Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0

Stateless Email Verification

Cette révision appartient à :
sfan5 2017-05-10 00:04:07 +02:00
Parent 4bd79520a9
révision 60ecfb797a
3 fichiers modifiés avec 44 ajouts et 47 suppressions

Voir le fichier

@ -13,3 +13,5 @@ const (
// EmailTimeout = 80 * time.Millisecond // EmailTimeout = 80 * time.Millisecond
EmailTimeout = 10 * time.Second EmailTimeout = 10 * time.Second
) )
var EmailTokenHashKey = []byte("CHANGE_THIS_BEFORE_DEPLOYING_YOU_RETARD")

Voir le fichier

@ -3,6 +3,7 @@ package router
import ( import (
"net/http" "net/http"
"github.com/ewhal/nyaa/model"
"github.com/ewhal/nyaa/service/captcha" "github.com/ewhal/nyaa/service/captcha"
"github.com/ewhal/nyaa/service/user" "github.com/ewhal/nyaa/service/user"
"github.com/ewhal/nyaa/service/user/form" "github.com/ewhal/nyaa/service/user/form"
@ -180,7 +181,10 @@ func UserRegisterPostHandler(w http.ResponseWriter, r *http.Request) {
} }
if (len(err) == 0) { if (len(err) == 0) {
languages.SetTranslationFromRequest(viewRegisterSuccessTemplate, r, "en-us") languages.SetTranslationFromRequest(viewRegisterSuccessTemplate, r, "en-us")
htv := UserRegisterTemplateVariables{b, err, NewSearchForm(), Navigation{}, GetUser(r), r.URL, mux.CurrentRoute(r)} u := model.User{
Email: r.PostFormValue("email"), // indicate whether user had email set
}
htv := UserRegisterTemplateVariables{b, err, NewSearchForm(), Navigation{}, &u, r.URL, mux.CurrentRoute(r)}
errorTmpl := viewRegisterSuccessTemplate.ExecuteTemplate(w, "index.html", htv) errorTmpl := viewRegisterSuccessTemplate.ExecuteTemplate(w, "index.html", htv)
if errorTmpl != nil { if errorTmpl != nil {
http.Error(w, errorTmpl.Error(), http.StatusInternalServerError) http.Error(w, errorTmpl.Error(), http.StatusInternalServerError)

Voir le fichier

@ -2,51 +2,48 @@ package userService
import ( import (
"errors" "errors"
"fmt"
"net/http" "net/http"
// "time" "strconv"
"time"
"github.com/ewhal/nyaa/config" "github.com/ewhal/nyaa/config"
"github.com/ewhal/nyaa/db" "github.com/ewhal/nyaa/db"
"github.com/ewhal/nyaa/model" "github.com/ewhal/nyaa/model"
// "github.com/ewhal/nyaa/util/crypto"
"github.com/ewhal/nyaa/util/email" "github.com/ewhal/nyaa/util/email"
// "github.com/ewhal/nyaa/util/log" "github.com/ewhal/nyaa/util/timeHelper"
// "github.com/ewhal/nyaa/util/timeHelper" "github.com/gorilla/securecookie"
"github.com/nicksnyder/go-i18n/i18n" "github.com/nicksnyder/go-i18n/i18n"
) )
var verificationHandler = securecookie.New(config.EmailTokenHashKey, nil)
// SendEmailVerfication sends an email verification token via email. // SendEmailVerfication sends an email verification token via email.
func SendEmailVerfication(to string, token string, locale string) error { func SendEmailVerification(to string, token string, locale string) error {
T, _ := i18n.Tfunc(locale) T, _ := i18n.Tfunc(locale)
err := email.SendEmailFromAdmin(to, content := T("link")+" : https://"+config.WebAddress+"/verify/email/"+token
T("verify_email_title"), content_html := T("verify_email_content")+"<br/>"+"<a href=\"https://"+config.WebAddress+"/verify/email/"+token+"\" target=\"_blank\">"+config.WebAddress+"/verify/email/"+token+"</a>"
T("link")+" : "+config.WebAddress+"/verify/email/"+token, return email.SendEmailFromAdmin(to, T("verify_email_title"), content, content_html)
T("verify_email_content")+"<br/><a href=\""+config.WebAddress+"/verify/email/"+token+"\" target=\"_blank\">"+config.WebAddress+"/verify/email/"+token+"</a>") return nil
return err
} }
// SendVerificationToUser sends an email verification token to user. // SendVerificationToUser sends an email verification token to user.
func SendVerificationToUser(user model.User) (int, error) { func SendVerificationToUser(user model.User) (int, error) {
/*var status int validUntil := timeHelper.TwentyFourHoursLater() // TODO: longer duration?
var err error value := map[string]string{
user.ActivateUntil = timeHelper.TwentyFourHoursLater() "t": strconv.FormatInt(validUntil.Unix(), 10),
user.ActivationToken, err = crypto.GenerateRandomToken32() "u": strconv.FormatUint(uint64(user.Id), 10),
"e": user.Email,
}
encoded, err := verificationHandler.Encode("", value)
if err != nil { if err != nil {
return http.StatusInternalServerError, err return http.StatusInternalServerError, err
} }
user.Activation = false err = SendEmailVerification(user.Email, encoded, "en-us")
log.Debugf("generated token : %s", user.ActivationToken)
status, err = UpdateUserCore(&user)
if err != nil {
return status, err
}
err = SendEmailVerfication(user.Email, user.ActivationToken, "en-us")
if err != nil { if err != nil {
return http.StatusInternalServerError, err return http.StatusInternalServerError, err
} }
return http.StatusOK, err*/ return http.StatusOK, nil
return 0, errors.New("NotImpl")
} }
// SendVerification sends an email verification token. // SendVerification sends an email verification token.
@ -63,28 +60,22 @@ func SendVerification(r *http.Request) (int, error) {
return status, err return status, err
} }
// EmailVerification verifies an email of user. // EmailVerification verifies the token used for email verification
func EmailVerification(token string,w http.ResponseWriter) (int, error) { func EmailVerification(token string, w http.ResponseWriter) (int, error) {
/*var user model.User value := make(map[string]string)
log.Debugf("verifyEmailForm.ActivationToken : %s", token) err := verificationHandler.Decode("", token, &value)
if db.ORM.Where(&model.User{ActivationToken: token}).First(&user).RecordNotFound() { if err != nil {
fmt.Printf("%+v\n", err)
return http.StatusForbidden, errors.New("Token is not valid.")
}
time_int, _ := strconv.ParseInt(value["t"], 10, 0)
if timeHelper.IsExpired(time.Unix(time_int, 0)) {
return http.StatusForbidden, errors.New("Token has expired.")
}
var user model.User
if db.ORM.Where("user_id = ?", value["u"]).First(&user).RecordNotFound() {
return http.StatusNotFound, errors.New("User is not found.") return http.StatusNotFound, errors.New("User is not found.")
} }
isExpired := timeHelper.IsExpired(user.ActivateUntil) user.Email = value["e"]
log.Debugf("passwordResetUntil : %s", user.ActivateUntil.UTC()) return UpdateUserCore(&user)
log.Debugf("expired : %t", isExpired)
if isExpired {
return http.StatusForbidden, errors.New("token not valid.")
}
user.ActivationToken = ""
user.ActivateUntil = time.Now()
user.ActivatedAt = time.Now()
user.Activation = true
status, err := UpdateUserCore(&user)
if err != nil {
return status, err
}
status, err = SetCookie(w, user.Token)
return status, err*/
return 0, errors.New("NotImpl")
} }