From 261cb1ebb10f3a245e2e55f3e1fe0a5a46c92e05 Mon Sep 17 00:00:00 2001
From: inkletblot <solomonlaing@protonmail.com>
Date: Fri, 14 Feb 2020 15:58:31 +1030
Subject: [PATCH] updated all posts to use formdata for security and also to
 send session information/catch session failures.

---
 scripts/auth.controllers.js | 43 +++++++++++++++++++++------------
 scripts/forum.controller.js | 47 +++++++++++++++++++++++++++++++++----
 scripts/main.js             |  5 ++--
 views/signup.html           |  8 +++----
 4 files changed, 78 insertions(+), 25 deletions(-)

diff --git a/scripts/auth.controllers.js b/scripts/auth.controllers.js
index 4bff817..ca74d2c 100644
--- a/scripts/auth.controllers.js
+++ b/scripts/auth.controllers.js
@@ -53,7 +53,7 @@ daddy.controller("loginCtrlr", function($scope, $cookies, $location, $http, stat
 
 })
 
-daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
+daddy.controller("signupCtrlr", function($scope, $http, $location, $timeout, stateData) {
 
     let titles = {
         form : "Sign up here!",
@@ -82,14 +82,16 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
         $scope.userExists()
         $scope.passwordsMatch()
         $scope.emailGood()
-        
-        if ($scope.match && !$scope.exists && $scope.goodemail) {
-            $scope.status = false
-            $scope.submit()
-        } else {
-            $scope.status = true
-            $scope.signupStatus = "Please correct errors above."
-        }
+
+        $timeout(function() {        
+            if ($scope.match && !$scope.exists && $scope.goodemail) {
+                $scope.status = false
+                $scope.submit()
+            } else {
+                $scope.status = true
+                $scope.signupStatus = "Please correct errors above."
+            }
+        }, 1000)
     }
 
     $scope.emailGood = () => {
@@ -113,9 +115,16 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
     }
 
     $scope.submit = () => {
+        let formData = new FormData()
+        formData.append('userName', $scope.user.username)
+        formData.append('userPass', $scope.user.password)
+        formData.append('userEmail', $scope.user.email)
         $http({
-            url : server + "/auth/signup?userName=" + $scope.user.username + "&userPass=" + $scope.user.password + "&userEmail=" + $scope.user.email,
-            method : "POST"
+            url : server + "/auth/signup",
+            method : "POST",
+            data : formData,
+            headers : { 'Content-Type' : undefined },
+            transformRequest : angular.identity
         }).then((res) => {
             if (res.status == 200) {
                 console.log("user created successfully")
@@ -135,9 +144,14 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
 
     $scope.userExists =  () => {
         console.log("checking username is used?")
+        let formData = new FormData()
+        formData.append('userName', $scope.user.username)
         $http({
-            url : server + "/auth/exists?userName=" + $scope.user.username,
-            method : "POST"
+            url : server + "/auth/exists",
+            method : "POST",
+            data : formData,
+            headers : { 'Content-Type' : undefined },
+            transformRequest : angular.identity
         }).then((res) => {
             if (res.status == 200) {
                 console.log(res.data)
@@ -154,6 +168,5 @@ daddy.controller("signupCtrlr", function($scope, $http, $location, stateData) {
                 console.log ("something went wrong")
             }
         })
-    }
-    
+    }    
 })
\ No newline at end of file
diff --git a/scripts/forum.controller.js b/scripts/forum.controller.js
index 4290578..e8cace7 100644
--- a/scripts/forum.controller.js
+++ b/scripts/forum.controller.js
@@ -148,6 +148,8 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
     $scope.createTopic = () => {
         console.log("sending new topic to server!!")
         let formData = new FormData()
+        formData.append('user', stateData.state.user.userName)
+        formData.append('sessionID', stateData.state.user.sessionID)
         formData.append('topicSubject', $scope.topic.topicSubject)
         formData.append('topicCat', $scope.topic.topicCat)
         formData.append('userNo', stateData.state.user.userNo)
@@ -166,6 +168,10 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
             if (res.status == 500) {
                 console.log("something went wrong: " + res.data)
                 $scope.status.text = "Something went wrong: " + res.status
+            } else if (res.status == 403) {
+                console.log("something went worng: " + res.data)
+                $scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
+                stateData.logOut()
             }
         })
     }
@@ -173,6 +179,8 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
     $scope.createPost = (postContent, topicNo) => {
         console.log("sending new post to server")
         let formData = new FormData()
+        formData.append('user', stateData.state.user.userName)
+        formData.append('sessionID', stateData.state.user.sessionID)
         formData.append('postContent', postContent)
         formData.append('topicNo', topicNo)
         formData.append('userNo', stateData.state.user.userNo)
@@ -191,6 +199,10 @@ daddy.controller("createTopicCtrlr", function($scope, $location, $http, stateDat
             if (res.status == 500) {
                 console.log("something went wrong: " + res.data)
                 $scope.status.text = "Something went wrong: " + res.status
+            } else if (res.status == 403) {
+                console.log("something went worng: " + res.data)
+                $scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
+                stateData.logOut()
             }
         })
     }
@@ -241,6 +253,8 @@ daddy.controller("createCategoryCtrlr", function($scope, $http, $location, state
         $scope.status.text = "Adding category..."
 
         let formData = new FormData()
+        formData.append('user', stateData.state.user.userName)
+        formData.append('sessionID', stateData.state.user.sessionID)
         formData.append('catName', $scope.category.catName)
         formData.append('catDescr', $scope.category.catDescr)
 
@@ -260,10 +274,13 @@ daddy.controller("createCategoryCtrlr", function($scope, $http, $location, state
             if (res.status == 500) {
                 console.log("something went wrong: " + res.data)
                 $scope.status.text = "Something went wrong: " + res.status
+            } else if (res.status == 403) {
+                console.log("something went worng: " + res.data)
+                $scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
+                stateData.logOut()
             }
         })
     }
-
 })
 
 daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http, $location, stateData) {
@@ -325,6 +342,8 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
     $scope.makeReply = (topicNo) => {
         console.log("sending new post to server")
         let formData = new FormData()
+        formData.append('user', stateData.state.user.userName)
+        formData.append('sessionID', stateData.state.user.sessionID)
         formData.append('postContent', $scope.reply.postContent)
         formData.append('topicNo', topicNo)
         formData.append('userNo', stateData.state.user.userNo)
@@ -345,6 +364,10 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
                 console.log("something went wrong: ")
                 console.log(res.data)
                 $scope.status.text = "Something went wrong: " + res.status
+            } else if (res.status == 403) {
+                console.log("something went worng: " + res.data)
+                $scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
+                stateData.logOut()
             }
         })
     }
@@ -361,9 +384,16 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
         if (!window.confirm("Are you sure you want to delete this post?")) {
             return
         }
+        let formData = new FormData()
+        formData.append('user', stateData.state.user.userName)
+        formData.append('sessionID', stateData.state.user.sessionID)
+        formData.append("postNo", postNo)
         $http({
-            url : server + "/forum/topic/post/delete?postNo=" + postNo,
-            method : "POST"
+            url : server + "/forum/topic/post/delete",
+            method : "POST",
+            data : formData,
+            headers : { 'Content-Type' : undefined },
+            transformRequest : angular.identity
         }).then((res) => {
             if (res.status == 200) {
                 console.log("post deleted")
@@ -378,6 +408,10 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
                 console.log("something went wrong: ")
                 console.log(res.data)
                 $scope.status.text = "Something went wrong: " + res.status
+            } else if (res.status == 403) {
+                console.log("something went worng: " + res.data)
+                $scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
+                stateData.logOut()
             }
         })
     }
@@ -386,6 +420,8 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
         /* This is incomplete, need to figure out hiding the edit box after edit. Would rather not use timeout. */
         console.log("submitting edited post")
         let formData = new FormData()
+        formData.append('user', stateData.state.user.userName)
+        formData.append('sessionID', stateData.state.user.sessionID)
         formData.append("postNo", postNo)
         formData.append("postContent", postContent)
         $http({
@@ -408,10 +444,13 @@ daddy.controller("topicsCtrlr", function($scope, $routeParams, $timeout, $http,
                 console.log("something went wrong: ")
                 console.log(res.data)
                 $scope.status.text = "Something went wrong: " + res.status
+            } else if (res.status == 403) {
+                console.log("something went worng: " + res.data)
+                $scope.status.text = "Authentication failed. For saftey reasons, you have been logged out, please log in and try again."
+                stateData.logOut()
             }
         })
     }
-
 })
 
 daddy.controller("topicCtrlr", function($scope, $http, $location, stateData) {
diff --git a/scripts/main.js b/scripts/main.js
index c0ecc5c..3aed7c5 100644
--- a/scripts/main.js
+++ b/scripts/main.js
@@ -83,7 +83,6 @@ daddy.controller("navCtrlr", function($scope, $location, $cookies, stateData){
     }
 
     $scope.logOut = () => {
-        $cookies.remove('user')
         stateData.logOut()
     }
 
@@ -106,7 +105,7 @@ daddy.config(function ($routeProvider) {
     $routeProvider.otherwise({template : "<article><section class='item border'><h1>404 ... no clue fam ... try something else?</h1></section></article>"})
 })
 
-daddy.factory('stateData', function(){
+daddy.factory('stateData', function($cookies){
     let state = {
         page : "forum",
         title : "Forum;",
@@ -136,12 +135,14 @@ daddy.factory('stateData', function(){
     }
 
     logOut = () => {
+        $cookies.remove('user')
         state.user.userNo = null
         state.user.userName = null
         state.user.userLevel = 0
     }
 
     setUser = (user) => {
+        state.user.sessionID = user.sessionID
         state.user.userNo = user.userNo
         state.user.userName = user.userName
         state.user.userLevel = user.userLevel
diff --git a/views/signup.html b/views/signup.html
index 3bc8c96..d1e6735 100644
--- a/views/signup.html
+++ b/views/signup.html
@@ -1,4 +1,8 @@
 <article ng-controller="signupCtrlr">
+    <section class="item center border" ng-show="success" style="min-width: 30%;">
+        <h3>{{titles.success}}</h3>
+        <p>{{message.start}} <br /> {{message.line2}} <span class="link" ng-click="setLogin()">{{message.link}}</span> {{message.end}}</p>
+    </section>
     <section class="item center border">
         <h3>{{titles.form}}</h3> <br />
         <form id="signupForm" name="signupForm" ng-submit="signup()" enctype="application/x-www-form-urlencoded">
@@ -16,8 +20,4 @@
         </form>
         <p class="status" ng-show="status">{{signupStatus}}</p>
     </section>
-    <section class="item center border" ng-show="success">
-        <h3>{{titles.success}}</h3>
-        <p>{{message.start}} <br /> {{message.line2}} <span class="link" ng-click="setLogin()">{{message.link}}</span> {{message.end}}</p>
-    </section>
 </article>
\ No newline at end of file