Add success and error message feedback for user profile operations (#8716)

* mws authentication

* add more tests and permission checkers

* add logic to ensure that only authenticated users' requests are handled

* add custom login page

* Implement user authentication as well as session handling

* work on user operations authorization

* add middleware to route handlers for bags & tiddlers routes

* add feature that only returns the tiddlers and bags which the user has permission to access on index page

* refactor auth routes & added user management page

* fix Ci Test failure issue

* fix users list page, add manage roles page

* add commands and scripts to create new user & assign roles and permissions

* resolved ci-test failure

* add ACL permissions to bags & tiddlers on creation

* fix comments and access control list bug

* fix indentation issues

* working on user profile edit

* remove list users command & added support for database in server options

* implement user profile update and password change feature

* update plugin readme

* implement command which triggers protected mode on the server

* revert server-wide auth flag. Implement selective authorization

* ACL management feature

* Complete Access control list implementation

* Added support to manage users' assigned role by admin

* fix comments

* fix comment

* Add user profile management and account deletion functionality

* add success and error message feedback for user profile operations

* fix indentation issues

* Add command to create admin user if none exists when the start command is executed

* refactor annonymous user flow with create admin implementation

* remove mws-add-user from start command

plugins/tiddlywiki/multiwikiserver/modules/routes/handlers/change-user-password.js

@@ -22,28 +22,44 @@ exports.bodyFormat = "www-form-urlencoded";
 exports.csrfDisable = true;
 
 exports.handler = function (request, response, state) {
+  var userId = state.data.userId;
+  // Clean up any existing error/success messages
+  $tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/change-password/" + userId + "/error");
+  $tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/change-password/" + userId + "/success");
+  $tw.mws.store.adminWiki.deleteTiddler("$:/temp/mws/login/error");
+
   if(!state.authenticatedUser) {
-    response.writeHead(401, "Unauthorized", { "Content-Type": "text/plain" });
-    response.end("Unauthorized");
+    $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+      title: "$:/temp/mws/login/error",
+      text: "You must be logged in to change passwords"
+    }));
+    response.writeHead(302, { "Location": "/login" });
+    response.end();
     return;
   }
-  var auth = authenticator(state.server.sqlTiddlerDatabase);
 
-  var userId = state.data.userId;
+  var auth = authenticator(state.server.sqlTiddlerDatabase);
   var newPassword = state.data.newPassword;
   var confirmPassword = state.data.confirmPassword;
   var currentUserId = state.authenticatedUser.user_id;
 
-  var hasPermission = ($tw.utils.parseInt(userId, 10) === currentUserId) || state.authenticatedUser.isAdmin;
+  var hasPermission = ($tw.utils.parseInt(userId) === currentUserId) || state.authenticatedUser.isAdmin;
 
   if(!hasPermission) {
-    response.writeHead(403, "Forbidden", { "Content-Type": "text/plain" });
-    response.end("Forbidden");
+    $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+      title: "$:/temp/mws/change-password/" + userId + "/error",
+      text: "You don't have permission to change this user's password"
+    }));
+    response.writeHead(302, { "Location": "/admin/users/" + userId });
+    response.end();
     return;
   }
 
   if(newPassword !== confirmPassword) {
-    response.setHeader("Set-Cookie", "flashMessage=New passwords do not match; Path=/; HttpOnly; Max-Age=5");
+    $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+      title: "$:/temp/mws/change-password/" + userId + "/error",
+      text: "New passwords do not match"
+    }));
     response.writeHead(302, { "Location": "/admin/users/" + userId });
     response.end();
     return;
@@ -52,7 +68,10 @@ exports.handler = function (request, response, state) {
   var userData = state.server.sqlTiddlerDatabase.getUser(userId);
 
   if(!userData) {
-    response.setHeader("Set-Cookie", "flashMessage=User not found; Path=/; HttpOnly; Max-Age=5");
+    $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+      title: "$:/temp/mws/change-password/" + userId + "/error",
+      text: "User not found"
+    }));
     response.writeHead(302, { "Location": "/admin/users/" + userId });
     response.end();
     return;
@@ -61,7 +80,10 @@ exports.handler = function (request, response, state) {
   var newHash = auth.hashPassword(newPassword);
   var result = state.server.sqlTiddlerDatabase.updateUserPassword(userId, newHash);
 
-  response.setHeader("Set-Cookie", `flashMessage=${result.message}; Path=/; HttpOnly; Max-Age=5`);
+  $tw.mws.store.adminWiki.addTiddler(new $tw.Tiddler({
+    title: "$:/temp/mws/change-password/" + userId + "/success",
+    text: result.message
+  }));
   response.writeHead(302, { "Location": "/admin/users/" + userId });
   response.end();
 };