From 28d3b799c6ee6947d944ab41335c9e50205a7c82 Mon Sep 17 00:00:00 2001
From: Menci <HuangHaoRui301@Gmail.com>
Date: Sat, 18 Mar 2017 02:23:46 +0800
Subject: [PATCH] Allow admin to edit username

---
 modules/api.js      |  2 +-
 modules/user.js     |  7 +++++
 utility.js          |  3 ++
 views/user_edit.ejs | 68 ++++++++++++++++++++++++---------------------
 4 files changed, 47 insertions(+), 33 deletions(-)

diff --git a/modules/api.js b/modules/api.js
index dbd45b5..bb7013e 100644
--- a/modules/api.js
+++ b/modules/api.js
@@ -55,7 +55,7 @@ app.post('/api/sign_up', async (req, res) => {
     let syzoj2_xxx_md5 = '59cb65ba6f9ad18de0dcd12d5ae11bd2';
     if (req.body.password === syzoj2_xxx_md5) throw 2007;
     if (!(req.body.email = req.body.email.trim())) throw 2006;
-    if (!/^[a-zA-Z0-9\-\_]+$/.test(req.body.username)) throw 2002;
+    if (!syzoj.utils.isValidUsername(req.body.username)) throw 2002;
 
     user = await User.create({
       username: req.body.username,
diff --git a/modules/user.js b/modules/user.js
index ee01ee2..dc502c4 100644
--- a/modules/user.js
+++ b/modules/user.js
@@ -142,12 +142,19 @@ app.post('/user/:id/edit', async (req, res) => {
       user.password = req.body.new_password;
     }
 
+    if (res.locals.user.is_admin) {
+      if (!syzoj.utils.isValidUsername(req.body.username)) throw 'Invalid username.';
+      user.username = req.body.username;
+    }
+
     user.email = req.body.email;
     user.information = req.body.information;
     user.sex = req.body.sex;
 
     await user.save();
 
+    if (user.id === res.locals.user.id) res.locals.user = user;
+
     res.render('user_edit', {
       edited_user: user,
       error_info: 'Success'
diff --git a/utility.js b/utility.js
index ee7e9df..ce8a399 100644
--- a/utility.js
+++ b/utility.js
@@ -257,5 +257,8 @@ module.exports = {
       },
       json: true
     });
+  },
+  isValidUsername(s) {
+    return /^[a-zA-Z0-9\-\_]+$/.test(s);
   }
 };
diff --git a/views/user_edit.ejs b/views/user_edit.ejs
index 0221448..c03a95c 100644
--- a/views/user_edit.ejs
+++ b/views/user_edit.ejs
@@ -2,43 +2,47 @@
 <% include header %>
 <div class="padding">
     <div class="ui <% if (error_info == 'Success') { %>success<% } else { %>error<% } %> message" id="error" <% if (!error_info) { %>hidden<% } %>>
-            <% if (error_info) {
-                if (error_info == 'Success') error_info = '修改成功';
-            %>
-            	<p id="error_info"><%= error_info %></p>
-            <% } %>
+      <% if (error_info) {
+          if (error_info == 'Success') error_info = '修改成功';
+      %>
+      	<p id="error_info"><%= error_info %></p>
+      <% } %>
     </div>
 		<form class="ui form" action="<%= syzoj.utils.makeUrl(['user', edited_user.id, 'edit']) %>" method="post" onsubmit="return check()">
-            <div class="field">
-		    	<label for="sex">性别</label>
-		    	<select class="ui dropdown" name="sex">
-                    <option value="0" <%= edited_user.sex == 0 ? 'selected': '' %>>其它</option>
-                    <option value="1" <%= edited_user.sex == 1 ? 'selected': '' %>>男</option>
-                    <option value="-1" <%= edited_user.sex == -1 ? 'selected': '' %>>女</option>
-                </select>
-		    </div>
-		    <div class="field">
-		    	<label for="email">Email</label>
-		    	<input type="email" id="email" name="email" value="<%= edited_user.email %>">
-		    </div>
-		    <div class="field">
-		    	<label for="information">个性签名</label>
-		    	<textarea rows="5" id="information" name="information"><%= edited_user.information %></textarea>
-		    </div>
+      <div class="field">
+	    	<label for="username">用户名</label>
+	    	<input type="text" id="username" name="username" value="<%= edited_user.username %>"<% if (!user.is_admin) { %> readonly<% } %>>
+	    </div>
+      <div class="field">
+	    	<label for="sex">性别</label>
+	    	<select class="ui dropdown" name="sex">
+          <option value="0" <%= edited_user.sex == 0 ? 'selected': '' %>>其它</option>
+          <option value="1" <%= edited_user.sex == 1 ? 'selected': '' %>>男</option>
+          <option value="-1" <%= edited_user.sex == -1 ? 'selected': '' %>>女</option>
+        </select>
+	    </div>
+	    <div class="field">
+	    	<label for="email">Email</label>
+	    	<input type="email" id="email" name="email" value="<%= edited_user.email %>">
+	    </div>
+	    <div class="field">
+	    	<label for="information">个性签名</label>
+	    	<textarea rows="5" id="information" name="information"><%= edited_user.information %></textarea>
+	    </div>
+      <div class="field">
+      <label class="ui header">修改密码</label>
+        <input type="password" placeholder="原密码（留空则不修改）" name="old_password" id="old_password">
+      </div>
+      <div class="two fields" id="new_password_field">
         <div class="field">
-        <label class="ui header">修改密码</label>
-          <input type="password" placeholder="原密码（留空则不修改）" name="old_password" id="old_password">
+          <input type="password" placeholder="新密码" name="new_password" id="password1">
         </div>
-        <div class="two fields" id="new_password_field">
-          <div class="field">
-            <input type="password" placeholder="新密码" name="new_password" id="password1">
-          </div>
-          <div class="field">
-            <input type="password" placeholder="确认密码" id="password2">
-          </div>
+        <div class="field">
+          <input type="password" placeholder="确认密码" id="password2">
         </div>
-        <button type="submit" class="ui button">修改</button>
-        <a href="<%= syzoj.utils.makeUrl(['user', edited_user.id]) %>" class="ui blue button">返回个人资料</a>
+      </div>
+      <button type="submit" class="ui button">修改</button>
+      <a href="<%= syzoj.utils.makeUrl(['user', edited_user.id]) %>" class="ui blue button">返回个人资料</a>
 		</form>
 	</div>
 </div>