Albirew/nyaa-pantsu
Archivé
1
0
Bifurcation 0

Make email verification work correctly

Previously the email was set before it had been verified, which was very wrong.
Cette révision appartient à :
sfan5 2017-05-10 21:16:30 +02:00
Parent a857c1abe3
révision d178ab23b6
3 fichiers modifiés avec 11 ajouts et 29 suppressions

Voir le fichier

@ -85,7 +85,6 @@ func ClearCookie(w http.ResponseWriter) (int, error) {
// SetCookieHandler sets a cookie with email and password.
func SetCookieHandler(w http.ResponseWriter, email string, pass string) (int, error) {
if email != "" && pass != "" {
log.Debugf("User email : %s , password : %s", email, pass)
var user model.User
isValidEmail, _ := formStruct.EmailValidation(email, formStruct.NewErrors())
if isValidEmail {
@ -115,14 +114,9 @@ func SetCookieHandler(w http.ResponseWriter, email string, pass string) (int, er
// RegisterHanderFromForm sets cookie from a RegistrationForm.
func RegisterHanderFromForm(w http.ResponseWriter, registrationForm formStruct.RegistrationForm) (int, error) {
email := registrationForm.Email
if email == "" {
email = registrationForm.Username
}
username := registrationForm.Username // email isn't set at this point
pass := registrationForm.Password
log.Debugf("RegisterHandler UserEmail : %s", email)
log.Debugf("RegisterHandler UserPassword : %s", pass)
return SetCookieHandler(w, email, pass)
return SetCookieHandler(w, username, pass)
}
// RegisterHandler sets a cookie when user registered.

Voir le fichier

@ -62,6 +62,7 @@ func CreateUserFromForm(registrationForm formStruct.RegistrationForm) (model.Use
if user.Email == "" {
user.MD5 = ""
} else {
// Despite the email not being verified yet we calculate this for convenience reasons
var err error
user.MD5, err = crypto.GenerateMD5Hash(user.Email)
if err != nil {
@ -72,6 +73,7 @@ func CreateUserFromForm(registrationForm formStruct.RegistrationForm) (model.Use
if err != nil {
return user, errors.New("token not generated")
}
user.Email = "" // unset email because it will be verified later
user.Token = token
user.TokenExpiration = timeHelper.FewDaysLater(config.AuthTokenExpirationDay)
@ -108,7 +110,7 @@ func CreateUser(w http.ResponseWriter, r *http.Request) (int, error) {
if err != nil {
return http.StatusInternalServerError, err
}
SendVerificationToUser(user)
SendVerificationToUser(user, registrationForm.Email)
status, err = RegisterHandler(w, r)
return status, err
}

Voir le fichier

@ -10,8 +10,7 @@ import (
"github.com/ewhal/nyaa/config"
"github.com/ewhal/nyaa/db"
"github.com/ewhal/nyaa/model"
// "github.com/ewhal/nyaa/util/crypto"
"github.com/ewhal/nyaa/util/email"
//"github.com/ewhal/nyaa/util/email"
"github.com/ewhal/nyaa/util/timeHelper"
"github.com/gorilla/securecookie"
"github.com/nicksnyder/go-i18n/i18n"
@ -27,43 +26,30 @@ func SendEmailVerification(to string, token string, locale string) error {
}
content := T("link") + " : https://" + config.WebAddress + "/verify/email/" + token
content_html := T("verify_email_content") + "<br/>" + "<a href=\"https://" + config.WebAddress + "/verify/email/" + token + "\" target=\"_blank\">" + config.WebAddress + "/verify/email/" + token + "</a>"
return email.SendEmailFromAdmin(to, T("verify_email_title"), content, content_html)
//return email.SendEmailFromAdmin(to, T("verify_email_title"), content, content_html)
fmt.Printf("sending email to %s\n----\n%s\n%s\n----\n", to, content, content_html)
return nil
}
// SendVerificationToUser sends an email verification token to user.
func SendVerificationToUser(user model.User) (int, error) {
func SendVerificationToUser(user model.User, newEmail string) (int, error) {
validUntil := timeHelper.TwentyFourHoursLater() // TODO: longer duration?
value := map[string]string{
"t": strconv.FormatInt(validUntil.Unix(), 10),
"u": strconv.FormatUint(uint64(user.ID), 10),
"e": user.Email,
"e": newEmail,
}
encoded, err := verificationHandler.Encode("", value)
if err != nil {
return http.StatusInternalServerError, err
}
err = SendEmailVerification(user.Email, encoded, "en-us")
err = SendEmailVerification(newEmail, encoded, "en-us")
if err != nil {
return http.StatusInternalServerError, err
}
return http.StatusOK, nil
}
// SendVerification sends an email verification token.
func SendVerification(r *http.Request) (int, error) {
var user model.User
currentUser, err := CurrentUser(r)
if err != nil {
return http.StatusUnauthorized, errors.New("unauthorized")
}
if db.ORM.First(&user, currentUser.ID).RecordNotFound() {
return http.StatusNotFound, errors.New("user not found")
}
status, err := SendVerificationToUser(user)
return status, err
}
// EmailVerification verifies the token used for email verification
func EmailVerification(token string, w http.ResponseWriter) (int, error) {
value := make(map[string]string)