Merge pull request #1053 from waiterZen/SERVER-1445-2

[core] improve countly user password change experience

Author: ar2rsawseen

api/parts/mgmt/mail.js

@@ -98,16 +98,27 @@ mail.sendLocalizedMessage = function(lang, to, subject, message, callback) {
     });
 };
 
+/**
+ * encode string to escape html code
+ * @param {string} s inputed string
+ * @return {string} newString new string escaped html code
+ */
+mail.escapedHTMLString = function(s) {
+    const newString = s.replace(/&/g, '&amp;').replace(/</g, '&lt;').replace(/>/g, '&gt;').replace(/"/g, '&quot;');
+    return newString;
+};
+
 /**
 * Email to send to new members
 * @param {object} member - member document
 * @param {string} memberPassword - OTP for member to authorize
 **/
 mail.sendToNewMember = function(member, memberPassword) {
     member.lang = member.lang || "en";
+    const password = mail.escapedHTMLString(memberPassword);
     mail.lookup(function(err, host) {
         localize.getProperties(member.lang, function(err2, properties) {
-            var message = localize.format(properties["mail.new-member"], mail.getUserFirstName(member), host, member.username, memberPassword);
+            var message = localize.format(properties["mail.new-member"], mail.getUserFirstName(member), host, member.username, password);
             mail.sendMessage(member.email, properties["mail.new-member-subject"], message);
         });
     });
@@ -120,9 +131,10 @@ mail.sendToNewMember = function(member, memberPassword) {
 **/
 mail.sendToUpdatedMember = function(member, memberPassword) {
     member.lang = member.lang || "en";
+    const password = mail.escapedHTMLString(memberPassword);
     mail.lookup(function(err, host) {
         localize.getProperties(member.lang, function(err2, properties) {
-            var message = localize.format(properties["mail.password-change"], mail.getUserFirstName(member), host, member.username, memberPassword);
+            var message = localize.format(properties["mail.password-change"], mail.getUserFirstName(member), host, member.username, password);
             mail.sendMessage(member.email, properties["mail.password-change-subject"], message);
         });
     });

api/parts/mgmt/users.js

@@ -259,7 +259,6 @@ usersApi.createUser = function(params) {
 
                 member[0].api_key = common.md5Hash(member[0]._id + (new Date().getTime()));
                 common.db.collection('members').update({ '_id': member[0]._id }, { $set: { api_key: member[0].api_key } }, function() { });
-
                 mail.sendToNewMember(member[0], passwordNoHash);
                 plugins.dispatch("/i/users/create", {
                     params: params,

extend/aws_ses.example.js

@@ -47,20 +47,24 @@ module.exports = function(mail) {
     };
 
     mail.sendToNewMember = function(member, memberPassword) {
+        const password = mail.escapedHTMLString(memberPassword);
+
         mail.lookup(function(err, host) {
             mail.sendMessage(member.email, "Your " + company + " Account",
                 "Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
                 "Your " + company + " account on <a href='" + host + "'>" + host + "</a> is created with the following details;<br/><br/>\n" +
-                "Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
+                "Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
                 "Enjoy,<br/>A fellow " + company + " Admin");
         });
     };
 
     mail.sendToUpdatedMember = function(member, memberPassword) {
+        const password = mail.escapedHTMLString(memberPassword);
+
         mail.lookup(function(err, host) {
             mail.sendMessage(member.email, "" + company + " Account - Password Change", "Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
             "Your password for your " + company + " account on <a href='" + host + "'>" + host + "</a> has been changed. Below you can find your updated account details;<br/><br/>\n" +
-            "Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
+            "Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
             "Best,<br/>A fellow " + company + " Admin");
         });
     };

extend/mail.example.js

@@ -42,20 +42,24 @@ module.exports = function(mail) {
     };
 
     mail.sendToNewMember = function(member, memberPassword) {
+        const password = mail.escapedHTMLString(memberPassword);
+
         mail.lookup(function(err, host) {
             mail.sendMessage(member.email, "Your " + company + " Account",
                 "Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
                 "Your " + company + " account on <a href='" + host + "'>" + host + "</a> is created with the following details;<br/><br/>\n" +
-                "Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
+                "Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
                 "Enjoy,<br/>A fellow " + company + " Admin");
         });
     };
 
     mail.sendToUpdatedMember = function(member, memberPassword) {
+        const password = mail.escapedHTMLString(memberPassword);
+
         mail.lookup(function(err, host) {
             mail.sendMessage(member.email, "" + company + " Account - Password Change", "Hi " + mail.getUserFirstName(member) + ",<br/><br/>\n" +
             "Your password for your " + company + " account on <a href='" + host + "'>" + host + "</a> has been changed. Below you can find your updated account details;<br/><br/>\n" +
-            "Username: " + member.username + "<br/>Password: " + memberPassword + "<br/><br/>\n" +
+            "Username: " + member.username + "<br/>Password: " + password + "<br/><br/>\n" +
             "Best,<br/>A fellow " + company + " Admin");
         });
     };

frontend/express/public/javascripts/countly/countly.views.js

@@ -3541,6 +3541,9 @@ window.ManageUsersView = countlyView.extend({
             $("#listof-apps").hide();
             $(".row").removeClass("selected");
         });
+        $(".manage-users-table .detail .password-text").off("focus").on("focus", function() {
+            $(this).select();
+        });
     },
     renderCommon: function() {
         var url = countlyCommon.API_PARTS.users.r + '/all';
@@ -3945,6 +3948,9 @@ window.ManageUsersView = countlyView.extend({
 
         $(".change-password").off("click").on('click', function() {
             $(this).parents(".row").next().toggle();
+            $(".manage-users-table .detail .password-text").off("focus").on("focus", function() {
+                $(this).select();
+            });
         });
 
         $('body').off('change', '.pp-uploader').on('change', '.pp-uploader', function() {