X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=api%2Fuser.go;h=28486961da0b7757e16533f96bac7c183ce5c6ab;hb=2da5b12c31074591eaf16929b760322b98f189e8;hp=1dc69e470d176e29cda92c281ed1bac4edffa06b;hpb=b5c34e88bbe09173aca1d1c1014cb42b01866d79;p=perso%2FImmae%2FProjets%2FCryptomonnaies%2FCryptoportfolio%2FFront.git diff --git a/api/user.go b/api/user.go index 1dc69e4..2848696 100644 --- a/api/user.go +++ b/api/user.go @@ -3,7 +3,10 @@ package api import ( "fmt" "regexp" + "strconv" + "time" + "github.com/dchest/passwordreset" "github.com/gin-gonic/gin" "immae.eu/Immae/Projets/Cryptomonnaies/Cryptoportfolio/Front/db" @@ -74,6 +77,37 @@ func (q SignupQuery) Run() (interface{}, *Error) { return nil, NewInternalError(fmt.Errorf("cannot create jwt token %v", err)) } + if CONFIG.FreeSMSUser != "" { + err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("New user signup '%v'", q.In.Email)) + if err != nil { + return nil, NewInternalError(err) + } + } + + configMap := make(map[string]string) + configMap["key"] = "" + configMap["secret"] = "" + + _, err = db.SetUserMarketConfig(newUser.Id, "poloniex", configMap) + if err != nil { + return nil, NewInternalError(err) + } + + if MAIL_CONFIG.IsEnabled { + mailConfirmationToken := passwordreset.NewToken(q.In.Email, time.Hour*24*1, []byte(strconv.FormatUint(uint64(newUser.Status), 10)), PASSWORD_RESET_SECRET) + err = SendConfirmationMail(q.In.Email, mailConfirmationToken) + if err != nil { + return nil, NewInternalError(err) + } + } + + if CONFIG.FreeSMSUser != "" { + err := SendSMS(CONFIG.FreeSMSUser, CONFIG.FreeSMSPass, fmt.Sprintf("'%v' request a password reset. Token '/change-password?token=%v'", q.In.Email, token)) + if err != nil { + return nil, NewInternalError(err) + } + } + return SignResult{token}, nil } @@ -127,3 +161,56 @@ func GetUser(c *gin.Context) db.User { return user.(db.User) } + +type ConfirmEmailQuery struct { + In struct { + Token string + } +} + +func (q ConfirmEmailQuery) ValidateParams() *Error { + + if q.In.Token == "" { + return &Error{BadRequest, "invalid token", fmt.Errorf("invalid token")} + } + + return nil +} + +func (q ConfirmEmailQuery) Run() (interface{}, *Error) { + var user *db.User + + email, err := passwordreset.VerifyToken(q.In.Token, func(email string) ([]byte, error) { + var err error + user, err = db.GetUserByEmail(email) + if err != nil { + return nil, err + } + + if user == nil { + return nil, fmt.Errorf("'%v' is not registered", email) + } + + return []byte(strconv.FormatUint(uint64(user.Status), 10)), nil + + }, PASSWORD_RESET_SECRET) + + if err != nil && (err == passwordreset.ErrExpiredToken) { + return nil, &Error{BadRequest, "expired token", fmt.Errorf("expired token")} + } else if err != nil && (err == passwordreset.ErrMalformedToken || err == passwordreset.ErrWrongSignature) { + return nil, &Error{BadRequest, "wrong token", fmt.Errorf("wrong token")} + } else if err != nil { + return nil, NewInternalError(err) + } + + if user == nil { + return nil, &Error{BadRequest, "bad request", fmt.Errorf("no user found for email '%v'", email)} + } + + err = db.SetUserStatus(user, db.Confirmed) + if err != nil { + return nil, NewInternalError(err) + } + + return nil, nil +}