codecombat/server/routes/auth.coffee

authentication = require 'passport'
LocalStrategy = require('passport-local').Strategy
User = require '../users/User'
UserHandler = require '../users/user_handler'
LevelSession = require '../levels/sessions/LevelSession'
config = require '../../server_config'
errors = require '../commons/errors'
languages = require '../routes/languages'
sendwithus = require '../sendwithus'

module.exports.setup = (app) ->
  authentication.serializeUser((user, done) -> done(null, user._id))
  authentication.deserializeUser((id, done) ->
    User.findById(id, (err, user) -> done(err, user)))

  authentication.use(new LocalStrategy(
    (username, password, done) ->

      # kind of a hacky way to make it possible for iPads to 'log in' with their unique device id
      if username.length is 36 and '@' not in username # must be an identifier for vendor
        q = { iosIdentifierForVendor: username }
      else
        q = { emailLower: username.toLowerCase() }

      User.findOne(q).exec((err, user) ->
        return done(err) if err
        return done(null, false, {message: 'not found', property: 'email'}) if not user
        passwordReset = (user.get('passwordReset') or '').toLowerCase()
        if passwordReset and password.toLowerCase() is passwordReset
          User.update {_id: user.get('_id')}, {passwordReset: ''}, {}, ->
          return done(null, user)

        hash = User.hashPassword(password)
        unless user.get('passwordHash') is hash
          return done(null, false, {message: 'is wrong', property: 'password'})
        return done(null, user)
      )
  ))

  app.post '/auth/spy', (req, res, next) ->
    if req?.user?.isAdmin()
      target = req.body.nameOrEmailLower
      return errors.badInput res, 'Specify a username or email to espionage.' unless target
      query = $or: [{nameLower: target}, {emailLower: target}]
      User.findOne query, (err, user) ->
        if err? then return errors.serverError res, 'There was an error finding the specified user'
        unless user then return errors.badInput res, 'The specified user couldn\'t be found'
        req.logIn user, (err) ->
          if err? then return errors.serverError res, 'There was an error logging in with the specified user'
          res.send(UserHandler.formatEntity(req, user))
          return res.end()
    else
      return errors.unauthorized res, 'You must be an admin to enter espionage mode'

  app.post('/auth/login', (req, res, next) ->
    authentication.authenticate('local', (err, user, info) ->
      return next(err) if err
      if not user
        return errors.unauthorized(res, [{message: info.message, property: info.property}])

      req.logIn(user, (err) ->
        return next(err) if (err)
        activity = req.user.trackActivity 'login', 1
        user.update {activity: activity}, (err) ->
          return next(err) if (err)
          res.send(UserHandler.formatEntity(req, req.user))
          return res.end()
      )
    )(req, res, next)
  )

  app.get('/auth/whoami', (req, res) ->
    if req.user
      sendSelf(req, res)
    else
      user = makeNewUser(req)
      makeNext = (req, res) -> -> sendSelf(req, res)
      next = makeNext(req, res)
      loginUser(req, res, user, false, next)
  )

  sendSelf = (req, res) ->
    res.setHeader('Content-Type', 'text/json')
    if req.query.callback
      res.jsonp UserHandler.formatEntity(req, req.user, true)
    else
      res.send UserHandler.formatEntity(req, req.user, false)
    res.end()

  app.post('/auth/logout', (req, res) ->
    req.logout()
    res.end()
  )

  app.post('/auth/reset', (req, res) ->
    unless req.body.email
      return errors.badInput(res, [{message: 'Need an email specified.', property: 'email'}])

    User.findOne({emailLower: req.body.email.toLowerCase()}).exec((err, user) ->
      if not user
        return errors.notFound(res, [{message: 'not found', property: 'email'}])

      user.set('passwordReset', Math.random().toString(36).slice(2, 7).toUpperCase())
      user.save (err) =>
        return errors.serverError(res) if err
        unless config.unittest
          context =
            email_id: sendwithus.templates.generic_email
            recipient:
              address: req.body.email
            email_data:
              subject: 'CodeCombat Recovery Password'
              title: 'Recovery Password'
              content: "<p>Your CodeCombat recovery password for email #{req.body.email} is: #{user.get('passwordReset')}</p><p>Log in at <a href=\"http://codecombat.com/account/settings\">http://codecombat.com/account/settings</a> and change it.</p><p>Hope this helps!</p>"
          sendwithus.api.send context, (err, result) ->
            if err
              console.error "Error sending password reset email: #{err.message or err}"
              return errors.serverError(res) if err
            else
              return res.end()
        else
          console.log 'password is', user.get('passwordReset')
          res.send user.get('passwordReset')
          return res.end()
    )
  )

  app.get '/auth/unsubscribe', (req, res) ->
    req.query.email = decodeURIComponent(req.query.email)
    email = req.query.email
    unless req.query.email
      return errors.badInput res, 'No email provided to unsubscribe.'

    if req.query.session
      # Unsubscribe from just one session's notifications instead.
      return LevelSession.findOne({_id: req.query.session}).exec (err, session) ->
        return errors.serverError res, 'Could not unsubscribe: #{req.query.session}, #{req.query.email}: #{err}' if err
        session.set 'unsubscribed', true
        session.save (err) ->
          return errors.serverError res, 'Database failure.' if err
          res.send "Unsubscribed #{req.query.email} from CodeCombat emails for #{session.get('levelName')} #{session.get('team')} ladder updates. Sorry to see you go! <p><a href='/play/ladder/#{session.levelID}#my-matches'>Ladder preferences</a></p>"
          res.end()

    User.findOne({emailLower: req.query.email.toLowerCase()}).exec (err, user) ->
      if not user
        return errors.notFound res, "No user found with email '#{req.query.email}'"

      emails = _.clone(user.get('emails')) or {}
      msg = ''

      if req.query.recruitNotes
        emails.recruitNotes ?= {}
        emails.recruitNotes.enabled = false
        msg = "Unsubscribed #{req.query.email} from recruiting emails."
      else if req.query.employerNotes
        emails.employerNotes ?= {}
        emails.employerNotes.enabled = false

        msg = "Unsubscribed #{req.query.email} from employer emails."
      else
        msg = "Unsubscribed #{req.query.email} from all CodeCombat emails. Sorry to see you go!"
        emailSettings.enabled = false for emailSettings in _.values(emails)
        emails.generalNews ?= {}
        emails.generalNews.enabled = false
        emails.anyNotes ?= {}
        emails.anyNotes.enabled = false

      user.update {$set: {emails: emails}}, {}, =>
        return errors.serverError res, 'Database failure.' if err
        res.send msg + '<p><a href="/account/settings">Account settings</a></p>'
        res.end()

  app.get '/auth/name*', (req, res) ->
    parts = req.path.split '/'
    originalName = decodeURI parts[3]
    return errors.badInput res, 'No name provided.' unless parts.length > 3 and originalName? and originalName isnt ''
    return errors.notFound res if parts.length isnt 4

    User.unconflictName originalName, (err, name) ->
      return errors.serverError res, err if err
      response = name: name
      if originalName is name
        res.send 200, response
      else
        errors.conflict res, response


module.exports.loginUser = loginUser = (req, res, user, send=true, next=null) ->
  user.save((err) ->
    return errors.serverError res, err if err?

    req.logIn(user, (err) ->
      return errors.serverError res, err if err?
      return res.send(user) and res.end() if send
      next() if next
    )
  )

module.exports.makeNewUser = makeNewUser = (req) ->
  user = new User({anonymous: true})
  user.set 'testGroupNumber', Math.floor(Math.random() * 256)  # also in app/lib/auth
  lang = languages.languageCodeFromAcceptedLanguages req.acceptedLanguages
  user.set 'preferredLanguage', lang if lang[...2] isnt 'en'
  user.set 'lastIP', req.connection.remoteAddress
  user.set 'chinaVersion', true if req.chinaVersion
  user
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`authentication = require 'passport'`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`LocalStrategy = require('passport-local').Strategy`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`User = require '../users/User'`
			`UserHandler = require '../users/user_handler'`
Improved my-matches rank history and name fetching, ladder update emails, ladder update unsubscribes. 2014-03-11 00:30:46 -04:00			`LevelSession = require '../levels/sessions/LevelSession'`
server : move routes files (HTTP endpoint) in a new "routes" folder 2014-01-22 15:46:44 -05:00			`config = require '../../server_config'`
server reorganize files and folder by features - move and rename files - use associative arrays which store handlers for 'dynamically' load module from de db route - store models_path in test/server/common, a global model variable has the same name that the filename of the model 2014-01-22 17:57:41 -05:00			`errors = require '../commons/errors'`
Refactored user creation to /auth/whoami, and made the app call that first, so only one user is created. Fixed #318. Think this also fixes #406. 2014-02-24 14:12:52 -05:00			`languages = require '../routes/languages'`
Worked around unstable Zoho mail dependencies by switching password recovery and contact emails to Sendwithus. 2014-12-11 23:06:03 -05:00			`sendwithus = require '../sendwithus'`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
use a mapping for handlers, schemas, and routes 2014-02-04 16:29:13 -05:00			`module.exports.setup = (app) ->`
rename some variables 2014-02-04 17:08:20 -05:00			`authentication.serializeUser((user, done) -> done(null, user._id))`
			`authentication.deserializeUser((id, done) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`User.findById(id, (err, user) -> done(err, user)))`

rename some variables 2014-02-04 17:08:20 -05:00			`authentication.use(new LocalStrategy(`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`(username, password, done) ->`
Hiding some ThangTypes from view in level editor. 2014-11-29 13:34:04 -05:00
Added the ability to assign a user an iOS UDID, and login with it. 2014-11-20 18:54:15 -05:00			`# kind of a hacky way to make it possible for iPads to 'log in' with their unique device id`
Changed UDID to identifierForVendor 2014-11-20 20:03:24 -05:00			`if username.length is 36 and '@' not in username # must be an identifier for vendor`
			`q = { iosIdentifierForVendor: username }`
Added the ability to assign a user an iOS UDID, and login with it. 2014-11-20 18:54:15 -05:00			`else`
			`q = { emailLower: username.toLowerCase() }`
Hiding some ThangTypes from view in level editor. 2014-11-29 13:34:04 -05:00
Added the ability to assign a user an iOS UDID, and login with it. 2014-11-20 18:54:15 -05:00			`User.findOne(q).exec((err, user) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`return done(err) if err`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`return done(null, false, {message: 'not found', property: 'email'}) if not user`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`passwordReset = (user.get('passwordReset') or '').toLowerCase()`
			`if passwordReset and password.toLowerCase() is passwordReset`
			`User.update {_id: user.get('_id')}, {passwordReset: ''}, {}, ->`
			`return done(null, user)`
Improved my-matches rank history and name fetching, ladder update emails, ladder update unsubscribes. 2014-03-11 00:30:46 -04:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`hash = User.hashPassword(password)`
			`unless user.get('passwordHash') is hash`
Update auth.coffee 2015-01-08 14:27:37 -05:00			`return done(null, false, {message: 'is wrong', property: 'password'})`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`return done(null, user)`
			`)`
			`))`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00
Implemented espionage mode 2014-02-26 17:14:43 -05:00			`app.post '/auth/spy', (req, res, next) ->`
			`if req?.user?.isAdmin()`
Made espionage mode simpler, and added an admin user lookup. 2014-08-30 20:09:57 -04:00			`target = req.body.nameOrEmailLower`
			`return errors.badInput res, 'Specify a username or email to espionage.' unless target`
			`query = $or: [{nameLower: target}, {emailLower: target}]`
Implemented espionage mode 2014-02-26 17:14:43 -05:00			`User.findOne query, (err, user) ->`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`if err? then return errors.serverError res, 'There was an error finding the specified user'`
			`unless user then return errors.badInput res, 'The specified user couldn\'t be found'`
Implemented espionage mode 2014-02-26 17:14:43 -05:00			`req.logIn user, (err) ->`
Made espionage mode simpler, and added an admin user lookup. 2014-08-30 20:09:57 -04:00			`if err? then return errors.serverError res, 'There was an error logging in with the specified user'`
Implemented espionage mode 2014-02-26 17:14:43 -05:00			`res.send(UserHandler.formatEntity(req, user))`
			`return res.end()`
			`else`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`return errors.unauthorized res, 'You must be an admin to enter espionage mode'`
Improved my-matches rank history and name fetching, ladder update emails, ladder update unsubscribes. 2014-03-11 00:30:46 -04:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`app.post('/auth/login', (req, res, next) ->`
rename some variables 2014-02-04 17:08:20 -05:00			`authentication.authenticate('local', (err, user, info) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`return next(err) if err`
			`if not user`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`return errors.unauthorized(res, [{message: info.message, property: info.property}])`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
			`req.logIn(user, (err) ->`
			`return next(err) if (err)`
Added employer_list and activity tracking. 2014-06-10 19:30:07 -04:00			`activity = req.user.trackActivity 'login', 1`
			`user.update {activity: activity}, (err) ->`
			`return next(err) if (err)`
			`res.send(UserHandler.formatEntity(req, req.user))`
			`return res.end()`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`)`
			`)(req, res, next)`
			`)`

			`app.get('/auth/whoami', (req, res) ->`
Refactored user creation to /auth/whoami, and made the app call that first, so only one user is created. Fixed #318. Think this also fixes #406. 2014-02-24 14:12:52 -05:00			`if req.user`
			`sendSelf(req, res)`
			`else`
Refactored user authentication again. Now the user object is inserted into main.html, which was renamed from index.html so the express static middleware wouldn't serve it. 2014-04-02 16:12:24 -04:00			`user = makeNewUser(req)`
Refactored user creation to /auth/whoami, and made the app call that first, so only one user is created. Fixed #318. Think this also fixes #406. 2014-02-24 14:12:52 -05:00			`makeNext = (req, res) -> -> sendSelf(req, res)`
			`next = makeNext(req, res)`
			`loginUser(req, res, user, false, next)`
			`)`

			`sendSelf = (req, res) ->`
			`res.setHeader('Content-Type', 'text/json')`
Added basic JSONP support for /auth/whoami public properties. 2014-09-22 17:56:02 -04:00			`if req.query.callback`
			`res.jsonp UserHandler.formatEntity(req, req.user, true)`
			`else`
			`res.send UserHandler.formatEntity(req, req.user, false)`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`res.end()`
Refactored user creation to /auth/whoami, and made the app call that first, so only one user is created. Fixed #318. Think this also fixes #406. 2014-02-24 14:12:52 -05:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`app.post('/auth/logout', (req, res) ->`
			`req.logout()`
			`res.end()`
			`)`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`app.post('/auth/reset', (req, res) ->`
			`unless req.body.email`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`return errors.badInput(res, [{message: 'Need an email specified.', property: 'email'}])`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`User.findOne({emailLower: req.body.email.toLowerCase()}).exec((err, user) ->`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`if not user`
Removed unnecessary full stop 2015-06-02 16:34:01 -04:00			`return errors.notFound(res, [{message: 'not found', property: 'email'}])`
Improved my-matches rank history and name fetching, ladder update emails, ladder update unsubscribes. 2014-03-11 00:30:46 -04:00
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`user.set('passwordReset', Math.random().toString(36).slice(2, 7).toUpperCase())`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`user.save (err) =>`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`return errors.serverError(res) if err`
Worked around unstable Zoho mail dependencies by switching password recovery and contact emails to Sendwithus. 2014-12-11 23:06:03 -05:00			`unless config.unittest`
			`context =`
			`email_id: sendwithus.templates.generic_email`
			`recipient:`
			`address: req.body.email`
			`email_data:`
			`subject: 'CodeCombat Recovery Password'`
			`title: 'Recovery Password'`
			`content: "<p>Your CodeCombat recovery password for email #{req.body.email} is: #{user.get('passwordReset')}</p><p>Log in at <a href=\"http://codecombat.com/account/settings\">http://codecombat.com/account/settings</a> and change it.</p><p>Hope this helps!</p>"`
			`sendwithus.api.send context, (err, result) ->`
			`if err`
			`console.error "Error sending password reset email: #{err.message or err}"`
refactor server http errors - error.coffee centralize all http errors response - unauthorized = 401 and forbiden = 403 2014-01-14 17:13:47 -05:00			`return errors.serverError(res) if err`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`else`
			`return res.end()`
Fixed account recovery on dev server. 2014-01-06 15:14:12 -05:00			`else`
Server console outputs recovery password if in development. 2014-05-09 19:33:06 -04:00			`console.log 'password is', user.get('passwordReset')`
add server auth test (reset password) 2014-02-02 18:02:47 -05:00			`res.send user.get('passwordReset')`
Fixed account recovery on dev server. 2014-01-06 15:14:12 -05:00			`return res.end()`
Ready for action, sir! 2014-01-03 13:32:13 -05:00			`)`
			`)`
Improved my-matches rank history and name fetching, ladder update emails, ladder update unsubscribes. 2014-03-11 00:30:46 -04:00
Made espionage mode simpler, and added an admin user lookup. 2014-08-30 20:09:57 -04:00			`app.get '/auth/unsubscribe', (req, res) ->`
Encode/decode emails as URIs This helps to handle special characters like plusses. 2014-07-16 22:46:06 -04:00			`req.query.email = decodeURIComponent(req.query.email)`
Added unsubscribe view. 2014-01-17 13:47:42 -05:00			`email = req.query.email`
			`unless req.query.email`
			`return errors.badInput res, 'No email provided to unsubscribe.'`
Improved my-matches rank history and name fetching, ladder update emails, ladder update unsubscribes. 2014-03-11 00:30:46 -04:00
			`if req.query.session`
			`# Unsubscribe from just one session's notifications instead.`
			`return LevelSession.findOne({_id: req.query.session}).exec (err, session) ->`
			`return errors.serverError res, 'Could not unsubscribe: #{req.query.session}, #{req.query.email}: #{err}' if err`
			`session.set 'unsubscribed', true`
			`session.save (err) ->`
			`return errors.serverError res, 'Database failure.' if err`
Fixed #1952 (unsubscribing from specific ladder update emails). 2014-12-17 22:38:11 -05:00			`res.send "Unsubscribed #{req.query.email} from CodeCombat emails for #{session.get('levelName')} #{session.get('team')} ladder updates. Sorry to see you go! <p><a href='/play/ladder/#{session.levelID}#my-matches'>Ladder preferences</a></p>"`
Improved my-matches rank history and name fetching, ladder update emails, ladder update unsubscribes. 2014-03-11 00:30:46 -04:00			`res.end()`
Made espionage mode simpler, and added an admin user lookup. 2014-08-30 20:09:57 -04:00
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`User.findOne({emailLower: req.query.email.toLowerCase()}).exec (err, user) ->`
Added unsubscribe view. 2014-01-17 13:47:42 -05:00			`if not user`
			`return errors.notFound res, "No user found with email '#{req.query.email}'"`

Migrated to the new email system, along with a setting for recruit notifications. 2014-04-21 19:15:23 -04:00			`emails = _.clone(user.get('emails')) or {}`
Added an unsubscribe url for recruit notifications. 2014-04-22 22:27:39 -04:00			`msg = ''`
Added employer_list and activity tracking. 2014-06-10 19:30:07 -04:00
Added an unsubscribe url for recruit notifications. 2014-04-22 22:27:39 -04:00			`if req.query.recruitNotes`
			`emails.recruitNotes ?= {}`
			`emails.recruitNotes.enabled = false`
			`msg = "Unsubscribed #{req.query.email} from recruiting emails."`
Hard code mail tasks and add unsubscribe 2014-07-16 19:37:06 -04:00			`else if req.query.employerNotes`
			`emails.employerNotes ?= {}`
			`emails.employerNotes.enabled = false`
Made espionage mode simpler, and added an admin user lookup. 2014-08-30 20:09:57 -04:00
Hard code mail tasks and add unsubscribe 2014-07-16 19:37:06 -04:00			`msg = "Unsubscribed #{req.query.email} from employer emails."`
Added an unsubscribe url for recruit notifications. 2014-04-22 22:27:39 -04:00			`else`
			`msg = "Unsubscribed #{req.query.email} from all CodeCombat emails. Sorry to see you go!"`
			`emailSettings.enabled = false for emailSettings in _.values(emails)`
			`emails.generalNews ?= {}`
			`emails.generalNews.enabled = false`
			`emails.anyNotes ?= {}`
			`emails.anyNotes.enabled = false`
Added employer_list and activity tracking. 2014-06-10 19:30:07 -04:00
Added an unsubscribe url for recruit notifications. 2014-04-22 22:27:39 -04:00			`user.update {$set: {emails: emails}}, {}, =>`
Added unsubscribe view. 2014-01-17 13:47:42 -05:00			`return errors.serverError res, 'Database failure.' if err`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`res.send msg + '<p><a href="/account/settings">Account settings</a></p>'`
Added unsubscribe view. 2014-01-17 13:47:42 -05:00			`res.end()`
Ready for action, sir! 2014-01-03 13:32:13 -05:00
Worked in scott's comments and got tests working again 2014-07-14 14:05:03 -04:00			`app.get '/auth/name*', (req, res) ->`
GET /auth/name/<name> now serves possible free names 2014-07-10 14:50:16 -04:00			`parts = req.path.split '/'`
Worked in scott's comments and got tests working again 2014-07-14 14:05:03 -04:00			`originalName = decodeURI parts[3]`
			`return errors.badInput res, 'No name provided.' unless parts.length > 3 and originalName? and originalName isnt ''`
GET /auth/name/<name> now serves possible free names 2014-07-10 14:50:16 -04:00			`return errors.notFound res if parts.length isnt 4`

			`User.unconflictName originalName, (err, name) ->`
			`return errors.serverError res, err if err`
			`response = name: name`
			`if originalName is name`
			`res.send 200, response`
			`else`
			`errors.conflict res, response`


Refactored user authentication again. Now the user object is inserted into main.html, which was renamed from index.html so the express static middleware wouldn't serve it. 2014-04-02 16:12:24 -04:00			`module.exports.loginUser = loginUser = (req, res, user, send=true, next=null) ->`
			`user.save((err) ->`
Corrected sending errors in auth 2014-07-10 04:07:36 -04:00			`return errors.serverError res, err if err?`
Refactored user authentication again. Now the user object is inserted into main.html, which was renamed from index.html so the express static middleware wouldn't serve it. 2014-04-02 16:12:24 -04:00
			`req.logIn(user, (err) ->`
Corrected sending errors in auth 2014-07-10 04:07:36 -04:00			`return errors.serverError res, err if err?`
GET /auth/name/<name> now serves possible free names 2014-07-10 14:50:16 -04:00			`return res.send(user) and res.end() if send`
Refactored user authentication again. Now the user object is inserted into main.html, which was renamed from index.html so the express static middleware wouldn't serve it. 2014-04-02 16:12:24 -04:00			`next() if next`
			`)`
			`)`

			`module.exports.makeNewUser = makeNewUser = (req) ->`
Clean up mixed quotes 2014-06-30 22:16:26 -04:00			`user = new User({anonymous: true})`
Refactored user authentication again. Now the user object is inserted into main.html, which was renamed from index.html so the express static middleware wouldn't serve it. 2014-04-02 16:12:24 -04:00			`user.set 'testGroupNumber', Math.floor(Math.random() * 256) # also in app/lib/auth`
Tweaked how the I18N editor works to guard against garbage English submissions and make the chosen language more consistent. 2014-11-25 19:20:41 -05:00			`lang = languages.languageCodeFromAcceptedLanguages req.acceptedLanguages`
			`user.set 'preferredLanguage', lang if lang[...2] isnt 'en'`
Fix #1005 2014-09-22 02:02:06 -04:00			`user.set 'lastIP', req.connection.remoteAddress`
Implementing alternative pricing with Alipay in China to support dedicated China server. 2015-03-23 18:26:44 -04:00			`user.set 'chinaVersion', true if req.chinaVersion`
Fix for anonymous user signups. 2015-03-23 19:38:12 -04:00			`user`