Enable updating user profile

server/api.js

@@ -4,10 +4,15 @@ const pg = require('pg');
 
 module.exports = function createApiRoutes(app) {
 
+  function getOwner(request) {
+    return request.session.currentUser &&
+        request.session.currentUser.userId;
+  }
+
   // GET /api/map/latest
   // Retrieve the current user's most recently edited map
   app.get('/api/map/latest', (request, response) => {
-    const owner = request.session.currentUser.userId;
+    const owner = getOwner(request);
 
     if (!owner) {
       response.sendStatus(403);
@@ -42,7 +47,7 @@ module.exports = function createApiRoutes(app) {
   // Only available to the map owner, all others receive a 404.
   app.get('/api/map/:uuid', (request, response) => {
     const id = request.params.uuid;
-    const owner = request.session.currentUser.userId;
+    const owner = getOwner(request);
 
     // TODO: We will eventually allow sharing, in which case a more granular approach is called for.
     if (!owner) {
@@ -77,7 +82,7 @@ module.exports = function createApiRoutes(app) {
   // Edit a map object
   app.post('/api/map/:uuid', (request, response) => {
     const id = request.params.uuid;
-    const owner = request.session.currentUser.userId;
+    const owner = getOwner(request);
     const data = request.body['data'];
 
     // You must be logged in to edit a map
@@ -117,7 +122,7 @@ module.exports = function createApiRoutes(app) {
   // POST /api/map
   // Create a new map object
   app.post('/api/map', (request, response) => {
-    const owner = request.session.currentUser.userId;
+    const owner = getOwner(request);
     const data = request.body['data'];
 
     // You must be logged in to create a map

server/auth.js

@@ -105,10 +105,7 @@ module.exports = function createAuthRoutes(app) {
     const userId = (request.body.userId || '').toLowerCase();
     const password = request.body.password;
     const confirmPassword = request.body.confirmPassword;
-    const profile = {
-      displayName: request.body.displayName,
-      isEmailOkay: request.body.isEmailOkay === 'true',
-    };
+    const profile = buildProfile(request);
 
     // Username too short
     if (userId.length <= 0) {
@@ -180,6 +177,56 @@ module.exports = function createAuthRoutes(app) {
     });
   });
 
+  // POST /auth/edit
+  // Edit a user
+  // Expects userId
+  // Allows displayName, isEmailOkay
+  app.post('/auth/edit', (request, response) => {
+    if (!request.body) {
+      // Totally malformed
+      response.sendStatus(400);
+      return;
+    }
+
+    const userId = (request.body.userId || '').toLowerCase();
+    const profile = buildProfile(request);
+
+    // Only the signed-in user has permission to edit their profile
+    if (!request.session.currentUser || userId !== request.session.currentUser.userId) {
+      response.sendStatus(403);
+      return;
+    }
+
+    pg.connect(process.env.DATABASE_URL, (err, client, done) => {
+      client.query(
+        'update account set profile = $1 where id = $2',
+        [profile, userId],
+        (err, result) => {
+          done();
+          if (err) {
+            console.error(err);
+            response.status(500).send('Error: ' + err);
+          } else if (result.rowCount < 1) {
+            response.sendStatus(404);
+          } else {
+            request.session.currentUser = Object.assign({}, {userId}, profile);
+            response.json({
+              currentUser: request.session.currentUser,
+              result: `User ${userId} updated`
+            });
+          }
+        }
+      );
+    });
+  });
+
+  function buildProfile(request) {
+    return {
+      displayName: request.body.displayName,
+      isEmailOkay: request.body.isEmailOkay === 'true'
+    };
+  }
+
   // Debug routes
   if (process.env.NODE_ENV !== 'production') {
     // GET /auth/users

src/js/connectMyDots.js

@@ -264,7 +264,18 @@ function populateUserProfileDialog() {
 }
 
 function onSubmitUserProfile() {
-
+  $userProfileDialog.find('.feedback').text('');
+  $.post('/auth/edit', $userProfileDialog.find('form').serialize())
+    .done(data => {
+      toast({
+        text: 'User profile updated',
+        icon: 'success'
+      });
+      $userProfileDialog.find('form')[0].reset();
+      setSignedIn(data.currentUser);
+      $userProfileDialog.dialog('close');
+    })
+    .fail(loginFormErrorHandler($userProfileDialog, () => {}));
 }
 
 function signOut() {
@@ -282,10 +293,8 @@ function onSubmitLoginForm($dialog, url, callback) {
 
 function loginFormSuccessHandler($dialog, callback) {
   return data => {
-    $.toast({
+    toast({
       text: `Signed in as ${displayName(data.currentUser)}.`,
-      showHideTransition: 'fade',
-      position: 'top-center',
       icon: 'success'
     });
     $dialog.find('form')[0].reset();
@@ -309,6 +318,13 @@ function loginFormErrorHandler($dialog, callback) {
   };
 }
 
+function toast(options) {
+  $.toast(Object.assign({}, {
+    showHideTransition: 'fade',
+    position: 'top-center',
+  }, options));
+}
+
 function displayName(user) {
   return user.displayName || user.userId;
 }
@@ -322,18 +338,17 @@ function setSignedIn(user) {
   $header.find('.sign-out-link').show();
 }
 
-function setSignedOut({toast=true} = {}) {
+function setSignedOut({showToast=true} = {}) {
   currentUser = null;
   currentMapId = null;
   $header.find('.greeting').text('Sign in / Sign up');
   $header.find('.sign-in-link').show();
   $header.find('.sign-up-link').show();
   $header.find('.user-profile-link').hide();
   $header.find('.sign-out-link').hide();
-  if (toast) {
-    $.toast({
+  if (showToast) {
+    toast({
       text: 'Signed out.',
-      position: 'top-center',
       icon: 'info'
     });
   }
@@ -358,7 +373,7 @@ $(function () {
   prepareLoginDialogs();
 
   // Check login state on load
-  setSignedOut({toast: false});
+  setSignedOut({showToast: false});
   $.get('/auth/sign-in').done(data => {
     if (data.currentUser) {
       setSignedIn(data.currentUser);