/tools/general.js
@@ -3308,12 +3308,17 @@ module.exports = {
return msg;
},
- getlinkRequestNewPassword: function(idapp, email, tokenforgot) {
- const strlinkreg = this.getHostByIdApp(idapp) + process.env.LINK_UPDATE_PASSWORD +
+ getlinkRelativeRequestNewPassword: function(idapp, email, tokenforgot) {
+ const strlinkreg = process.env.LINK_UPDATE_PASSWORD +
`?idapp=${idapp}&email=${email}&tokenforgot=${tokenforgot}`;
return strlinkreg;
},
+ getlinkRequestNewPassword: function(idapp, email, tokenforgot) {
+ const strlinkreg = this.getHostByIdApp(idapp) + this.getlinkRelativeRequestNewPassword(idapp, email, tokenforgot);
+ return strlinkreg;
+ },
+
execScript: function(idapp, msg, script, testo) {
const {exec} = require('child_process');
const telegrambot = require('../telegram/telegrambot');