settings for user

- enable federation for users

locales/it.js

@@ -49,9 +49,10 @@ export default {
     disable: 'Disabilita',
     me: 'Sei te',
     password_updated: 'Password modificata!',
-    username: 'Nickname',
+    username: 'Nomignolo',
     comments: 'nessun commento|un commento|{n} commenti',
-    activate_user: 'Confermato'
+    activate_user: 'Confermato',
+    displayname: 'Nome mostrato'
   },
 
   login: {

nuxt.config.js

@@ -46,10 +46,10 @@ module.exports = {
    ** Nuxt.js modules
    */
   modules: [
+    ['nuxt-express-module', { expressPath: 'server/', routesPath: 'server/routes' }],
     // Doc: https://axios.nuxtjs.org/usage
     '@nuxtjs/axios',
     '@nuxtjs/auth',
-    ['nuxt-express-module', { expressPath: 'server/', routesPath: 'server/routes' }]
   ],
   /*
    ** Axios module configuration

package.json

@@ -72,6 +72,7 @@
     "sequelize-cli": "^5.5.1",
     "sharp": "^0.23.0",
     "sqlite3": "^4.1.0",
+    "url": "^0.11.0",
     "v-calendar": "^1.0.0-beta.14",
     "vue-awesome": "^3.5.3",
     "vue-clipboard2": "^0.3.1",

pages/settings.vue

@@ -5,23 +5,27 @@
     h5 {{$t('common.settings')}}
     hr
 
-    el-form(action='/api/user' method='PUT' @submit.native.prevent='change_password' inline label-width='200px')
+    el-form(action='/api/user' method='PUT' @submit.native.prevent='update_settings' inline label-width='200px')
 
       el-form-item(:label="$t('settings.change_password')")
         el-input(v-model='password' type='password')
-          el-button(slot='append' type='success' native-type='submit') {{$t('common.send')}}
 
       //- allow federation
       div(v-if='settings.enable_federation')
         el-form-item(:label="$t('admin.enable_federation')")
-          el-switch(name='reg' v-model='enable_federation')
+          el-switch(v-model='user.settings.enable_federation')
         
-        el-form-item(v-if='enable_federation' :label="$t('common.username')")
-          el-input(type='text' name='username' v-model='user.username' :suffix='"antani"' :readonly='user.username.length>0')
-            template(slot='suffix') @{{baseurl}}
-            //- el-button(slot='append') {{$t('common.save')}}
-
+        div(v-if='user.settings.enable_federation')
+          el-form-item(:label="$t('common.username')")
+            el-input(v-if='user.username.length==0' type='text' name='username' v-model='user.username')
+              template(slot='suffix') @{{baseurl}}
+            span(v-else) {{user.username}}@{{baseurl}}
+              //- el-button(slot='append') {{$t('common.save')}}
+          
+          el-form-item(:label="$t('common.displayname')")
+            el-input(type='text' v-model='user.display_name')
 
+      el-button(type='success' native-type='submit') {{$t('common.save')}}
     
     el-divider {{$t('settings.danger_section')}}
     p {{$t('settings.remove_account')}}
@@ -30,12 +34,13 @@
 <script>
 import { mapState, mapActions } from 'vuex'
 import { Message, MessageBox } from 'element-ui'
+import url from'url'
 
 export default {
   data () {
     return {
-      enable_federation: false,
       password: '',
+      user: { }
     }
   },
   name: 'Settings',
@@ -46,13 +51,12 @@ export default {
   },
   async asyncData ({ $axios, params }) {
     const user = await $axios.$get('/auth/user')
-    user.mastodon_auth = ''
     return { user }
   },
   computed: {
     ...mapState(['settings']),
     baseurl () {
-      return new URL(this.settings.baseurl).host
+      return url.parse(this.settings.baseurl).host
     }
   },
   methods: {
@@ -67,6 +71,14 @@ export default {
         console.log(e)
       }
     },
+    async update_settings () {
+      try {
+        const user = await this.$axios.$put('/user', { ...this.user, password: this.password } )
+        this.user = user
+      } catch(e) {
+        Message({ message: e, showClose: true, type: 'warning' })
+      }
+    },
     async remove_account () {
       MessageBox.confirm(this.$t('settings.remove_account_confirm'), this.$t('common.confirm'), {
         confirmButtonText: this.$t('common.ok'),

server/api/controller/user.js

@@ -13,7 +13,12 @@ const federation = require('../../federation/helpers')
 const userController = {
   async login(req, res) {
     // find the user
-    const user = await User.findOne({ where: { email: { [Op.eq]: req.body && req.body.email } } })
+    const user = await User.findOne({ where: {
+      [Op.or]: [ 
+        { email: req.body.email },
+        { username: req.body.email }
+      ]
+    } })
     if (!user) {
       res.status(403).json({ success: false, message: 'auth.fail' })
     } else if (user) {
@@ -39,12 +44,6 @@ const userController = {
     }
   },
 
-  async setToken(req, res) {
-    req.user.mastodon_auth = req.body
-    await req.user.save()
-    res.json(req.user)
-  },
-
   async delEvent(req, res) {
     const event = await Event.findByPk(req.params.id)
     // check if event is mine (or user is admin)
@@ -222,16 +221,27 @@ const userController = {
   },
 
   async update(req, res) {
-    const user = await User.findByPk(req.body.id)
-    if (user) {
-      if (!user.is_active && req.body.is_active && user.recover_code) {
-        mail.send(user.email, 'confirm', { user, config })
-      }
-      await user.update(req.body)
-      res.json(user)
-    } else {
-      res.sendStatus(400)
+    // user to modify
+    user = await User.findByPk(req.body.id)
+
+    if (!user) return res.status(404).json({ success: false, message: 'User not found!' })
+
+    if (req.body.id !== req.user.id && !req.user.is_admin) {
+      return res.status(400).json({ succes: false, message: 'Not allowed' })
     }
+
+    // ensure username to not change if not empty
+    req.body.username = user.username ? user.username : req.body.username 
+
+    if (!req.body.password)
+      delete req.body.password
+
+    await user.update(req.body)
+
+    if (!user.is_active && req.body.is_active && user.recover_code) {
+      mail.send(user.email, 'confirm', { user, config })
+    }
+    res.json(user)
   },
 
 

server/api/index.js

@@ -44,8 +44,8 @@ api.post('/user/recover_password', userController.updatePasswordWithRecoverCode)
 api.post('/user/register', userController.register)
 api.post('/user', jwt, isAuth, isAdmin, userController.create)
 
-// update user (disable/)
-api.put('/user', jwt, isAuth, isAdmin, userController.update)
+// update user
+api.put('/user', jwt, isAuth, userController.update)
 
 //delete user
 api.delete('/user/:id', jwt, isAuth, isAdmin, userController.remove)

server/api/models/user.js

@@ -2,6 +2,7 @@
 const bcrypt = require('bcryptjs')
 const crypto = require('crypto')
 const util = require('util')
+const debug = require('debug')('model:user')
 
 const generateKeyPair = util.promisify(crypto.generateKeyPair)
 
@@ -14,6 +15,7 @@ module.exports = (sequelize, DataTypes) => {
       allowNull: false
     },
     display_name: DataTypes.STRING,
+    settings: DataTypes.JSON,
     email: {
       type: DataTypes.STRING,
       unique:  { msg: 'error.email_taken' },
@@ -51,6 +53,7 @@ module.exports = (sequelize, DataTypes) => {
 
   user.beforeSave(async (user, options) => {
     if (user.changed('password')) {
+      debug('Password for %s modified', user.username)
       const salt = await bcrypt.genSalt(10)
       const hash = await bcrypt.hash(user.password, salt)
       user.password = hash
@@ -58,6 +61,7 @@ module.exports = (sequelize, DataTypes) => {
   })
 
   user.beforeCreate(async (user, options) => {
+    debug('Create a new user => %s', user.username)
     // generate rsa keys
     const rsa = await generateKeyPair('rsa', {
       modulusLength: 4096,

server/federation/users.js

@@ -15,7 +15,8 @@ module.exports = {
       ],
       id: `${config.baseurl}/federation/u/${name}`,
       type: 'Person',
-      preferredUsername: name,
+      name: user.display_name || user.username,
+      preferredUsername: user.username,
       inbox: `${config.baseurl}/federation/u/${name}/inbox`,
       outbox: `${config.baseurl}/federation/u/${name}/outbox`,
       followers: `${config.baseurl}/federation/u/${name}/followers`,

server/federation/webfinger.js

@@ -5,6 +5,7 @@ const cors = require('cors')
 const settingsController = require('../api/controller/settings')
 const config = require('config')
 const version = require('../../package.json').version
+const url = require('url')
 
 router.use(cors())
 
@@ -14,7 +15,7 @@ router.get('/webfinger', async (req, res) => {
     return res.status(400).send('Bad request. Please make sure "acct:USER@DOMAIN" is what you are sending as the "resource" query parameter.')
   }
   const name = resource.match(/acct:(.*)@/)[1]
-  const domain = new URL(config.baseurl).host
+  const domain = url.parse(config.baseurl).host
   const user = await User.findOne({where: { username: name  } })
   if (!user) return res.status(404).send(`No record found for ${name}`)
   const ret = {

server/migrations/20190910085948-user_settings.js

@@ -0,0 +1,27 @@
+'use strict';
+
+module.exports = {
+  up: (queryInterface, Sequelize) => {
+    return queryInterface.addColumn('users', 'settings', {
+      type: Sequelize.JSON,
+      defaultValue: {}
+    })    
+    /*
+      Add altering commands here.
+      Return a promise to correctly handle asynchronicity.
+
+      Example:
+      return queryInterface.createTable('users', { id: Sequelize.INTEGER });
+    */
+  },
+
+  down: (queryInterface, Sequelize) => {
+    /*
+      Add reverting commands here.
+      Return a promise to correctly handle asynchronicity.
+
+      Example:
+      return queryInterface.dropTable('users');
+    */
+  }
+};