Use favicon and propose Gravatar profile

oguzhalit · Nov 4, 2018 · 07c97cd · 07c97cd
1 parent 9e84528
commit 07c97cd
Show file tree

Hide file tree

Showing 3 changed files with 30 additions and 16 deletions.
diff --git a/models/user.js b/models/user.js
@@ -7,7 +7,7 @@ module.exports = (sequelize, { STRING, BOOLEAN }) => {
  const User = sequelize.define('User', {
  username: {
  type: STRING,
- defaultValue: 'Anonymous'
+ defaultValue: ''
  },
  email: {
  type: STRING,

diff --git a/routes/userProfile.js b/routes/userProfile.js
@@ -2,6 +2,7 @@ const fs = require('fs')
 const models = require('../models/index')
 const insecurity = require('../lib/insecurity')
 const jade = require('jade')
+const config = require('config')
 
 module.exports = function getUserProfile () {
  return (req, res, next) => {
@@ -10,7 +11,7 @@ module.exports = function getUserProfile () {
  const loggedInUser = insecurity.authenticatedUsers.get(req.cookies.token)
  if (loggedInUser) {
  models.User.findById(loggedInUser.data.id).then(user => {
- const templateString = buf.toString()
+ let jadeTemplate = buf.toString()
  let username = user.dataValues.username
  if (username.match(/#\{(.*)\}/) !== null) {
  req.app.locals.abused_ssti_bug = true
@@ -21,7 +22,11 @@ module.exports = function getUserProfile () {
  username = '\\' + username
  }
  }
- const fn = jade.compile(templateString.replace('usrname', username))
+ jadeTemplate = jadeTemplate.replace(/_username_/g, username)
+ jadeTemplate = jadeTemplate.replace(/_hash_/g, insecurity.hash(user.dataValues.email))
+ jadeTemplate = jadeTemplate.replace(/_title_/g, config.get('application.name'))
+ jadeTemplate = jadeTemplate.replace(/_favicon_/g, favicon())
+ const fn = jade.compile(jadeTemplate)
  res.send(fn(user.dataValues))
  }).catch(error => {
  next(error)
@@ -31,4 +36,10 @@ module.exports = function getUserProfile () {
  }
  })
  }
+
+ function favicon () {
+ let icon = config.get('application.favicon')
+ icon = decodeURIComponent(icon.substring(icon.lastIndexOf('/') + 1))
+ return icon
+ }
 }
diff --git a/views/userProfile.jade b/views/userProfile.jade
@@ -1,17 +1,18 @@
 doctype html
 html(lang='en')
  head
- title OWASP Juice Shop
+ title _title_
  meta(charset='utf-8')
  meta(name='viewport', content='width=device-width, initial-scale=1')
+ link(rel='icon', type='image/x-icon', href='/assets/public/_favicon_')
  link(rel='stylesheet', href='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css')
  script(src='https://ajax.googleapis.com/ajax/libs/jquery/3.3.1/jquery.min.js')
  script(src='https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js')
  body(style='background: black;color:#9d9d9d;')
  nav.navbar.navbar-inverse(style='background: #263238;border-radius:0px;')
  .container-fluid
  .navbar-header
- a.navbar-brand(href='/') OWASP Juice Shop
+ a.navbar-brand(href='/') _title_
  ul.nav.navbar-nav
  li
  a(href='/#/')
@@ -20,30 +21,32 @@ html(lang='en')
  .container
  h3 User Profile 
  .row(style='margin-top:10%;')
- .col-sm-4
+ .col-sm-5
  img.img-rounded(src='assets/public/images/uploads/'+profileImage, alt='Cinque Terre', width='304', height='236')
- p(style='padding-left:36%;margin-top:8%;') usrname
+ p(style='padding-left:25%;margin-top:8%;') _username_
  form(action='/profile/image/file' , style='margin-top:10%;',method='post',enctype='multipart/form-data')
  .form-group
  input(type='file', accept='image/*',name='file')
- button.btn.btn-default(type='submit') Submit
+ button.btn.btn-default(type='submit') Upload Picture
 
- p(style='margin-top:10%;') ------------------------- Or -------------------------
+ p(style='margin-top:5%;') ------------ or ------------
 
- form(action='/profile/image/url' , style='margin-top:10%;',method='post')
+ form(action='/profile/image/url' , style='margin-top:5%;',method='post')
  .form-group
- label(for='url') Image Url:
- input#url.form-control(type='text',name='imageUrl')
- button(id='submitUrl').btn.btn-default(type='submit') Submit
+ label(for='url') Gravatar Url:
+ input#url.form-control(type='text',name='imageUrl',placeholder='e.g. https://www.gravatar.com/avatar/_hash_')
+ button(id='submitUrl').btn.btn-default(type='submit') Link Gravatar
 
+ p(style='margin-bottom:10%;')
 
- .col-sm-8
+
+ .col-sm-7
  form(action='/profile',method='post')
  .form-group
  label(for='username') Username:
  input#username.form-control(type='text',name='username',placeholder='Enter Username',value='#{username}')
  .form-group
  label(for='email') Email:
- input#email.form-control(type='email',name='email',placeholder='Enter email',value='#{email}',readonly=true)
- button(id='submit').btn.btn-default(type='submit') Submit
+ input#email.form-control(type='email',name='email',value='#{email}',readonly=true)
+ button(id='submit').btn.btn-default(type='submit') Set Username