Stateless Email Verification

config/email.go

@@ -13,3 +13,5 @@ const (
 	// EmailTimeout  = 80 * time.Millisecond
 	EmailTimeout = 10 * time.Second
 )
+
+var EmailTokenHashKey = []byte("CHANGE_THIS_BEFORE_DEPLOYING_YOU_RETARD")

router/userHandler.go

@@ -3,6 +3,7 @@ package router
 import (
 	"net/http"
 
+	"github.com/ewhal/nyaa/model"
 	"github.com/ewhal/nyaa/service/captcha"
 	"github.com/ewhal/nyaa/service/user"
 	"github.com/ewhal/nyaa/service/user/form"
@@ -180,7 +181,10 @@ func UserRegisterPostHandler(w http.ResponseWriter, r *http.Request) {
 				}
 				if (len(err) == 0) {
 					languages.SetTranslationFromRequest(viewRegisterSuccessTemplate, r, "en-us")
-					htv := UserRegisterTemplateVariables{b, err, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)}
+					u := model.User{
+						Email: r.PostFormValue("email"), // indicate whether user had email set
+					}
+					htv := UserRegisterTemplateVariables{b, err, NewSearchForm(), Navigation{}, &u, r.URL, mux.CurrentRoute(r)}
 					errorTmpl := viewRegisterSuccessTemplate.ExecuteTemplate(w, "index.html", htv)
 					if errorTmpl != nil {
 						http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)

service/user/verification.go

@@ -2,51 +2,48 @@ package userService
 
 import (
 	"errors"
+	"fmt"
 	"net/http"
-//	"time"
+	"strconv"
+	"time"
 
 	"github.com/ewhal/nyaa/config"
 	"github.com/ewhal/nyaa/db"
 	"github.com/ewhal/nyaa/model"
-//	"github.com/ewhal/nyaa/util/crypto"
 	"github.com/ewhal/nyaa/util/email"
-//	"github.com/ewhal/nyaa/util/log"
-//	"github.com/ewhal/nyaa/util/timeHelper"
-
+	"github.com/ewhal/nyaa/util/timeHelper"
+	"github.com/gorilla/securecookie"
 	"github.com/nicksnyder/go-i18n/i18n"
 )
 
+var verificationHandler = securecookie.New(config.EmailTokenHashKey, nil)
+
 // SendEmailVerfication sends an email verification token via email.
-func SendEmailVerfication(to string, token string, locale string) error {
+func SendEmailVerification(to string, token string, locale string) error {
 	T, _ := i18n.Tfunc(locale)
-	err := email.SendEmailFromAdmin(to,
-		T("verify_email_title"),
-		T("link")+" : "+config.WebAddress+"/verify/email/"+token,
-		T("verify_email_content")+"<br/><a href=\""+config.WebAddress+"/verify/email/"+token+"\" target=\"_blank\">"+config.WebAddress+"/verify/email/"+token+"</a>")
-	return err
+	content := T("link")+" : https://"+config.WebAddress+"/verify/email/"+token
+	content_html := T("verify_email_content")+"<br/>"+"<a href=\"https://"+config.WebAddress+"/verify/email/"+token+"\" target=\"_blank\">"+config.WebAddress+"/verify/email/"+token+"</a>"
+	return email.SendEmailFromAdmin(to, T("verify_email_title"), content, content_html)
+	return nil
 }
 
 // SendVerificationToUser sends an email verification token to user.
 func SendVerificationToUser(user model.User) (int, error) {
-	/*var status int
-	var err error
-	user.ActivateUntil = timeHelper.TwentyFourHoursLater()
-	user.ActivationToken, err = crypto.GenerateRandomToken32()
+	validUntil := timeHelper.TwentyFourHoursLater() // TODO: longer duration?
+	value := map[string]string{
+		"t": strconv.FormatInt(validUntil.Unix(), 10), 
+		"u": strconv.FormatUint(uint64(user.Id), 10),
+		"e": user.Email,
+	}
+	encoded, err := verificationHandler.Encode("", value)
 	if err != nil {
 		return http.StatusInternalServerError, err
 	}
-	user.Activation = false
-	log.Debugf("generated token : %s", user.ActivationToken)
-	status, err = UpdateUserCore(&user)
-	if err != nil {
-		return status, err
-	}
-	err = SendEmailVerfication(user.Email, user.ActivationToken, "en-us")
+	err = SendEmailVerification(user.Email, encoded, "en-us")
 	if err != nil {
 		return http.StatusInternalServerError, err
 	}
-	return http.StatusOK, err*/
-	return 0, errors.New("NotImpl")
+	return http.StatusOK, nil
 }
 
 // SendVerification sends an email verification token.
@@ -63,28 +60,22 @@ func SendVerification(r *http.Request) (int, error) {
 	return status, err
 }
 
-// EmailVerification verifies an email of user.
-func EmailVerification(token string,w http.ResponseWriter) (int, error) {
-	/*var user model.User
-	log.Debugf("verifyEmailForm.ActivationToken : %s", token)
-	if db.ORM.Where(&model.User{ActivationToken: token}).First(&user).RecordNotFound() {
+// EmailVerification verifies the token used for email verification
+func EmailVerification(token string, w http.ResponseWriter) (int, error) {
+	value := make(map[string]string)
+	err := verificationHandler.Decode("", token, &value)
+	if err != nil {
+		fmt.Printf("%+v\n", err)
+		return http.StatusForbidden, errors.New("Token is not valid.")
+	}
+	time_int, _ := strconv.ParseInt(value["t"], 10, 0)
+	if timeHelper.IsExpired(time.Unix(time_int, 0)) {
+		return http.StatusForbidden, errors.New("Token has expired.")
+	}
+	var user model.User
+	if db.ORM.Where("user_id = ?", value["u"]).First(&user).RecordNotFound() {
 		return http.StatusNotFound, errors.New("User is not found.")
 	}
-	isExpired := timeHelper.IsExpired(user.ActivateUntil)
-	log.Debugf("passwordResetUntil : %s", user.ActivateUntil.UTC())
-	log.Debugf("expired : %t", isExpired)
-	if isExpired {
-		return http.StatusForbidden, errors.New("token not valid.")
-	}
-	user.ActivationToken = ""
-	user.ActivateUntil = time.Now()
-	user.ActivatedAt = time.Now()
-	user.Activation = true
-	status, err := UpdateUserCore(&user)
-	if err != nil {
-		return status, err
-	}
-	status, err = SetCookie(w, user.Token)
-	return status, err*/
-	return 0, errors.New("NotImpl")
+	user.Email = value["e"]
+	return UpdateUserCore(&user)
 }