me
/
score-tracker
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Improve error handling for account management

main
sudoer777 2021-11-26 15:41:36 -07:00
parent d2d6bbc514
commit 5c783880a7
2 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
routes/manage.js
View File

@ -156,16 +156,16 @@ router.get('/account', userLoggedIn, (req, res, next) => {
if(userIsAdmin) {
let title = req.query.account ? 'Manage User' : 'Create User'
res.render('accounts/createuser', { title, userLoggedIn: !!req.user });
res.render('accounts/createuser', { title, userLoggedIn: !!req.user, message: req.flash('error') });
}
else {
let title = 'Manage Account';
res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user });
res.render('accounts/createuser', { title, accountID, userLoggedIn: !!req.user, message: req.flash('error') });
}
});
router.post('/account', userLoggedIn, (req, res, next) => {
router.post('/account', userLoggedIn, async function(req, res, next) {
const email = req.body.email;
const password = req.body.password;
@ -175,19 +175,24 @@ router.post('/account', userLoggedIn, (req, res, next) => {
const loggedInAccountIsAdmin = req.user[2];
const loggedInAccountID = req.user[0];
console.log(accountID);
console.log(loggedInAccountID);
if(!loggedInAccountIsAdmin && accountID != loggedInAccountID) {
res.status(403).send("ACCESS DENIED");
}
else {
try {
const isAdmin = loggedInAccountIsAdmin ? !!req.body.admin : false;
if(remove) accounts.remove(accountID).then(res.redirect('/manage'));
if(accountID) accounts.edit(accountID, email, password, isAdmin).then(res.redirect('/manage'));
else accounts.create(req.body.email, req.body.password, !!req.body.admin).then(res.redirect('/manage'));
if(remove) await accounts.remove(accountID);
else if(accountID) await accounts.edit(accountID, email, password, isAdmin);
else await accounts.create(req.body.email, req.body.password, !!req.body.admin);
res.redirect('/manage');
}
catch (err) {
console.error("ERROR: " + err.message);
req.flash("error", "An error has occurred.");
res.redirect('/manage/account');
}
}
});

1
views/accounts/createuser.pug
View File

@ -20,6 +20,7 @@ block content
span(class='form-section-checkbox')
input#admin-checkbox(type="checkbox" name="admin" disabled)
label(for="admin-checkbox") Grant admin privileges
.error #{message}
span(class='form-section')
button#submit-button(type="submit" disabled) Submit
span(class='form-section')