deitch / activator Goto Github PK

<%= request.protocol %>://<%= request.headers.host %>/reset/my/password?code=<%= code %>&email=<%= email %>&user=<%= id %>

This is the sent url using your passwordreset.txt example.
But this url doesn't contain the needed req.param('password').

Also in the example and test code, you add the password through json. So I don't see how we can send a correct url to the user with the provided attributes we can add in the mail template.

In example.js line 48, it should be cb(null, null), otherwise waterfall will not call the next function property.

Hi,

Currently if the user miss the email or he loses it, I don't see any mechanism to resend a new activation code. Currently I am using the generation activation email after the user creation task. So if I try to recall the same API, the account user is already created. But I think that the resend should be in separate method call

What do you think ??

Your solution looked absolutely amazing, but I am missing one thing, certain it is really simple:)

I am trying to use the activator on my site, where I implemented mySql to keep track of users (because it seemed like mongo was not painful enough).

So, created all the routes:

var cfgWebPage = require('../config/webpage.js');
var bodyParser = require('body-parser');
var activator = require('activator');
var activatorCfg = require('../config/activator.js')
var express = require('express');
var router = express.Router();

activator.init({user: activatorCfg, transport: activatorCfg.smtpUrl , from: activatorCfg.fromEmail, templates: activatorCfg.templatesDir});

//Activation routes
router.post("/", activator.createActivate);
router.put("/:user/active", activator.completeActivate);


//Password reset routes
router.post("/passwordreset",activator.createPasswordReset);
router.put("/:user/passwordreset", activator.completePasswordReset);

router.get('/', function(req, res, next) {
    res.send('respond with a resource');
});



module.exports = router;

I then started created a module with all the configuration options, including creating a find function (I know I need the rest of them eventually)

module.exports = {
    smtpUrl: "localhost",
    fromEmail: "[email protected]",
    templatesDir: "/activator-templates",
    find: function(email, done){
        console.log("Was asked to find: " + email );
        done(null, email);
    }
}

However, if I send a POST to http://127.0.0.1:30025/activate/ (that is the local url) all I get back is

HTTP 500 Internal Server Error

Connection: keep-alive
Etag: W/"d-Qt0ac9Byu2vz9JTyKxXbjg"
Content-Type: text/html; charset=utf-8
X-Powered-By: Express
Content-Length: 13
Date: Mon, 04 Jan 2016 17:10:02 GMT

uninitialized

Not certain if that is because the activator.init failes or if that is because I am not sending the right stuff to /activate

(Improvement Suggestion)
https://github.com/dwyl/learn-json-web-tokens
In the FAQ, this guy outlines a strategy for using JWT as the security code. My focus (for my use-case) is particularly on password reset. This strategy has a lot of security advantages, being both a longer string with timeout semantics within, and extensively maintained as a library. A 8-digit hex value is fairly secure, but certainly a heavy brute-force attack on a web server that never throttles the attacker might just be able to compromise the current system.

Altogether loving the deitch/activator and your thorough documentation ~ Thanks again!

The 'next' callback will not be called in activator.createActivateNext, don't know why. Could you advise?

activator.createActivateNext(req, res, function() {
// never hit here
});

npm install activator or npm install activator --save

Fails here too:
http://package-json-validator.com/

info it worked if it ends with ok
verbose cli [ '/usr/bin/nodejs', '/usr/bin/npm', 'install', 'activator' ]
info using [email protected]
info using [email protected]
error Failed to parse json
error Unexpected token }
error File: /website/package.json
error Failed to parse package.json data.
error package.json must be actual JSON, not just JavaScript.
error
error This is not a bug in npm.
error Tell the package author to fix their package.json file. JSON.parse
error System Linux 3.13.0-55-generic
error command "/usr/bin/nodejs" "/usr/bin/npm" "install" "activator"
error cwd /website
error node -v v0.10.25
error npm -v 1.3.10
error file /website/package.json
error code EJSONPARSE
verbose exit [ 1, true ]

Hi

I tried to apply this activator to my app, but it was not successful.
There is some ambiguous step in this activator, for example how to generate the activation_code, how to connect each part...

If a working example is given, that will be a great help.

Thanks for sharing this activator.

Are the unit tests working?

npm install
npm test

results in many tests failing for me.

Hi
I use a mongoose as user model to store a user object and activation_code.
But mongoose model already has 'find' and 'save' method as well as 'create' and 'remove'.

Should I override these 'find' and 'save' method to use the activator since the user model of activator needs these two methods ?

Or can I use different names for 'find ' and 'save', for example _find for find, _save for save.

Thanks in advance

I tried using an email template in html but activator sends it all in text.

The html extension could be accepted for email templates, and used to set the correct parameter for sendMail.

Hi!
I'm trying to integrate this module into an app, but I'm struggling a little bit.

I'm using the createActivateNext function, which in turn calls the rparams function (only to override the req.params function) and then calls the createActivate function.

This createActivate function tries to find the user id in two places. First it looks into req.activator and then in req.user. But, since the module never actually attached an activator object into the request object, it is unable to find it there. However, the instructions on readme don't say that i'm supposed to attach an user object to request. Am I missing something?

By the way, I did call activator.init(config), which is working, but it doesn't attach anything to request object either.

Thank you in advance! =)

Hi, i have a problem. Again :)

activator.createPasswordReset(req, res, function (err) {

        });

When i going to the password retrieving page i getting error "Error: No Callback supplied, you must define a callback.". Have any idea how to fix that?

This is caused by Styliner module dependence called 'collections'. Looks like they tried to fix it, but no results for now.

I have a form, where user enter login, password and info about itself (age, race, sex etc).
When user submit form send activation email.
How can add user info (age, race, sex etc) to default activation template?

I'm trying to rewrite how activator fetches templates, in order to be able to pass a function to templates as my whole app is localized and uses mongodb to store texts. I've been thinking if maybe it could be possible that activator fetch the templates with a user function, so I was thinking to write this lines of code in mailcomposer.js line 53:

        if (found) {
            callback(null,found);
        } else if (typeof path === 'function') {
            mails[type][lang] = mails[type][lang] || {};
            async.parallel([
                function (cb) {
                    var promise = path(type+'_text',lang,cb);
                    if (typeof promise.then === 'function') {
                        promise.then(function (result1) {
                            cb(null, result1);
                        }, function () {
                            cb(null, '');
                        });
                    }
                },
                function (cb) {
                    var promise = path(type+'_html',lang,cb);
                    if (typeof promise.then === 'function') {
                        promise.then(function (result1) {
                            cb(null, result1);
                        }, function () {
                            cb(null, '');
                        });
                    }
                }
            ], function (err, results) {
                var dataText = results[0];
                var dataHtml = results[1];

                if (dataText) {
                    dataText = dataText.replace(/\r\n/g,'\n');
                    dataText = dataText.match(/^([^\n]*)\n[^\n]*\n((.|\n)*)/m);
                    mails[type][lang]['text'] = {
                        subject: _.template(dataText[1]),
                        content: _.template(dataText[2]),
                        expired: now + EXPIRY*60*1000,
                    };
                } else {
                    mails[type][lang]['text'] = {
                        notfound: true,
                        expired : now + EXPIRY*60*1000
                    };
                }
                if (dataHtml) {
                    dataHtml = dataHtml.replace(/\r\n/g,'\n');
                    dataHtml = dataHtml.match(/^([^\n]*)\n[^\n]*\n((.|\n)*)/m);
                    mails[type][lang]['html'] = {
                        subject: _.template(dataHtml[1]),
                        content: _.template(dataHtml[2]),
                        expired: now + EXPIRY*60*1000,
                    };
                } else {
                    mails[type][lang]['html'] = {
                        notfound: true,
                        expired : now + EXPIRY*60*1000
                    };
                }
                callback();
            });
        } else {
            fs.readdir(path,function (err,files) {

In that way one could facilitate a function that has the following signatures:

templates: function (key, lang, callback) {
    callback(null, 'Text for key and lang');
}

or

templates: function (key, lang) {
    var promise = fetch(key, lang);
    return promise;
}

If it sounds good I can make a pull request but what I'm not sure if I will be able to write tests for it, I've been reading them and I'm not really understanding them at all.

Just thought it would be nice for this module to include the deactivation functionality.

Use case: All activated user an expiry date in the system. When their account is expired, we would like to deactivate them and at the same time inform them via email.

Im trying to use the passwordreset but the user keeps on being undefined.

Error log:
Wed, 06 May 2015 02:42:54 GMT express deprecated req.param(name): Use req.params, req.body, or req.query instead at routes/account.api.js:351:18
source: http://expressjs.com/api.html#app.param

This results in activator calling the usermodel with a username undefined.
And therefore, the whole passwordreset system is not working.

I looked at the code trying to make it work for my project for different locales. In activator.js I just replace 'en_US' with variable lang, whose value is obtained from req.lang passed in from previous middleware. Now I can add templates of different locales in the template directory.

This is just a quick hack, a little better maybe define another configurable property (similar to idProperty but on req). I'm wondering if this direction is ok (to the extent that you guys will consider it, or you have some plan regarding internationalization). Thanks.

So I think I am almost there (kind of)

I get the link, send it out, drive the user to a password reset screen, then send a call for the password reset with the new password. All that (I thing is working). My route for completePasswordReset looks like the following:
router.put('/request/reset/password/:user',activator.completePasswordReset)

So I send the following request to it

Request URL:http://127.0.0.1:26021/auth/request/reset/password/[email protected]
Request Method:PUT
Status Code:400 Bad Request
Remote Address:127.0.0.1:26021
Response Headers
view source
Connection:keep-alive
Content-Length:61
Content-Type:application/json; charset=utf-8
Date:Mon, 15 Aug 2016 10:52:58 GMT
ETag:W/"3d-3I3dd1pxBwRmlcv1fhD3sg"
X-Powered-By:Express
Request Headers
view source
Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Authorization:eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJiZW5ndGJqQGdtYWlsLmNvbSIsInB1cnBvc2UiOiJyZXNldHBhc3N3b3JkIiwiaWF0IjoxNDcxMjU3ODk2fQ.zwWcuiBa7WIu5PVWrXyvSLrlZobYXLe6KttFXf7Wq8Y
Cache-Control:no-cache
Connection:keep-alive
Content-Length:49
Content-Type:application/json
Cookie:hasConsent=true; incMobileIcon=false; incLinkedinIcon=false; incSkypeIcon=false; incEmailIcon=false; incDirect=false; incMobile=false; incGoogleMapIcon=false; yourmobile=undefined; skype=undefined; direct=undefined; linkedin=undefined; jobname=Marta%20Abrams; jobtitle=CEO%20%26%20Co-founder; jobmail=Marta.Abrams%40unbrand.me; mobile=7507644305; _ga=GA1.1.352163257.1442317669; connect.sid=s%3AbmrERsByqIdLDVoupSGNzyD82MT_boWW.A4mowBtiGNepGgLmandwHuVGf5Tq0npTmcNolko0acw
Host:127.0.0.1:26021
Origin:http://127.0.0.1:26021
Pragma:no-cache
Referer:http://127.0.0.1:26021/request/reset/password?code=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJiZW5ndGJqQGdtYWlsLmNvbSIsInB1cnBvc2UiOiJyZXNldHBhc3N3b3JkIiwiaWF0IjoxNDcxMjU3ODk2fQ.zwWcuiBa7WIu5PVWrXyvSLrlZobYXLe6KttFXf7Wq8Y&[email protected]&user=unBengt
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_10_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/52.0.2743.116 Safari/537.36
Request Payload
view source
{email: "[email protected]", password: "newword"}
email
:
"[email protected]"
password
:
"newword"
Name
meassure.png
chromecastcheck.js
data:image/png;base…
[email protected]

But I get a 400 error with the message:
{"name":"JsonWebTokenError","message":"jwt must be provided"}

But in the header I do set the code as Authoization, am I missing something?

Hello) I have a question. In your module exists this code:

If reset code is invalid, or expired, i have a blank white page with message. I want to handle this action, and redirect user to my custom page. Haw can i do it?

function (res,cb) {
                if (!res) {
                    cb(404);
                } else if (res.password_reset_code !== reset_code){
                    cb("invalidresetcode");
                } else if (res.password_reset_time  now) {
                    cb("expiredresetcode");
                } else if (!password) {
                    cb("missingpassword");
                } else {
                    model.save(id,{password_reset_code:"X",password_reset_time:0,password:password},cb);
                }
            }

Think I have followed the instructions, or at least as I understood them, and have gotten almost everything working. However, when I call the completePasswordReset, and after the password is updated, I get the following issue:

/Users/bengtbjorkberg/WebstormProjects/unbrandme.https/node_modules/activator/lib/activator.js:226
                cb(null);
                ^

TypeError: cb is not a function
    at async.waterfall.code (/Users/bengtbjorkberg/WebstormProjects/unbrandme.https/node_modules/activator/lib/activator.js:226:5)
    at fn (/Users/bengtbjorkberg/WebstormProjects/unbrandme.https/node_modules/activator/node_modules/async/lib/async.js:582:34)
    at Immediate._onImmediate (/Users/bengtbjorkberg/WebstormProjects/unbrandme.https/node_modules/activator/node_modules/async/lib/async.js:498:34)
    at processImmediate [as _immediateCallback] (timers.js:383:17)

The route called looks as follows:
router.put('/request/reset/password/:user' ,activator.completePasswordReset)

Is it possible to use any other email transports. I use amazon's SES service (via the nodemailer package) which I am struggling to fit with activator's SMTP URL approach.

Thanks.

Tim

Hi,

I'm using javascript"activator": "^1.0.1" on package.json file for activating users.

On the reset password flow I'm getting this error:
javascriptTypeError: Object #<ServerResponse> has no method 'sendStatus'

It comes from this function:

createPasswordReset: function (req,res,next) {
    rparam(req);
    createPasswordReset(req,function (code,message) {
        if (message === null || message === undefined || (typeof(message) === "number" && message === code)) {
            res.sendStatus(code);
        } else {
            res.status(code).send(message);
        }
    });
}`

The problem is on res.sendStatus(code);, am I missing something here?
As far I know that should be res.status(code);, like in all other places.

Is it yours or mine bug 😏?

Thanks

It would be great if activator checks that the reset password token can be used only once.

As you suggest in issue #67, including the hash of the current password in the reset password token sounds great to me.

Hi,

I am using this library with the Sequelize ORM and Mysql as database engine. My field "password_reset_time" is of type Timestamp and when the completion is done successfully and you try to put 0 in this field, an exception is raised. I will try to do more debugging the error but it seems not accepting the default time value.

By the way, I think allowing user to use or define these default values (X or 0) will be good while initializing the activator instance

Thanks

I really this component in my nodejs project, i have most of the things up, but i have difficulties getting activator work in my project. Are there some examples that i can view?

Current "npm audit" results with 4 vulnerabilities. Seems like styliner needs to be updated?

I've just been working on extending activator to do three things:

• hooks to allow auto-generating a password instead of having the user supply one (we require this in our application just now)
• hooks to allow checking of a password (for strength requirements; we don't need this now, but may need it soon)
• hooks to send an email with the newly changed password on reset (we also need this now)

So far so good, I think I've managed to get something together here: https://github.com/vrtsystems/activator/commits/send-generated-password

HOWEVER, the test suite in activator is doing my head in. Specifically, I am having difficulties with understanding how the email tests work. It seems when I try to extend a test to pick up the "new password" email to check it against the supplied password, I wind up with a copy of the previous email in that test case. I'm not sure if this is the test suite in activator or whether it is smtp-tester doing something funny. Any guidance on this would be appreciated.

So right now, no test cases, but I'm trying to address this. In the meantime, I've published the code written so far for review.

First of all, please forgive me if this is an already solved or stupid question. I've read the documentation and the issues for activator and I haven't been able to find any answer to my question.

I'd like to know how to define and use this attributes for the user model:

• activation_code
• password_reset_code
• password_reset_time

I'd also like to know how to check if an activation or reset password code has already been used, in order to avoid using the same code more than once. Does activator check this in any way? If so, how? Or is this check something I have to do on my own?

Thanks in advance for your support.

Best regards.

HI,

I have to integrate your activator library within my project. My project is using sequelize as database ORM. For the moment, I have tried to test the createActivation method. The user activation code was created and added to database successfully but I don't receive any email. As Json response (tested using Postman) I got 404 and 'Not found' message' but no more error message.

Can you please help me or give me any hints to debug this issues.

Just for information I am using Gmail as smtp mailer support with url like this:

url = 'smtps://user%40gmail.com:[email protected]'

As IDE I am using Netbeans 8.1 (which supports already Nodejs), but I did not find any way to attach your library source code while debugging.

Hello, thanks for creating this, exactly was I was about to start working on. Im getting an error though which i cant figure out.

 ReferenceError: req is not defined
15:25:22 web.1  |     at Object.eval [as content] (/lodash/template/source[1]:9:11)
15:25:22 web.1  |     at /Users/daniel/Dropbox/Projects/couponexpresskiosk.com/node_modules/activator/lib/mailcomposer.js:88:38
15:25:22 web.1  |     at /Users/daniel/Dropbox/Projects/couponexpresskiosk.com/node_modules/activator/lib/mailcomposer.js:74:8
15:25:22 web.1  |     at /Users/daniel/Dropbox/Projects/couponexpresskiosk.com/node_modules/async/lib/async.js:113:25
15:25:22 web.1  |     at /Users/daniel/Dropbox/Projects/couponexpresskiosk.com/node_modules/async/lib/async.js:24:16
15:25:22 web.1  |     at /Users/daniel/Dropbox/Projects/couponexpresskiosk.com/node_modules/activator/lib/mailcomposer.js:59:10
15:25:22 web.1  |     at fs.js:266:14
15:25:22 web.1  |     at Object.oncomplete (fs.js:107:15)

Don't know which one is wrong:

https://github.com/deitch/activator/blob/master/README.md#templates-format Line 533 authorization

https://github.com/deitch/activator/blob/master/lib/activator.js#L69 authentication

Hi, I started using your module, but would like to use the html email feature. The latest version npm can install is 0.2.8. However, html email feature is missing there. When are you planning to make version 0.3.0 available in the npm repository?

Hi. I try to use this module, but i getting this error:

/var/www/web/insights-platform/node_modules/activator/lib/activator.js:112
                        model.save(id,{activation_code:code},cb);
                              ^
TypeError: Object [object Object] has no method 'save'
    at async.waterfall.mailer.code (/var/www/web/insights-platform/node_modules/activator/lib/activator.js:112:13)
    at fn (/var/www/web/insights-platform/node_modules/activator/node_modules/async/lib/async.js:579:34)
    at Object._onImmediate (/var/www/web/insights-platform/node_modules/activator/node_modules/async/lib/async.js:495:34)
    at processImmediate [as _immediateCallback] (timers.js:330:15)

I am using Sails.js. How i can fix that?

HI,

I have tried to use a html activation template and I have used the html template example but I have used the EJS technique with the link href tag. But one I receive the email, there is no link. After I have seen the original email, I have found the a character 3D was added and it seems that this is normal as the encoding is 'quoted printable' but such feature have destroy the activation link.
Similare issue:
http://stackoverflow.com/questions/34694732/node-js-nodemailer-sending-html-with-link

http://stackoverflow.com/questions/34189728/nodemailer-anchor-tag-not-working/34207735#34207735

I have tried to use the nodemailer hmtltotext plugin, but without success.

Any help or hint to solve this issue ??? Thanks