Login and account creation working

Signed-off-by: James Ketrenos <james_git@ketrenos.com>

frontend/src/ketr-photos/ketr-photos.html

@@ -377,7 +377,11 @@
           Unfortunately, I haven't built this part of the site yet... send me an email (james @ ketrenos.com) 
           and I'll create an account for you.
         </div>
-        <paper-button dialog-dismiss>close</paper-button>
+        <paper-input tabindex=0 autofocus id="username" label="User ID" value="{{username}}" on-keypress="enterCheck"></paper-input>
+        <paper-input tabindex=0 id="password" label="Password" type="password" value="{{password}}" on-keypress="enterCheck"></paper-input>
+        <paper-input tabindex=0 id="name" label="Display name" value="{{name}}" on-keypress="enterCheck"></paper-input>
+        <paper-input tabindex=0 id="mail" label="E-mail" value="{{mail}}" on-keypress="enterCheck"></paper-input>
+        <paper-button tabindex=0 id="createButton" disabled$="[[disableCreate(username,name,password,mail)]]" on-tap="create" raised><div hidden$="[[loggingIn]]">create</div><div hidden$="[[!loggingIn]]"><paper-spinner active$="[[loggingIn]]"></paper-spinner></div></paper-button>
       </div>
     </paper-dialog>
     <paper-toast id="toast"></paper-toast>
@@ -399,6 +403,14 @@
             type: String,
             value: ""
           },
+          name: {
+            type: String,
+            value: ""
+          },
+          mail: {
+            type: String,
+            value: ""
+          },
           years: {
             type: Array,
             value: []
@@ -462,19 +474,23 @@
           return !username || username == "" || !password || password == "";
         },
 
+        disableCreate: function(username, name, mail, password) {
+          return !username || username == "" || 
+            !password || password == "" ||
+            !name || name == "" ||
+            !mail || mail == "";
+        },
+
         enterCheck: function(event) {
           if (event.key == 'Enter') {
-            if (event.currentTarget.id == "username") {
+            var next = event.currentTarget.nextElementSibling;
-              event.preventDefault();
+            event.preventDefault();
-              this.async(function() {
+            if (next.tagName.toLowerCase() == "paper-button") {
-                this.$.password._focusableElement.focus();
+              next.click();
-              }, 100);
+            } else {
-              return;
+              this.async(function(next) {
-            }
+                next._focusableElement.focus();
-            
+              }.bind(this, next), 100);
-            if (event.currentTarget.id == "password") {
-              event.preventDefault();
-              this.login();
               return;
             }
           }
@@ -516,6 +532,7 @@
             this.loading = false;
             this.password = "";
             var user;
+
             if (error) {
               this.user = null;
               this.$.toast.text = error;
@@ -543,6 +560,53 @@
           }.bind(this), null, "POST", { u: this.username, p: this.password });
         },
 
+        create: function(event) {
+          if (this.loading) {
+            return;
+          }
+          this.loading = true;
+          this.loggingIn = true;
+          this.user = null;
+          window.fetch("api/v1/users/create", function(error, xhr) {
+            this.loggingIn = false;
+            this.loading = false;
+            this.password = "";
+            var user;
+
+            this.$.requestAccess.close();
+
+            if (error) {
+              this.user = null;
+              this.$.toast.text = error;
+              this.$.toast.setAttribute("error", true);
+              this.$.toast.updateStyles();
+              this.$.toast.show();
+              console.error("Invalid login information.");
+              return;
+            }
+
+            try {
+              user = JSON.parse(xhr.responseText);
+            } catch(___) {
+              this.$.toast.text = "Unable to load/parse user information.";
+              this.$.toast.setAttribute("error", true);
+              this.$.toast.updateStyles();
+              this.$.toast.show();
+              console.error("Unable to parse user information");
+              return;
+            }
+
+            if (user && user.username) {
+              this.user = user;
+            }
+          }.bind(this), null, "POST", { 
+            u: this.username, 
+            p: this.password,
+            n: this.name,
+            m: this.mail
+          });
+        },
+
         logout: function(event) {
           window.fetch("api/v1/users/logout", function(error, xhr) {
             this.user = null;

server/routes/users.js

@@ -2,7 +2,8 @@
 
 const express = require("express"),
   config = require("config"),
-  LdapAuth = require("ldapauth-fork");
+  LdapAuth = require("ldapauth-fork"),
+  crypto = require("crypto");
 
 const router = express.Router();
 
@@ -29,7 +30,7 @@ router.get("/", function(req, res/*, next*/) {
 
 function ldapPromise(username, password) {
   if (!ldap) {
-    throw "LDAP not being used";
+    return Promise.reject("LDAP not being used");
   }
   return new Promise(function(resolve, reject) {
     ldap.authenticate(username, password, function(error, user) {
@@ -41,6 +42,51 @@ function ldapPromise(username, password) {
   });
 }
 
+router.post("/create", function(req, res) {
+  let username = req.query.u || req.body.u || "",
+    password = req.query.p || req.body.p || "",
+    name = req.query.n || req.body.n || username,
+    mail = req.query.m || req.body.m;
+
+  if (!username || !password || !mail || !name) {
+    return res.status(400).send("Missing user id, name, password, and/or email");
+  }
+
+  let query = "SELECT * FROM users WHERE uid=:username";
+  return userDB.sequelize.query(query, {
+    replacements: {
+      username: username
+    },
+    type: userDB.Sequelize.QueryTypes.SELECT
+  }).then(function(results) {
+    if (results.length != 0) {
+      return res.status(400).send("Username already exists.");
+    }
+
+    return userDB.sequelize.query("INSERT INTO users " + 
+        "(uid,displayName,password,mail,memberSince,authenticated) " +
+        "VALUES(:username,:name,:password,:mail,CURRENT_TIMESTAMP,0)", {
+      replacements: {
+        username: username,
+        name: name,
+        password: crypto.createHash('sha256').update(password).digest('base64'),
+        mail: mail
+      }
+    }).then(function(results) {
+/*
+      req.session.user = {
+        name: name,
+        mail: mail,
+        username: username,
+      };
+      return res.status(200).send(req.session.user);
+*/
+      req.session.user = {};
+      return res.status(401).send("Account has not been authenticated.");
+    });
+  });
+});
+
 router.post("/login", function(req, res) {
   let username = req.query.u || req.body.u || "",
     password = req.query.p || req.body.p || "";
@@ -51,23 +97,24 @@ router.post("/login", function(req, res) {
     return res.status(400).send("Missing username and/or password");
   }
 
-    /* We use LDAP as the primary authenticator; if the user is not
+  /* We use LDAP as the primary authenticator; if the user is not
-    * found there, we look them up in the site-specific user database */
+   * found there, we look them up in the site-specific user database */
    
   return ldapPromise(username, password).then(function(user) {
      return user;
   }).catch(function() {
-    let query = "SELECT * FROM users WHERE uid=:username";
+    console.log("User not found in LDAP. Looking up in DB.");
+    let query = "SELECT * FROM users WHERE uid=:username AND password=:password";
     return userDB.sequelize.query(query, {
       replacements: {
         username: username,
+        password: crypto.createHash('sha256').update(password).digest('base64')
       },
       type: userDB.Sequelize.QueryTypes.SELECT
     }).then(function(users) {
       if (users.length != 1) {
         return null;
       }
-
       return users[0];
     });
   }).then(function(user) {
@@ -77,6 +124,12 @@ router.post("/login", function(req, res) {
       return res.status(401).send("Invalid login credentials");      
     }
 
+    if (!user.authenticated) {
+      console.log(username + " not authenticated.");
+      req.session.user = {};
+      return res.status(401).send("Account has not been authenticated.");
+    }
+
     console.log("Logging in as " + user.displayName);
 
     req.session.user = {

server/scanner.js

@@ -246,8 +246,6 @@ function processBlock(items) {
         created = asset.stats.ctime,
         albumId = asset.album.id;
         
-      console.log(picturesPath, path, file);
-      
       let tmp = Promise.resolve(file);
       /* If this is a Nikon RAW file, convert it to JPG and move to /raw dir */
       if (rawExtension.exec(file)) {
@@ -401,7 +399,7 @@ function scanDir(parent, path) {
       allAssetCount: 0,
       allAlbumCount: 0
     }, albums = [ album ], assets = [];
-
+  
   return new Promise(function(resolve, reject) {
     fs.readdir(path, function(error, files) {
       if (error) {
@@ -496,6 +494,7 @@ function findOrCreateDBAlbum(album) {
       if (!album.parent) {
         console.warn("Creating top level album: " + picturesPath);
       }
+      console.log("album: " + album.path);
       return photoDB.sequelize.query("INSERT INTO albums (path,parentId,name) VALUES(:path,:parentId,:name)", {
         replacements: album
       }).spread(function(results, metadata) {