From 5c783880a7d2c60fd7d03aa6629c7bb9a54ad531 Mon Sep 17 00:00:00 2001
From: sudoer777 <78781902+sudoer777@users.noreply.github.com>
Date: Fri, 26 Nov 2021 15:41:36 -0700
Subject: [PATCH] Improve error handling for account management

---
 routes/manage.js              | 27 ++++++++++++++++-----------
 views/accounts/createuser.pug |  1 +
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/routes/manage.js b/routes/manage.js
index 227c27d..c995742 100644
--- a/routes/manage.js
+++ b/routes/manage.js
@@ -156,16 +156,16 @@ router.get('/account', userLoggedIn, (req, res, next) => {
   if(userIsAdmin) {
     let title = req.query.account ? 'Manage User' : 'Create User'
 
-    res.render('accounts/createuser', { title, userLoggedIn: !!req.user });  
+    res.render('accounts/createuser', { title, userLoggedIn: !!req.user, message: req.flash('error') });  
   }
   else {
     let title = 'Manage Account';
 
-    res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user });  
+    res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user, message: req.flash('error') });  
   }
 });
 
-router.post('/account', userLoggedIn, (req, res, next) => {
+router.post('/account', userLoggedIn, async function(req, res, next) {
   const email = req.body.email;
   const password = req.body.password;
 
@@ -175,19 +175,24 @@ router.post('/account', userLoggedIn, (req, res, next) => {
   const loggedInAccountIsAdmin = req.user[2];
   const loggedInAccountID = req.user[0];
 
-  console.log(accountID);
-  console.log(loggedInAccountID);
-
-
   if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) {
     res.status(403).send("ACCESS DENIED");
   }
   else {
-    const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false;
+    try {
+      const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false;
 
-    if(remove) accounts.remove(accountID).then(res.redirect('/manage'));
-    if(accountID) accounts.edit(accountID, email, password, isAdmin).then(res.redirect('/manage'));
-    else accounts.create(req.body.email, req.body.password, !!req.body.admin).then(res.redirect('/manage'));  
+      if(remove) await accounts.remove(accountID);
+      else if(accountID) await accounts.edit(accountID, email, password, isAdmin);
+      else await accounts.create(req.body.email, req.body.password, !!req.body.admin);
+
+      res.redirect('/manage');  
+    }
+    catch (err) {
+      console.error("ERROR: " + err.message);
+      req.flash("error", "An error has occurred.");
+      res.redirect('/manage/account');
+    }
   }
 });
 
diff --git a/views/accounts/createuser.pug b/views/accounts/createuser.pug
index a87897d..dfc1b13 100644
--- a/views/accounts/createuser.pug
+++ b/views/accounts/createuser.pug
@@ -20,6 +20,7 @@ block content
         span(class='form-section-checkbox')
           input#admin-checkbox(type="checkbox" name="admin" disabled)
           label(for="admin-checkbox") Grant admin privileges
+      .error #{message}
       span(class='form-section')
         button#submit-button(type="submit" disabled) Submit
     span(class='form-section')